Firm-wide Platform Zero Knowledge Privacy Middle-tier BYOK MPC Holding GDPR

Platform Overview

anonym.life is a privacy middle-tier (intelligent proxy) between data vendors (end users, patients, clients) and service vendors (labs, rollout services, e-commerce, processors). It detects touchy info in set and unstructured payloads, transforms data according to configurable presets, vaults ID mappings with firm-wide key control, distributes sanitized objects to downstream systems, and lets narrow release only when needed — with strong access rules, short-lived grants, and fixed audit proof.

Outcome: Downstream systems store and process less toxic PII, reducing breach impact and simplifying audit fit and safety ops — without breaking biz workflows.

390+

Item Types

Pipeline Steps

M-of-N

Threshold Holding

Industry Presets

Problem Statement

Why This Exists

Teams routinely move direct IDs (names, phones, addresses, IDs) through many systems and vendors. anonym.life reduces the exposure footprint by separating ID data from deal data.

Large Breach Blast Radius

Too many databases and logs contain "toxic data". When every system has the same PII, one breach becomes total breach.

High Liability & Compliance Burden

Data subject access, deletion, keep, processor controls — every link-up needs its own privacy and safety hardening.

Operational Friction

Safety reviews, audits, incident response, and fix scale with exposure footprint. Every new vendor increases scope.

Hidden Costs

Link-up depth, vendor onboarding delays, scattered PII handling across apps — costs grow with every system that touches ID data.

Core Pipeline

How anonym.life Works

Five steps that separate ID from deals. Policy-based alias-swap between data vendors and service vendors.

Detect — Find candidate touchy items and classify them by category and risk level. PII finding in set and unstructured content with confidence scores per recognizer and support for custom matchers.
Transform — Apply transformations according to a chosen preset (policy package): redact, mask, generalize, tokenize, or encode-to-recipient.
Vault — Store "additional info" (mappings, IDs, keys) in a strongly protected domain. Encoded blobs, token mapping tables, policy receipts, and integrity hashes.
Distribute — Downstream service gets a sanitized object via API or gate. Most workflows full without raw IDs.
Disclose — Tight, time-limited re-identification when legally or operationally needed. Every reveal needs strong sign-in, purpose declaration, rate limiting, and fixed audit proof.

// Inbound payload from data vendor
"Deliver to Sarah Johnson, Hauptstraße 12, 66130 Saarbrücken, phone +49 681 12345"
// Sanitized object to rollout service (after preset transformation)
"Deliver to [TOKEN_7a3f], [ZONE_CENTRAL], relay [RELAY_CHANNEL_42]"
// ID data vaulted separately (encoded, access-tight)
"Vault: TOKEN_7a3f → [encoded blob] → KEK in client KMS"

Key Skills

Core Features

Zero Knowledge Architecture

Your keys, your data — we can't access it. anonym.life never stores client KEKs in plaintext. Per-tenant and per-preset key encoding keys with standardized rotation schedules.

Pattern-Based PII Detection

390+ item types, 317 regex matchers for auto private data finding. Confidence scores per recognizer, support for custom matchers, and industry tuning for healthcare, finance, and logistics.

Customer-Managed Keys (BYOK)

Wrap encoding with client-tight KMS/HSM. Each PII record encoded with a DEK, wrapped by a KEK stored in client-tight systems. Supports rotation, revocation, and separation of duties.

MPC Threshold Custody

No single party can independently decrypt or grant re-identification. Threshold cryptography with M-of-N shares distributed across independent trust domains. Typical setups: 2-of-3 or 3-of-5.

Checksum Validation

Built-in checks for set IDs using Luhn algorithm (credit cards) and IBAN checksum verification. Reduces false positives through mathematical checks of found items.

Audit Trail Logging

Fixed audit log (append-only) with proof exports. Every release event records timestamp, requester ID, purpose declaration, attributes revealed, grant TTL, and integrity hash.

Safety & Key Control

Enterprise-Grade Key Management

Your keys. Your control. Our enforcement. Multiple holding modes from firm-wide starting point to high-assurance threshold ops.

Baseline: Envelope Encryption

Client-Run KMS/HSM

Per-tenant and per-preset KEKs. Per-object DEKs. Standardized key rotation schedules. Break-glass flows with strict sign-offs and post-event review. Maps to procurement expectations for rule-bound clients.

High-Assurance: Threshold/MPC

M-of-N Shares Across Trust Domains.

Shares distributed across: (1) Client domain (KMS/HSM or TEE), (2) anonym.life domain (HSM-backed, cannot act alone), (3) Independent trustee or audit fit escrow. Strong safety against insider risk.

Selective Disclosure

Purpose-Bound, Time-Limited

Every reveal needs: strong sign-in & access rules, purpose declaration and policy match, time-bounded grants (JIT), rate limiting and anomaly finding, fixed audit proof.

Audit Anchoring

Optional Tamper-Evident Ledger.

Hashes of preset versions, policy decisions, release grants, and reveal receipts anchored to a permissioned ledger. No secrets on-chain — only hashes and timestamps for cross-team trust.

Use Cases

Industry Presets

Pre-built presets for logistics, healthcare, e-commerce, and payments. Each preset defines finding thresholds, transformations, release rules, keep schedules, and audit needs.

Logistics & Delivery

Service vendor gets: Order contents, rollout zone, drop-off token, relay contact channel.

Vault protects: Name, phone, exact address. Driver uses token + relay. Exact address revealed only if operationally needed, time-limited, logged.

Healthcare & Diagnostics

Service vendor gets: Sample token, test order metadata, study pipeline IDs.

Vault protects: Patient ID, DOB, insurance IDs, special category fields. Referring physician re-identifies for clinical purpose, fully audited.

E-Commerce

Service vendor gets: Order details, rollout tokens, anonymized client refs.

Vault protects: Client profiles, payment details, browsing history. Downstream analytics and vendors operate on sanitized objects only.

Payment Processing

Service vendor gets: Amount, deal token, merchant refs.

Vault protects: Buyer ID and profile beyond what the processor needs. Strict tokens boundaries and purpose-limited sharing.

Preset Engine

Policy-Driven Transformation

A preset is a policy package that defines finding thresholds, transformations, release rules, keep, and audit events. Each preset controls the full lifecycle of PII within a deal flow.

Preset Template

Name, industry pack, law area, risk tier.
Item label set + transformation rules per type.
Confidence thresholds and fallbacks.
Allowed takers and purposes.
Release rules: who, what, max duration, sign-offs.
Keep and deletion schedule.
Audit events + proof exports format.
Exception handling and manual review paths.

Transformation Methods

Redact — Full removal of found items.
Mask — Partial obscuring with visible structure.
Generalize — Reduce precision (city rather of address)
Tokenize — Replace with non-reversible tokens.
Encrypt-to-Recipient — Targeted encoding for authorized parties.

Operational Guardrails

"Deny by default" release posture.
Fine-grained scopes: attribute-level and object-level.
Audit-first: fixed logs + proof exports.
Backpressure on uncertainty: low-confidence triggers minimize/block.
Fail-safe behavior: mask/minimize rather than pass-through.

Biz Value

Measurable Impact

Reduce breach impact. Simplify audit fit. Keep workflows running.

Reduced Breach Impact

Fewer systems with direct IDs. Attackers obtain less actionable ID data. Measurable reduction of plaintext IDs across downstream systems.

Control Consolidation

Replaces scattered, inconsistent PII handling across apps and vendors. Fewer systems "in scope" for touchy IDs. Reduced link-up depth.

Compliance Acceleration

Presets encode minimization, keep, and release policies. Proof exports aid audits and DPIAs. Better purpose limitation and data minimization enforcement.

Faster Integration

Standardized presets shorten safety reviews and link-up cycles. Reduced vendor onboarding time. Workflows remain functional via tokens, relay channels, and JIT grants.

Pricing

Simple, Transparent Pricing

Pay for what you protect. Scale as you grow.

Starter

€499/month

100,000 deals per month.

390+ item types, 317 regex matchers.
Preset engine with policy DSL.
Vault with wrap encoding.
Client KMS link-up.
Fixed audit log.
API gate + SDKs.

Professional Recommended

€1,999/month

1,000,000 deals per month.

All Starter features.
Key rotation & revocation workflows.
Break-glass + sign-offs.
Anomaly finding for release abuse.
Multi-region reliability.
Priority support.

Enterprise Custom

Contact Sales

Unlimited deals

All Professional features.
Threshold/MPC holding mode.
Optional ledger anchoring.
Industry-specific presets.
Set support & SLA.
Audit fit readiness program.

Rival Positioning

anonym.life vs Alternatives

Unlike old-style tokens vendors or encoding-only solutions, anonym.life provides policy-driven alias-swap with firm-wide key control, fixed audit proof, and purpose-bound narrow release.

Rival	Their Focus.	anonym.life Edge.
VGS	Card data tokens.	Handles all PII types with policy-driven presets, not just payments.
Skyflow	Data privacy vault.	Middle-tier, not storage — integrates without design overhaul.
Evervault	Encoding systems.	Alias-swap + narrow release, not just encoding.
Basis Theory.	Developer tokens.	Firm-wide rules with audit proof and audit fit tooling.
Build In-House.	Custom solutions.	Battle-tested presets, faster time-to-audit fit, ongoing evolution.

Positioning

How anonym.life Differs from Our PII Detection Platforms

anonym.life is firm-wide middle-tier — a privacy proxy that sits between data vendors and service vendors, separating ID from deal data at the systems level. It is in core other from our user-facing PII finding and PII strip platforms.

Our other platforms (anonymize.solutions, anonym.legal, cloak.biz, anonym.today, etc.) are tools for users who paste text, upload docs, or use browser extensions to detect and anonymize PII. anonym.life, by contrast, is systems for teams that need to control PII flow across their entire link-up landscape — with vaulting, tokens, policy presets, firm-wide key control, and audit-fit narrow release.

Access

Get Started with anonym.life

See anonym.life in action with your data. Request a demo to explore how policy-driven alias-swap can reduce your team's PII exposure footprint.

Open anonym.life → Request Demo

Related Platforms: anonymize.solutions — Firm-wide PII finding & PII strip | anonym.legal — Zero-Knowledge PII PII strip with MCP Server

Fit & Limitations

Best fit and known limitations

Best for

Enterprises with deal-system data flows — B2B platforms, healthcare/fintech alias-swap pipelines, logistics and e-commerce processors — that need policy-based alias-swap and narrow release between data vendors and service vendors, with BYOK and MPC threshold holding so the platform itself cannot read protected fields.

Not the right fit

Single-user desktop workflows (use anonym.plus), bulk image redaction with OCR (use cloak.biz), or teams looking for a self-hosted on-premises rollout — anonym.life ships as run middle-tier.

Known limitations

SaaS-only rollout today; link-up needs API work on each downstream service; BYOK + MPC holding add ops depth versus single-key vaults; the €499/month Starter tier sets a meaningful minimum spend versus consumer tools.

Need privacy middleware for your transaction systems?

Let's discuss how anonym.life can reduce breach impact, simplify audit fit, and keep your workflows running.

Book a Call ← All Projects