Philterd

Talk to the Team

Tell us about your stack and the privacy problems you're trying to solve. We typically respond within one business day.

Prefer email? support@philterd.ai

Prefer to skip the form? Pick a time on our calendar →
or send a message

Please do not enter PII or PHI in this form. If you need to share an example, use a sanitized one.

Consulting

Ship AI Safely. Own Your Privacy Stack.

We help teams ship AI features without leaking PII to LLM providers, and build the redaction pipelines that protect sensitive data across the rest of the stack. Everything we deliver stays in your cloud and under your control.

Who You Work With

Engagements are led by Jeff Zemerick, the creator of Philter and the Philterd open source toolkit. You get the person who wrote the code, not a sales engineer reading from a runbook. We have deployed redaction pipelines processing millions of records daily across healthcare, financial services, and government.

What We Do

Privacy Architecture

We design end-to-end PII protection for your cloud and AI workloads: data flows, redaction layers, audit trails, and the guardrails that keep them aligned with HIPAA, GDPR, and CCPA.

Custom NLP Models

Off-the-shelf models miss the entities that matter most in your domain. We train specialized PII/PHI detectors on your data, evaluated against precision and recall you can measure.

Compliance Audits

Full-scale evaluation of your existing privacy posture against the regulatory requirements you actually have to meet, plus a prioritized remediation roadmap your team can execute.

PII Incident Response

Rapid triage when a privacy incident hits production. We scope exposure, contain the leak, instrument detection, and document the timeline for regulators and counsel.

Embedded Engineering

Work directly with the creators of Philter. We pair with your developers, contribute production-grade code to your repos, and leave behind systems your team owns.

Selected Work

Multilingual Patient Chatbot

Embedded real-time PII redaction into a bilingual (English/French) patient chatbot so sensitive information is stripped before messages reach human agents or analytics storage.

Read the case study →

EHR-to-Database Data Pipeline

Deployed Philter inside an AWS data pipeline to de-identify clinical narrative text flowing from an EHR into an analytics database, enabling research access without HIPAA restrictions.

Read the case study →

Engagement Formats

Assessment

A one-week review of your PII exposure, data flows, and compliance posture. You get a written report with a prioritized remediation roadmap.

Architecture sprint

Two to four weeks. We design and deploy the redaction layer, integrate it with your pipelines, and hand off a working system your team can operate.

Embedded engineering

One to six months. We pair with your developers, contribute production code to your repos, and transfer ownership progressively. For teams building privacy into a product or platform.

How Every Engagement Works

Scoping call

We learn your stack, your compliance requirements, and where PII flows through your systems. No slides, no pitch. 30 minutes.

Build

We design the redaction layer, deploy it inside your cloud, and integrate it with your existing pipelines. Your engineers have full access from day one.

Handoff

You own the code, the infrastructure, and the operational knowledge. No ongoing license, no vendor lock-in. We stay available for follow-up questions.

Industries

We work across regulated industries where a PII leak carries real consequences.

Healthcare

HIPAA Safe Harbor de-identification, clinical NLP, PHI redaction for research and analytics pipelines.

Finance

PCI scope reduction, GLBA compliance, PII redaction for banking and fintech data flows.

Legal

Court filing redaction, e-discovery, FRBP 9037 compliance for law firms and legal tech.

Government

FOIA processing, FedRAMP-ready deployments, GovCloud and air-gapped environments.

Insurance

Claims processing, underwriting pipelines, GLBA and NAIC compliance.

Engagements involving real PHI or PII

Because Philterd ships self-hosted software, we do not sign a BAA or DPA with you for product use. Here is why that is the point. Consulting is the one place where the answer can shift.

Most engagements are scoped to work on synthetic data, policy design, deployment review, and model training that does not require us to see real records. When that scoping is not possible (a custom-model engagement that genuinely needs production data to train against, an incident-response engagement on data already in the wild), how PHI or PII is handled inside the engagement is spelled out in the engagement contract before work starts. Ask about scoping during the first call; we will tell you which path your work fits.

Tell us what you're working on

Describe your stack and the privacy problem you need to solve. We'll get back to you within one business day.

Solution brief (PDF)