Wardary

Redaction & DLP

Sensitive data, stopped before it leaves your boundary

The detector is the product. Wardary scans every prompt and file, redacts or blocks what's sensitive, and does it reversibly — so your team barely notices and your data never escapes.

See it in action

Detection

What Wardary looks for

Node-native pattern detectors run on every prompt and uploaded file, behind a common interface so new detectors slot in cleanly.

  • Social Security numbers (with Luhn-style validation)
  • Credit & debit card numbers
  • Email addresses
  • Phone numbers
  • API keys & secrets
  • Custom regex patterns you define

Name and address recognition via a machine-learning detector is on the roadmap behind the same interface; low-confidence, high-risk entities fail safe today.

Live example

Please review the contract for [NAME_1] — their account [CARD_1] and SSN [SSN_1] are referenced in section 4. Send a copy to [EMAIL_1].

4 spans tokenized · provider receives placeholders only · restored in your view on reply

Per-rule actions

Redact, block, or flag — your call, rule by rule

Each policy rule carries its own action and its own raw-retention setting, so different kinds of sensitive data are handled appropriately.

Redact

Replace the matched span with a placeholder token. The value never leaves; it's restored only in your view.

Block

Stop the prompt from being sent at all. The user gets an inline explanation and can edit and resend.

Flag

Allow the prompt but record the match for the audit trail and later policy review.

Tokenize & restore

Reversible by design, leak-safe by construction

Matched spans become stable placeholder tokens before the outbound call. When the model replies, tokens are restored to real values in your view — so the conversation reads naturally while the provider only ever saw tokens.

  • Placeholders are high-entropy per-request nonces
  • The token↔value map is in-memory and request-scoped
  • Under a no-retain rule, the real value is never persisted anywhere
  • Restore refuses unknown tokens — a hallucinated placeholder can never inject a real value

Most-restrictive-wins

When spans of different retention rules overlap, the most restrictive one wins — a pure, exhaustively-tested merge decides exactly which bytes are ever stored.

Fail closed

A high-risk span below the confidence threshold is auto-redacted, never sent. We accept occasional over-redaction over any chance of a leak.

Files too

Uploads run through the same pipeline

  1. Parse

    Read the file

    PDF, DOCX, TXT, and CSV uploads are parsed to text the detectors can read.

  2. Scan

    Detect & redact

    The extracted contents flow through the exact same detection and redaction step as a typed prompt.

  3. Send

    Egress safely

    Only the redacted contents are sent; raw files stay encrypted and tenant-scoped in object storage.

Held to a measurable bar

A detector is only as good as its recall. Wardary is built against a golden evaluation corpus with explicit precision and recall targets (we're aiming for ≥99% recall on a fixed corpus) — because for a regulated buyer, “probably caught it” isn't an acceptance criterion. Perfect recall is impossible, so we fail safe and tell you so.