anonym.life — Privacy Middleware for Transaction Systems
Zero Knowledge PII detection platform for enterprise transaction systems. 40+ regex recognizers for automatic personal data detection. Policy-based pseudonymization and selective disclosure. Customer-managed keys (BYOK), MPC threshold custody, checksum validation, and audit trail logging. Your keys, your data — we can't access it.
Platform Overview
anonym.life is a privacy middleware (intelligent proxy) between data providers (end users, patients, customers) and service providers (labs, delivery services, e-commerce, processors). It detects sensitive information in structured and unstructured payloads, transforms data according to configurable presets, vaults identity mappings with enterprise key management, distributes sanitized objects to downstream systems, and enables selective disclosure only when required — with strong authorization, short-lived grants, and immutable audit evidence.
Outcome: Downstream systems store and process less toxic PII, reducing breach impact and simplifying compliance and security operations — without breaking business workflows.
Why This Exists
Organizations routinely move direct identifiers (names, phones, addresses, IDs) through many systems and vendors. anonym.life reduces the exposure footprint by separating identity data from transaction data.
Large Breach Blast Radius
Too many databases and logs contain "toxic data". When every system has the same PII, one breach becomes total breach.
High Liability & Compliance Burden
Data subject access, deletion, retention, processor controls — every integration needs its own privacy and security hardening.
Operational Friction
Security reviews, audits, incident response, and remediation scale with exposure footprint. Every new vendor increases scope.
Hidden Costs
Integration complexity, vendor onboarding delays, scattered PII handling across apps — costs grow with every system that touches identity data.
How anonym.life Works
Five steps that separate identity from transactions. Policy-based pseudonymization between data providers and service providers.
- Detect — Identify candidate sensitive entities and classify them by category and risk level. PII detection in structured and unstructured content with confidence scores per recognizer and support for custom recognizers
- Transform — Apply transformations according to a chosen preset (policy package): redact, mask, generalize, tokenize, or encrypt-to-recipient
- Vault — Store "additional information" (mappings, identifiers, keys) in a strongly protected domain. Encrypted blobs, token mapping tables, policy receipts, and integrity hashes
- Distribute — Downstream service receives a sanitized object via API or gateway. Most workflows complete without raw identifiers
- Disclose — Controlled, time-limited re-identification when legally or operationally required. Every reveal requires strong authentication, purpose declaration, rate limiting, and immutable audit evidence
Core Features
Zero Knowledge Architecture
Your keys, your data — we can't access it. anonym.life never stores customer KEKs in plaintext. Per-tenant and per-preset key encryption keys with standardized rotation schedules.
Pattern-Based PII Detection
40+ regex recognizers for automatic personal data detection. Confidence scores per recognizer, support for custom recognizers, and industry tuning for healthcare, finance, and logistics.
Customer-Managed Keys (BYOK)
Envelope encryption with customer-controlled KMS/HSM. Each PII record encrypted with a DEK, wrapped by a KEK stored in customer-controlled infrastructure. Supports rotation, revocation, and separation of duties.
MPC Threshold Custody
No single party can independently decrypt or grant re-identification. Threshold cryptography with M-of-N shares distributed across independent trust domains. Typical configurations: 2-of-3 or 3-of-5.
Checksum Validation
Built-in validation for structured identifiers using Luhn algorithm (credit cards) and IBAN checksum verification. Reduces false positives through mathematical validation of detected entities.
Audit Trail Logging
Immutable audit log (append-only) with evidence exports. Every disclosure event records timestamp, requester identity, purpose declaration, attributes revealed, grant TTL, and integrity hash.
Enterprise-Grade Key Management
Your keys. Your control. Our enforcement. Multiple custody modes from enterprise baseline to high-assurance threshold operations.
Baseline: Envelope Encryption
Customer-Managed KMS/HSM
Per-tenant and per-preset KEKs. Per-object DEKs. Standardized key rotation schedules. Break-glass flows with strict approvals and post-event review. Maps to procurement expectations for regulated customers.
High-Assurance: Threshold/MPC
M-of-N Shares Across Trust Domains
Shares distributed across: (1) Customer domain (KMS/HSM or TEE), (2) anonym.life domain (HSM-backed, cannot act alone), (3) Independent trustee or compliance escrow. Strong protection against insider risk.
Selective Disclosure
Purpose-Bound, Time-Limited
Every reveal requires: strong authentication & authorization, purpose declaration and policy match, time-bounded grants (JIT), rate limiting and anomaly detection, immutable audit evidence.
Audit Anchoring
Optional Tamper-Evident Ledger
Hashes of preset versions, policy decisions, disclosure grants, and reveal receipts anchored to a permissioned ledger. No secrets on-chain — only hashes and timestamps for cross-organization trust.
Industry Presets
Pre-built presets for logistics, healthcare, e-commerce, and payments. Each preset defines detection thresholds, transformations, disclosure rules, retention schedules, and audit requirements.
Logistics & Delivery
Service provider receives: Order contents, delivery zone, drop-off token, relay contact channel.
Vault protects: Name, phone, exact address. Driver uses token + relay. Exact address revealed only if operationally required, time-limited, logged.
Healthcare & Diagnostics
Service provider receives: Sample token, test order metadata, analysis pipeline identifiers.
Vault protects: Patient identity, DOB, insurance identifiers, special category fields. Referring physician re-identifies for clinical purpose, fully audited.
E-Commerce
Service provider receives: Order details, delivery tokens, anonymized customer references.
Vault protects: Customer profiles, payment details, browsing history. Downstream analytics and vendors operate on sanitized objects only.
Payment Processing
Service provider receives: Amount, transaction token, merchant references.
Vault protects: Buyer identity and profile beyond what the processor needs. Strict tokenization boundaries and purpose-limited sharing.
Policy-Driven Transformation
A preset is a policy package that defines detection thresholds, transformations, disclosure rules, retention, and audit events. Each preset controls the complete lifecycle of PII within a transaction flow.
Preset Template
- Name, industry pack, jurisdiction, risk tier
- Entity taxonomy + transformation rules per type
- Confidence thresholds and fallbacks
- Allowed recipients and purposes
- Disclosure rules: who, what, max duration, approvals
- Retention and deletion schedule
- Audit events + evidence exports format
- Exception handling and manual review paths
Transformation Methods
- Redact — Complete removal of identified entities
- Mask — Partial obscuring with visible structure
- Generalize — Reduce precision (city instead of address)
- Tokenize — Replace with non-reversible tokens
- Encrypt-to-Recipient — Targeted encryption for authorized parties
Operational Guardrails
- "Deny by default" disclosure posture
- Fine-grained scopes: attribute-level and object-level
- Audit-first: immutable logs + evidence exports
- Backpressure on uncertainty: low-confidence triggers minimize/block
- Fail-safe behavior: mask/minimize rather than pass-through
Measurable Impact
Reduce breach impact. Simplify compliance. Keep workflows running.
Reduced Breach Impact
Fewer systems with direct identifiers. Attackers obtain less actionable identity data. Measurable reduction of plaintext identifiers across downstream systems.
Control Consolidation
Replaces scattered, inconsistent PII handling across apps and vendors. Fewer systems "in scope" for sensitive identifiers. Reduced integration complexity.
Compliance Acceleration
Presets encode minimization, retention, and disclosure policies. Evidence exports aid audits and DPIAs. Better purpose limitation and data minimization enforcement.
Faster Integration
Standardized presets shorten security reviews and integration cycles. Reduced vendor onboarding time. Workflows remain functional via tokens, relay channels, and JIT grants.
Simple, Transparent Pricing
Pay for what you protect. Scale as you grow.
Starter
€499/month
100,000 transactions per month
- 40+ regex recognizers
- Preset engine with policy DSL
- Vault with envelope encryption
- Customer KMS integration
- Immutable audit log
- API gateway + SDKs
Professional Recommended
€1,999/month
1,000,000 transactions per month
- All Starter features
- Key rotation & revocation workflows
- Break-glass + approvals
- Anomaly detection for disclosure abuse
- Multi-region reliability
- Priority support
Enterprise Custom
Contact Sales
Unlimited transactions
- All Professional features
- Threshold/MPC custody mode
- Optional ledger anchoring
- Industry-specific presets
- Dedicated support & SLA
- Compliance readiness program
anonym.life vs Alternatives
Unlike traditional tokenization vendors or encryption-only solutions, anonym.life provides policy-driven pseudonymization with enterprise key management, immutable audit evidence, and purpose-bound selective disclosure.
| Competitor | Their Focus | anonym.life Differentiation |
|---|---|---|
| VGS | Card data tokenization | Handles all PII types with policy-driven presets, not just payments |
| Skyflow | Data privacy vault | Middleware, not storage — integrates without architectural overhaul |
| Evervault | Encryption infrastructure | Pseudonymization + selective disclosure, not just encryption |
| Basis Theory | Developer tokenization | Enterprise governance with audit evidence and compliance tooling |
| Build In-House | Custom solutions | Battle-tested presets, faster time-to-compliance, ongoing evolution |
How anonym.life Differs from Our PII Detection Platforms
anonym.life is enterprise middleware — a privacy proxy that sits between data providers and service providers, separating identity from transaction data at the infrastructure level. It is fundamentally different from our user-facing PII detection and anonymization platforms.
Our other platforms (anonymize.solutions, anonym.legal, cloak.business, anonym.today, etc.) are tools for users who paste text, upload documents, or use browser extensions to detect and anonymize PII. anonym.life, by contrast, is infrastructure for organizations that need to control PII flow across their entire integration landscape — with vaulting, tokenization, policy presets, enterprise key management, and auditable selective disclosure.
Get Started with anonym.life
See anonym.life in action with your data. Request a demo to explore how policy-driven pseudonymization can reduce your organization's PII exposure footprint.
Related Platforms: anonymize.solutions — Enterprise PII detection & anonymization | anonym.legal — Zero-Knowledge PII anonymization with MCP Server
Need privacy middleware for your transaction systems?
Let's discuss how anonym.life can reduce breach impact, simplify compliance, and keep your workflows running.