Masquer

The Problem

Organizations handling sensitive data (healthcare, finance) face an impossible workflow: copy production data, scrub PII, re-upload, repeat. Every copy increases security risk. Every scrub takes time. Cloud providers charge by data volume. The whole process is slow, expensive, and backwards.

The Approach

What if you didn't copy the data at all? What if privacy happened at read-time, on the fly, at the point of data access?

Architecture

• Transparent PostgreSQL wire protocol proxy
• Real-time masking at read-time — no data duplication
• ML-powered PII detection (ONNX runtime, DeBERTa)
• Deterministic masking: same PII value → same masked output (referential integrity preserved)
• Format-preserving transformations: masked data still works in applications
• Runs entirely on-premise — zero data leaves your infrastructure

Technical Differentiators

• Go-native tensor operations: 90% memory reduction vs Python implementations
• Binary tokenizer: 10-100x faster startup than JSON tokenizers (standard)
• Session pooling with 512-token slicing for concurrent inference
• Up to 700 tok/sec on CPU

Compliance Value

Masquer gives customers an easy way for auditors to see that the org is protecting private data from third-party contractors. From the contract to the tech systems — demonstrable, auditable protection.

Relevant frameworks: SOC 2 CC6.1/CC6.3, ISO 27001 A.9/A.18, NIST AC-1/AC-3/AC-6/SC-28, HIPAA, CCPA, GDPR.

Use Cases

• Development against production-like data without exposure risk
• QA testing with realistic data shapes
• Analytics on sensitive datasets
• Third-party integrations with privacy guarantees