In the era of exponential data growth, individuals and organizations increasingly grapple with the tension between extracting value from data and preserving the privacy of individuals represented within it. From customer reviews and support logs to medical records and financial statements, personal information permeates virtually every dataset.
This research paper examines a critical privacy challenge related to COMPLEXITY CASCADE — pii protection requires perfection across all layers simultaneously.
cloak.business addresses this through zero-storage in-memory architecture with self-hosted NLP models, simplifying the stack by eliminating storage and third-party dependency layers.
PII protection requires perfection across ALL layers simultaneously. One failure anywhere collapses everything. The attacker needs to find ONE weakness; the defender must protect ALL layers with zero failures.
Irreducible truth: Protection = Layer1 × Layer2 × ... × LayerN. Any zero makes the product zero. The attacker gets to choose which layer to attack. The defender must achieve perfection across all of them simultaneously, forever.
cloak.business identifies 390+ entity types including source names, contact information, email addresses, organizational affiliations. The dual-layer (317 custom regex + NLP) architecture uses 317 custom regex recognizers with context word analysis and confidence scoring 0.0–1.0 for structured identifiers and spaCy (25 languages) + Stanza (7 languages) + XLM-RoBERTa (16 languages) — all self-hosted for contextual references.
Redact is recommended for this pain point: anonymizing source-identifying information before documents enter email prevents the SecureDrop-to-Gmail exposure. Replace provides an alternative — substituting source identifiers with anonymous references preserves editorial workflow while protecting sources. For scenarios requiring reversibility, Encrypt (AES-256-GCM) enables authorized recovery of original values.
Zero-storage microservices with self-hosted NLP models (spaCy, Stanza, XLM-RoBERTa). All processing in-memory on German servers. No data ever written to disk, no third-party transfers.
This pain point intersects with GDPR Article 85 journalistic exemptions, EU Whistleblower Directive.
cloak.business’s GDPR (Article 25 Privacy by Design), ISO 27001:2022 compliance coverage, combined with Germany only, no third-party transfers, ISO 27001:2022 certified hosting, provides documented technical measures organizations can reference in their compliance documentation and regulatory submissions.
| Specification | Value |
|---|---|
| Platform Version | Analyzer 6.9.1, Image Redactor 5.3.0 |
| Entity Types | 390+ (519 documented) |
| Detection Layers | 317 custom regex + 3 NLP engines (all self-hosted) |
| Languages | 48 UI languages, 37 OCR language packs |
| Anonymization Methods | Replace, Redact, Mask, Hash (SHA-256), Encrypt (AES-256-GCM) |
| Architecture | Zero-storage microservices (in-memory only) |
| Integration Points | Web App, Desktop, Office Add-in, MCP Server (9 tools), REST API |
| Hosting | Germany only, ISO 27001:2022, no third-party transfers |
| Compliance | GDPR Article 25, ISO 27001:2022 |