Reversible Encryption for LLM Workflows — From Theory to Production
Research Source
Industry analysis (DZone, 2025) validated the approach of reversible anonymization for LLM workflows: encrypt PII before sending to an LLM, let the LLM process anonymized text, then decrypt the PII in the response locally. This pattern preserves LLM utility (the model processes contextually meaningful text) while ensuring PII never reaches the LLM provider's servers in plaintext. The key challenge is maintaining semantic coherence — the anonymized text must still be grammatically correct and contextually meaningful for the LLM to produce useful responses.
Executive Summary
The reversible anonymization pattern for LLMs has been validated: encrypt PII before sending to an AI model, process anonymized text, decrypt the response. This preserves both privacy and AI utility — the model sees anonymized tokens but processes contextually meaningful text.
anonym.legal implements AES-256-GCM reversible encryption across web app, Chrome Extension, Office Add-in, and Desktop app. The encryption key never leaves the user's device.
The Problem: The Privacy-Utility Tradeoff in LLM Usage
Organizations want to use LLMs for document analysis, customer support, legal review, and medical case discussion — all tasks involving PII. Sending plaintext PII to LLM providers violates GDPR, HIPAA, and internal data policies. But simply removing PII (redaction) degrades LLM performance: 'Summarize the conversation between [REDACTED] and [REDACTED] about [REDACTED]' produces poor results because the model loses contextual anchors. The solution is typed, consistent replacement — replacing 'John Smith' with '[PERSON_1]' everywhere — so the model can track entities across the text without knowing their real values.
Irreducible truth: Redaction destroys context. Consistent typed replacement preserves context. Reversible encryption adds recoverability. The combination — typed replacement with reversible encryption — is the only approach that satisfies privacy, utility, and recoverability simultaneously.
The Solution: How anonym.legal Addresses This
AES-256-GCM Encryption
anonym.legal uses AES-256-GCM (Galois/Counter Mode) for PII encryption. Each entity value is encrypted with a unique nonce; the authentication tag ensures tamper detection. The encrypted token replaces the PII value in the text, maintaining document structure and readability for the LLM.
Consistent Entity Replacement
The same PII value always maps to the same token within a session. 'John Smith' becomes '[PERSON_1]' everywhere in the document. This consistency allows LLMs to track entity relationships, co-references, and narrative flow. The quality of LLM responses on anonymized text approaches the quality of responses on original text because the semantic structure is preserved.
Client-Side Key Management
The encryption key is generated and stored on the user's device — browser localStorage for the web app, secure storage for the Desktop app, Office.js storage for the Add-in. The key never reaches anonym.legal's servers. This means even a complete server breach cannot decrypt any user's PII.
Cross-Platform Decryption
Encrypted tokens generated on one platform can be decrypted on another using the same key. A document encrypted via the Chrome Extension can be decrypted in the web app, Desktop app, or Office Add-in. This enables workflows where PII is encrypted in one context and decrypted in another.
Compliance Mapping
This pain point intersects with GDPR Article 32(1)(a) (encryption of personal data), GDPR Article 25 (data protection by design), and HIPAA §164.312(a)(2)(iv) (encryption of ePHI). Reversible encryption satisfies both the encryption requirement and the practical need for authorized access to original data.
anonym.legal's GDPR, HIPAA, PCI-DSS, ISO 27001 compliance coverage, combined with Hetzner Germany, ISO 27001 hosting, provides documented technical measures organizations can reference in their compliance documentation.
Product Specifications
| Specification | Value |
|---|---|
| Entity Types | 285+ |
| Detection | 3-layer hybrid: Presidio + NLP + Stance classification |
| Test Coverage | 100% (419/419 tests) |
| Languages | 48 |
| Anonymization Methods | Replace, Redact, Mask, Hash (SHA-256/512), Encrypt (AES-256-GCM) |
| Platforms | Web App, Desktop, Office Add-in, Chrome Extension, MCP Server, REST API |
| Pricing | Free €0, Basic €3, Pro €15, Business €29 |
| Hosting | Hetzner Germany, ISO 27001 |
| Compliance | GDPR, HIPAA, PCI-DSS, ISO 27001 |