Spaces:
Sleeping
A newer version of the Gradio SDK is available: 6.19.0
title: PrivacyShield
emoji: π‘οΈ
colorFrom: red
colorTo: gray
sdk: gradio
sdk_version: 5.49.1
app_file: app.py
pinned: false
license: mit
tags:
- build-small-hackathon
- privacy
- pii
- security
- llm-guardrails
- ner
- track:backyard
- sponsor:openbmb
- sponsor:nvidia
- achievement:offgrid
- achievement:welltuned
short_description: Local PII & secret firewall for LLMs
π‘οΈ PrivacyShield β a local firewall for LLMs
Strip PII and leaked secrets out of text before it ever reaches an LLM API β then put the real values back into the response. Nothing sensitive leaves your machine.
Every week another company leaks customer data or an API key into an LLM prompt. The answer isn't "stop using AI" β it's a guardrail that runs locally, in front of the model.
Demo it in two clicks: open the app β Try the leaked-secret example β Sanitize. Watch the AWS key, JWT, emails, Aadhaar (checksum-validated), names and address get masked β "N blocked Β· 0 leaked." Then hit Simulate the LLM round-trip: the model only ever sees placeholders, and the real values are restored on your machine.
Why this matters
- The privacy requirement makes a small local model the correct design, not a compromise. You literally cannot send PII to a cloud API to have it redacted. PrivacyShield runs entirely on-device.
- It catches what regex can't. Structured data (Aadhaar, PAN, cards, AWS keys, JWTs) is caught by high-precision, checksum-validated detectors. Context-dependent data (names, addresses, orgs) is caught by a fine-tuned model β regex is blind to these.
- The round-trip keeps the LLM useful. Mask β call the LLM with safe text β restore the originals into the answer locally. You get a real answer; the data never left.
- Compliance-ready. Aligns with privacy regimes (India's DPDP Act, GDPR) that require minimizing exposure of personal data to third parties.
How it works
your text
β DETECT : checksum-validated regex (structured PII + secrets) βͺ fine-tuned NER (names/addresses)
β MASK : each finding β reversible placeholder, e.g. [PERSON_NAME_1], [SECRET_1]; originals kept
only in an in-memory vault (never logged, never sent)
β CALL : send the sanitized text to the LLM (the LLM only ever sees placeholders)
β RESTORE: swap placeholders back to the real values in the response, locally
What it detects
| Layer | Examples | How |
|---|---|---|
| Structured PII | email, phone, Aadhaar (Verhoeff checksum), PAN, IFSC, card (Luhn), UPI, IP | deterministic, high precision |
| Secrets | AWS keys (AKIAβ¦), JWTs, GitHub tokens, private-key blocks, high-entropy strings |
regex + Shannon entropy |
| Contextual PII | person names, addresses, organizations | fine-tuned XLM-RoBERTa |
The model β real data, real evaluation (not vibes)
- Base:
FacebookAI/xlm-roberta-base(~270M params β runs on CPU, no GPU needed at inference). - Fine-tuned on:
ai4privacy/pii-masking-200k(real, span-labeled) + synthetic Indian PII (valid-format Aadhaar/PAN/IFSC/UPI, Indian names & addresses) so it handles Indian documents, which generic tools miss. - Model:
perceptron01/privacyshield-ner - Param math: 0.27B βͺ 32B cap β
Evaluation (held-out mix of ai4privacy + synthetic Indian PII):
| Method | PERSON recall | ADDRESS recall | structured PII / secrets |
|---|---|---|---|
| regex-only baseline | ~0.00 | ~0.00 | high (checksum-validated) |
| PrivacyShield (regex + fine-tuned model) | ~0.97 | ~0.97 | high |
Recall is the metric we optimize β a missed secret or PII item is a leak, so a false negative is far worse than over-masking. Overall fine-tuned F1 β 0.97 (precision 0.97 / recall 0.97).
Honest limitations: the synthetic portion of the test set is formulaic and inflates absolute scores; the model occasionally labels an organization as ADDRESS (the value is still masked, so nothing leaks); free-text address boundaries are imperfect. The structured/secret layer is the high-precision backbone.
Privacy by design
No database, no auth, no persistence. The detected values live only in an in-memory vault for the duration of a request; the downloadable audit log contains placeholders only β never raw values.
Run locally
pip install -r requirements.txt
python app.py
Tech
Gradio Β· Hugging Face Transformers Β· a fine-tuned XLM-RoBERTa token classifier Β· deterministic detectors with Verhoeff (Aadhaar) and Luhn (card) checksum validation + Shannon-entropy secret detection.
Submission
- π€ Live Space: https://huggingface.co/spaces/build-small-hackathon/PrivacyShield
- π₯ Demo video: https://drive.google.com/file/d/1TERBTamfhW87jlLip9EX8Sx9KYqgMAL4/view?usp=sharing
- π£ Social post: https://www.linkedin.com/posts/aman-maurya-2a394924b_privacyshield-a-hugging-face-space-by-build-small-hackathon-share-7472416023334367234-oE6J/?utm_source=share&utm_medium=member_desktop&rcm=ACoAAD3l3lsBvHlGmHXJP3WiWP5GwQFJQ2g9QZI