Air-Gapped Desktop with 5,000-File Batch Processing
Research Source
Defense contractors, intelligence agencies, healthcare systems, and critical infrastructure operators often work in air-gapped environments — networks physically isolated from the internet. Cloud-based PII anonymization tools are unusable in these environments. Desktop tools that require internet for NLP model loading or API calls also fail. Only fully offline tools with bundled models can operate in air-gapped networks.
Executive Summary
Air-gapped environments have no internet access by design. Cloud PII tools are unusable. Desktop tools requiring internet for model loading also fail. Only fully offline tools with bundled NLP models operate in air-gapped networks.
cloak.business Desktop App v7.5.0 bundles all NLP models and entity recognizers locally. No internet connection required for any operation. Processes up to 5,000 files per batch with XChaCha20-Poly1305 encrypted vault.
The Problem: Air-Gapped Networks Need Offline PII Processing
Classified networks in defense and intelligence, isolated clinical networks in healthcare, SCADA/ICS networks in critical infrastructure, and secure financial processing environments all operate without internet access. These environments process highly sensitive documents containing PII — classified personnel records, patient medical files, financial transaction logs, infrastructure access records. Cloud-based anonymization is impossible. Even desktop tools that phone home for model updates, license validation, or API calls cannot operate.
Irreducible truth: Air-gapped environments are not a niche use case — they protect the most sensitive data that exists. Any PII anonymization tool that requires internet connectivity excludes the environments that need PII protection most.
The Solution: How cloak.business Addresses This
Bundled NLP Models
All spaCy, Stanza, and XLM-RoBERTa models are bundled in the application package. No internet download required. The desktop app is fully functional from first launch on an air-gapped machine.
5,000-File Batch Processing
Process up to 5,000 files in a single batch operation. Supported formats: PDF (50MB max), DOCX (30MB), XLSX (20MB), TXT, CSV, JSON, XML, PNG, JPEG, BMP, TIFF. Batch queue processing with progress tracking and error handling.
XChaCha20-Poly1305 Encrypted Vault
Encryption keys and anonymization history are stored in a local vault encrypted with XChaCha20-Poly1305. Key derivation uses Argon2id (memory-hard, brute-force resistant). PIN-protected quick access for daily use. 24-word BIP39 recovery phrase for vault recovery.
Cross-Platform
Available for Windows 10+ (NSIS installer, MSI, portable ZIP), macOS 10.15+ (Universal DMG — Apple Silicon and Intel), and Linux (AppImage, .deb). System requirements: 4GB RAM, 500MB disk space.
Cloud vs. Air-Gapped PII Processing
| Capability | cloak.business Desktop (Air-Gapped) | Cloud-Based PII Tools |
|---|---|---|
| Internet required | No — fully offline | Yes — always |
| NLP models | Bundled locally | Cloud-hosted |
| Batch capacity | 5,000 files per batch | Varies (typically smaller) |
| Data leaves network | Never | Always |
| Vault encryption | XChaCha20-Poly1305 | N/A or cloud-managed |
| Air-gapped certified | Yes | No |
| Platforms | Windows, macOS, Linux | Browser only |
Compliance Mapping
This feature addresses NIST 800-171 (CUI protection in non-federal systems), ITAR (defense article handling), HIPAA §164.312 (technical safeguards — air-gapped processing eliminates network exposure), and NATO RESTRICTED handling requirements.
cloak.business's GDPR, HIPAA, PCI-DSS, ISO 27001, SOC 2 compliance coverage, combined with Customer-selected hosting, provides documented technical measures organizations can reference in their compliance documentation.
Product Specifications
| Specification | Value |
|---|---|
| Entity Types | 320+ |
| Detection | 3-layer hybrid: Presidio + NLP + Stance classification |
| Test Coverage | 100% (419/419 tests) |
| Languages | 48 |
| Anonymization Methods | Replace, Redact, Mask, Hash, Encrypt (AES-256-GCM), RSA-4096 Asymmetric, Keep |
| Platforms | Web App, REST API, SDKs (JavaScript, Python), Cloud Storage Add-ins, Nextcloud |
| Pricing | Enterprise (custom) |
| Hosting | Customer-selected |
| Compliance | GDPR, HIPAA, PCI-DSS, ISO 27001, SOC 2 |