Architecture
How the Philterd Toolkit Fits Together
Ten products. One shared policy format. One data perimeter. This page maps how Philter, Phileas, PhEye, Philter AI Proxy, Phinder, Phield, Arbiter, Philter Scope, Philter Diffuse, and the Redaction Policy Editor compose into a complete privacy stack.
Component overview
Three primary data paths, one shared policy layer, and five cross-cutting operational tools.
LLM Traffic
Drop-in proxy for OpenAI, Anthropic, Amazon Bedrock, and any OpenAI-compatible provider. PII is redacted before prompts leave your network; responses are scanned on the way back.
Core Redaction Engine
Philter is the self-hosted HTTP API; Phileas is the embeddable library (Java, Python, .NET, Go). Both are powered by PhEye NLP models and driven by Phileas policies.
Discovery at Rest
Crawls S3, GCS, Azure Blob, and local filesystems. Maps where sensitive data lives across your infrastructure before it becomes a compliance finding.
Shared Phileas policy format. One definition applied by all products.
Precision, recall, and F1 measurement. Fail the build when accuracy regresses.
Production PII flow monitoring and anomaly alerting.
Human review, structured exemptions, and audit trail.
Differential privacy for safe aggregate analytics.
The shared policy layer
The single most important architectural property of the toolkit: every product that performs or tests redaction consumes the same Phileas policy format. You define your redaction rules once, version them like code, and they apply everywhere.
- Policy Editor Author policies visually
- Phileas Policy JSON Version-controlled config file
- Philter / Phileas Executes redaction at runtime
- Philter Scope Tests the policy in CI/CD
- Philter AI Proxy Applies policy to LLM traffic
Pre-built policies for HIPAA Safe Harbor, PCI DSS, GLBA, clinical notes, and more are available in the Redaction Policy Library.
Deployment topologies
Not every team needs every product. These three topologies cover the most common starting configurations; teams typically expand from Minimal toward Full Suite as the work matures.
Minimal
New to redaction or a single focused use case
- Philter (HTTP API) or Phileas (embedded library)
- PhEye NLP models (bundled with Philter)
- Redaction Policy Editor
Deploys in under 5 minutes from the AWS, GCP, or Azure Marketplace. Suitable for log redaction, document pipelines, and single-system use cases.
Standard
Production deployment with AI workload coverage
- Everything in Minimal
- Philter AI Proxy for LLM prompt and response redaction
- Philter Scope for CI/CD policy regression testing
- Phield for production PII flow monitoring
Covers the two highest-priority concerns for most production teams: AI data egress and detection-accuracy regression.
Full Suite
Enterprise or heavily regulated deployment
- Everything in Standard
- Phinder for sensitive data discovery at rest
- Arbiter for human-in-the-loop review and attestation
- Philter Diffuse for differentially private aggregate analytics
Suitable for HIPAA, FedRAMP, and regulated-AI workloads where human attestation, discovery inventory, and provable privacy bounds are required.
Not sure which topology fits your team? Walk the product journey to find your starting point →
All components at a glance
Every product in the toolkit, its role, and where it fits in the architecture.
Not sure where to start?
Most teams start with Philter or Phileas and add from there. If you want a guided read, the product journey walks through each stage and when to adopt it.