https://github.com/sgasser/pasteguard

Privacy proxy for LLMs - masks PII and secrets before upstream or routes to local LLM. OpenAI API compatible.
https://github.com/sgasser/pasteguard

llm openai pii presidio privacy proxy

Last synced: 4 months ago
JSON representation

Privacy proxy for LLMs - masks PII and secrets before upstream or routes to local LLM. OpenAI API compatible.

• Host: GitHub
• URL: https://github.com/sgasser/pasteguard
• Owner: sgasser
• License: apache-2.0
• Created: 2026-01-08T10:13:56.000Z (5 months ago)
• Default Branch: main
• Last Pushed: 2026-01-19T09:35:02.000Z (4 months ago)
• Last Synced: 2026-01-19T16:42:41.973Z (4 months ago)
• Topics: llm, openai, pii, presidio, privacy, proxy
• Language: TypeScript
• Homepage: https://pasteguard.com
• Size: 5.07 MB
• Stars: 416
• Watchers: 1
• Forks: 14
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE

Awesome Lists containing this project

• fucking-awesome-privacy - PasteGuard - Privacy proxy for LLM APIs that masks PII and secrets before they reach cloud providers. Self-hosted, OpenAI-compatible, and restores original data in responses. (Artificial Intelligence / Android Launcher)
• awesome-ChatGPT-repositories - pasteguard - ⭐ 461 / Privacy proxy for LLMs - masks PII and secrets before upstream or routes to local LLM. OpenAI API compatible. (NLP)
• awesome-privacy - PasteGuard - Privacy proxy for LLM APIs that masks PII and secrets before they reach cloud providers. Self-hosted, OpenAI-compatible, and restores original data in responses. (Artificial Intelligence / Android Launcher)

README

          


  

    

    

    

  





  

  

  





  AI gets the context. Not your secrets.


  Automatically hides names, emails, and API keys before you send prompts to AI.





  Quick Start ·

  Chat ·

  Coding Tools ·

  Documentation






  

  

  



  Detects 30+ types of sensitive data across 24 languages.


  Your data never leaves your machine.



## Works Everywhere

**[Chat](https://pasteguard.com/docs/use-cases/chat)** — Masks PII and secrets when you paste into ChatGPT, Claude, and Gemini. You see originals, AI sees placeholders.

**[Apps](https://pasteguard.com/docs/use-cases/apps)** — Open WebUI, LibreChat, or any self-hosted AI setup. Optionally routes sensitive requests to a local model.

**[Coding Tools](https://pasteguard.com/docs/use-cases/coding-tools)** — Cursor, Claude Code, Copilot, Windsurf — your codebase context flows to the provider. PasteGuard masks secrets and PII before they leave.

**[API Integration](https://pasteguard.com/docs/use-cases/api-integration)** — Sits between your code and OpenAI or Anthropic. Change one URL, your users' data stays protected.

## Quick Start

Run PasteGuard as a local proxy:

```bash

docker run --rm -p 3000:3000 ghcr.io/sgasser/pasteguard:en

```

Point your tools or app to PasteGuard instead of the provider:

| API | PasteGuard URL | Original URL |

|----------|----------------|--------------|

| OpenAI | `http://localhost:3000/openai/v1` | `https://api.openai.com/v1` |

| Anthropic | `http://localhost:3000/anthropic` | `https://api.anthropic.com` |

```python

# One line to protect your data

client = OpenAI(base_url="http://localhost:3000/openai/v1")

```

European Languages

For German, Spanish, French, Italian, Dutch, Polish, Portuguese, and Romanian:

```bash

docker run --rm -p 3000:3000 ghcr.io/sgasser/pasteguard:eu

```

For custom config, persistent logs, or other languages: **[Read the docs →](https://pasteguard.com/docs/installation)**

Route Mode

Route Mode sends requests containing sensitive data to a local LLM (Ollama, vLLM, llama.cpp). Everything else goes to OpenAI or Anthropic. Sensitive data stays on your network.

**[Route Mode docs →](https://pasteguard.com/docs/concepts/route-mode)**

## Chat

Open-source browser extension for ChatGPT, Claude, and Gemini.

- Paste customer data → masked before it reaches the AI

- AI responds with placeholders → you see the originals

- Works with the same detection engine as the proxy

Currently in beta. Apache 2.0.

**[Join the Beta →](https://tally.so/r/J9pNLr)** · **[Chat docs →](https://pasteguard.com/docs/use-cases/chat)**

## Coding Tools

Protect your codebase context and secrets when using AI coding assistants.

**Claude Code:**

```bash

ANTHROPIC_BASE_URL=http://localhost:3000/anthropic claude

```

**Cursor:** Settings → Models → Enable "Override OpenAI Base URL" → `http://localhost:3000/openai/v1`

**[Coding Tools docs →](https://pasteguard.com/docs/use-cases/coding-tools)**

## Dashboard

Every request is logged with masking details. See what was detected, what was masked, and what reached the provider.



[localhost:3000/dashboard](http://localhost:3000/dashboard)

## What it catches

**Personal data** — Names, emails, phone numbers, credit cards, IBANs, IP addresses, locations. Powered by [Microsoft Presidio](https://microsoft.github.io/presidio/). 24 languages.

**Secrets** — API keys (OpenAI, Anthropic, Stripe, AWS, GitHub), SSH and PEM private keys, JWT tokens, bearer tokens, passwords, connection strings.

Both detected and masked in real time, including streaming responses.

## Tech Stack

[Bun](https://bun.sh) · [Hono](https://hono.dev) · [Microsoft Presidio](https://microsoft.github.io/presidio/) · SQLite

## Contributing

See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines on how to contribute.

## License

[Apache 2.0](LICENSE)