Keeping user-entered PII out of servers and logging pipelines is a pragmatic, high-impact privacy control for chat assistants and intake flows. Rampart's core insight is trading a tiny on-device model for a local-first guard that removes most sensitive tokens before they ever touch a provider, reducing the downstream blast radius of accidental data collection.
What Sets It Apart
- Defense-in-depth pipeline: a recall-biased token-classification encoder works together with a deterministic recognizer (regex + checksum) so structured identifiers (SSNs, cards, emails, URLs, IPs) get near-deterministic coverage while names and free-form IDs get contextual model coverage.
- Client-first, very small runtime: the shipped artifact is a quantized ONNX classifier designed to run in browsers (WASM/WebGPU) and Node, enabling redaction at the trust boundary rather than in back-end logs.
- Conversation-aware placeholders: detected values are mapped to stable session placeholders (e.g. [GIVEN_NAME_1]) so assistants can send placeholders to models and locally rehydrate human-visible replies without transmitting raw PII.
- Policy-driven retention: a default-deny policy redacts most sensitive fields while keeping coarse geography (city/state/ZIP) to preserve useful context for assistants.
Who It's For and Tradeoffs
Great fit if you need a lightweight, client-side PII scrubber for chatbots, form intake, analytics pre-filtering, or to reduce risk in telemetry. It helps teams enforce a simple keep/redact policy without server-side changes. Look elsewhere if your user base routinely types non-Latin scripts (Rampart is scoped to seven Latin-script languages) or you require a formal security boundary against motivated adversaries—adversarial evasion and some government-style IDs remain weaker without additional format validators. Integrators should also treat it as harm-reduction, not a sole compliance control, and complement it with server-side auditing and domain-specific guards where necessary.