Wardary

The product

One governed surface between your team and every AI model

Wardary wraps cloud AI in the controls a regulated team needs: protect the data, govern the models, record every prompt — without slowing your people down.

Request a demo Security model

The life of a prompt

What happens between “send” and the model

Four controls run on every message — inbound and outbound — so nothing sensitive slips through.

Secure sessionActive
Anthropic · Claude
You2 redacted

Draft a demand letter for our client [NAME_1] regarding matter [MATTER_2]. Their SSN [SSN_1] is on file.

Sent via encrypted tunnel · sensitive spans never left your boundary

Wardary

I've drafted the demand letter for your client. Real names and identifiers were restored only here in your view — the provider saw placeholders.

Response verified against org context
Message Wardary… (data protection is on)
  1. 01

    Inspect & detect

    The prompt and any attachments are scanned for sensitive entities — SSNs, cards, keys, emails, phones, and custom patterns.

  2. 02

    Redact or block

    Matched spans become high-entropy placeholder tokens; rules can block the prompt entirely. The provider never sees raw values.

  3. 03

    Govern & route

    The allow-list and org context are applied server-side, and the resolved model is recorded — enforced, not merely suggested.

  4. 04

    Restore & record

    Tokens are restored to real values in your view; one immutable audit record captures exactly what happened.

Capabilities

Everything a regulated team needs in v1

Streaming governed chat

A fast, familiar chat experience with saved conversations and resume — token-by-token streaming so it feels as good as the tools your team already reaches for.

Inline redaction & blocking

Detectors scan each prompt for PII, secrets, and custom patterns. Matches are redacted to placeholder tokens, or the prompt is blocked outright — before egress.

File upload, scanned

Attach PDFs, DOCX, TXT, or CSV. Their contents flow through the same redaction pipeline before a single byte reaches a provider.

Model allow-list

Admins choose exactly which providers and models the org may use, and whether end users can pick. Disallowed models are rejected server-side.

Prepend org context

Apply standing instructions and guardrails to every outbound prompt as a system-level message — versioned, and referenced by each audit record.

Per-prompt audit & metering

One immutable record per prompt — requested vs. resolved model, redactions, tokens, and estimated cost — feeding usage reporting by user and model.

Tokenize & restore

Redaction your team barely notices

Most DLP makes the AI feel broken. Wardary uses reversible tokenization: sensitive spans are swapped for stable placeholders before the call, and restored to their real values when the reply comes back — so the conversation reads seamlessly while the provider only ever saw tokens.

  • Placeholders are high-entropy per-request nonces
  • The token↔value map lives in memory only and is never persisted under a no-retain rule
  • Restore refuses unknown tokens, so a hallucinated placeholder can never inject a real value

Why this matters

A resumed chat shows the masked placeholder for any span your policy says must never be stored — while the live session showed the real value. Persistence follows your retention rules, span by span, with most-restrictive-wins on overlaps.

Under the hood

Built so the guarantee is easy to hold

  1. Single egress seam

    One way out

    Every provider call goes through a single callProvider() seam, with a test asserting nothing else imports a provider SDK. Redaction always runs first.

  2. In-process pipeline

    No extra hops

    Redaction and audit stay in-process where the leak-free guarantee is easiest to enforce — not bolted on as a downstream service.

  3. DB-level immutability

    Append-only, for real

    Audit immutability is enforced at Postgres, not in middleware — so “append-only” survives an auditor’s scrutiny.

Server-enforced One record per prompt Fail closed on uncertainty

Roadmap

What ships now, and what's next

Available
  • Governed streaming chat + saved conversations
  • Inline redaction & blocking (prompts + files)
  • Model allow-list & prepend context
  • Per-prompt audit + usage metering
On the roadmap
  • Human redaction review & override queue
  • Contextual rule-based routing engine
  • Local / self-hosted model targets
  • Browser/endpoint guard for direct AI use

We sequence honestly and gate new surfaces on real customer pull.