Raw text arrives with names, IDs, phone numbers, or account references still intact.
"Draft apology for order delay. Customer: Demo Customer A, Phone: PHONE-EXAMPLE-001"
"Summarize patient discharge. Patient: Demo Patient B, ID: NID-EXAMPLE-002"
"Flag suspicious transfer. Account holder: Demo Account Holder C, IBAN: IBAN-EXAMPLE-003"
"Translate performance review. Employee: Demo Employee D, Badge: EMP-EXAMPLE-004"
"Optimize delivery route. Driver: Demo Driver E, Phone: PHONE-EXAMPLE-005"
Personal data is identified, moved into the vault, and replaced with typed placeholders the model can safely process.
"Draft apology for order delay. Customer: [[PERSON:01]], Phone: [[PHONE:01]]""Summarize patient discharge. Patient: [[PERSON:01]], ID: [[NATIONAL_ID:01]]""Flag suspicious transfer. Account holder: [[PERSON:01]], IBAN: [[IBAN:01]]""Translate performance review. Employee: [[PERSON:01]], Badge: [[EMPLOYEE_ID:01]]""Optimize delivery route. Driver: [[PERSON:01]], Phone: [[PHONE:01]]"Only the prepared payload reaches the selected model. Provider and residency choices stay bound to route policy.
Tokens are rehydrated from the vault and the user sees a natural response with the original context restored.
"Dear Demo Customer A, we sincerely apologize for the delay in your order...""Patient Demo Patient B is cleared for discharge with follow-up in 14 days...""Transaction by Demo Account Holder C flagged for analyst review...""Demo Employee D exceeded Q3 targets by 18%. Recommend promotion review...""Route optimized for Demo Driver E. Three stops consolidated, ETA reduced."Protect the browser and GenAI copy-paste channel without routing raw files, prompts, fingerprints, or tenant keys to DataSitr.
Teams can keep using ChatGPT, Claude, Gemini, Copilot, and other AI surfaces while Data Sitr Shield checks protected content locally on the employee device. The customer controls the fingerprint index; DataSitr receives metadata-only alerts and audit events.
Protected content is matched on-device against customer-generated fingerprints.
Reviewed enterprise pilots can enable per-origin and per-tier block policies when governance is ready.
Coverage is built around Saudi identifiers, Arabic use cases, employee notice, DPIA, and audit evidence.
| Provider / Network | Available Lanes | Flagship Selection |
|---|---|---|
| OpenAI |
Green Lane (Global)
|
Latest GPT family Reasoning Multimodal + live catalog |
| Anthropic |
Green Lane (Global)
|
Claude family Long-context Writing + live catalog |
|
Green Lane (Global)
|
Gemini family Multimodal Fast + live catalog | |
| STC SambaNova Configured in-Kingdom path |
Amber Lane (Pseudonymous)
Red Lane (Raw Data)
|
Amber Red Configured in-Kingdom path + integrated path |
| Groq Configured in-Kingdom path |
Amber Lane (Pseudonymous)
Red Lane (Raw Data)
|
Amber Red Low-latency + live catalog |
| HUMAIN Saudi-hosted path |
Amber Lane (Pseudonymous)
Red Lane (Raw Data)
|
Saudi-hosted Amber Red Configured endpoint |
Amber/red provider residency depends on operator-configured provider endpoints. DataSitr does not independently verify provider data residency.
Current test count is published in the trust report · Saudi-hosted privacy routing
177 controls traced to tests, evidence, or explicit external-attestation · Alibaba KMS startup bootstrap remains active on the live ACK workload
Live posture, dated proof limits, and benchmark snapshots are published on the trust, status, and benchmark pages.
Tokenized. Sent to global AI.
PII replaced with typed placeholders before external processing.
Pseudonymized. Routed to operator-configured in-Kingdom AI paths.
Linkable tokens stay on Saudi-hosted infrastructure.
Raw. Routed only to configured in-Kingdom paths or blocked.
Sensitive data is kept on Saudi-hosted infrastructure when the configured provider path is in-Kingdom.