Who can see the prompts?

No one. Veil-it operates entirely locally on your machine. Your prompts are analyzed and masked directly in your browser before being sent to AI services. We store only analytics (type of sensitive data, number of prompts, etc.) so you can then access them in the dashboard.

Is it GDPR compliant?

Yes, completely. Veil-it was designed from the ground up to be GDPR compliant. No personal data is stored or transmitted to the cloud. Processing is done exclusively locally, meaning your data never leaves your environment. This ensures compliance with Article 25 (Privacy by Design) and Article 32 (Security of processing) of GDPR.

How long does it take to implement?

Right now. Installing Veil-it takes just 2 minutes via the Chrome extension. No additional infrastructure is required, no complex configuration, and no IT team intervention needed. Once installed, protection is immediate and works automatically on all AI sites you use.

Where is the data hosted?

No sensitive data is hosted or downloaded. Veil-it analyzes and masks everything locally in your browser. Only anonymized metadata (usage statistics, types of data detected) is sent to the dashboard to allow you to track usage and train your teams.

Shadow AI & Compliance Debt: The Practical Guide to Secure Innovation (Without Blocking Everything)

Aurélien Vandaële, Freelance CTO

I had a frustration: seeing my collaborators use any AI tool without governance. It's non-compliant with the AI Act, and I had no tool to manage it without hindering their productivity.

Banning ChatGPT = frustrated teams that find workarounds.
Letting it happen = legal exposure and data leaks.

No market solution suited me (cloud proxies = latency, complexity, costs).
So I built it.

Here's how I secure AI in enterprises, based on three pillars:

1. Technical Diagnosis

Why your current tools (firewalls, DLP) cannot see Shadow AI

2. Just-in-Time Training

Contextual alerts when employees are about to share sensitive data

3. Local Protection

In-browser analysis (no third-party cloud), zero latency, Privacy-by-Design

Anatomy of a Silent Leak: Shadow AI

The scenario I see every week:

An employee copy-pastes an Excel file with customer data into free ChatGPT. Your firewall sees nothing (encrypted HTTPS traffic to openai.com, a legitimate domain).

The technical problem:

Traditional firewalls analyze network traffic but cannot inspect HTTPS content of requests to authorized cloud services. Generative AI creates a new invisible attack surface.

The legal risk (translated into business):

AI Act Article 4 (AI Literacy): The company must train its employees. Ignoring this = liability engaged.
GDPR Article 32 (Security of Processing): Obligation to implement technical measures to protect personal data.
Compliance debt: Every day without AI governance accumulates legal exposure (GDPR fines up to €20M or 4% of revenue).
Shadow AI = Shadow IT 2.0: Your employees use unapproved LLMs. You don't know who, what, or where.

Veil-it: The Compliance & Governance Platform

Veil-it is the compliance and governance platform for Generative AI.

We enable CISOs, DPOs, and CTOs to deploy AI in the enterprise while instantly ensuring GDPR and AI Act compliance, without stifling innovation.

🇪🇺 Axis 1: AI Act & GDPR Compliance (Legal Axis)

Our promise: Transform your legal obligations into automation.

Just-in-Time Training (AI Act - Art. 4): We train users at the precise moment they make a mistake (educational pop-up). This validates the legal obligation of team "AI literacy".
Processing Registry (GDPR): You can populate the usage inventory. You know who uses what, and for what types of data.
Data Minimization: Automatic masking of PII (Personal Data) before any sending to an AI.

🌍 Axis 2: Governance & Shadow AI (Control Axis)

Our promise: Regain control over the tools used.

Shadow AI Control: Detection and blocking of unauthorized AI (e.g., free ChatGPT, Deepseek...).
Smart Redirection: Automatic guidance of users to company-approved tools (e.g., Redirect from Deepseek → to Mistral / Copilot).
Decision Dashboard: Full visibility for C-Level: Top tools used, Top risks avoided, Adoption rate.

🔒 Axis 3: Security & Sovereignty (Technical Axis)

Our promise: A "Zero Exfiltration" architecture.

Privacy-by-Design: 100% local semantic analysis in the browser.
Zero Third-Party Cloud: Your prompts and files never transit through our servers. We only see alerts (metadata).
Sovereignty: Log hosting in France. Data immune to the Cloud Act.

⚙️ Axis 4: Deployment & Adoption (CTO Axis)

Our promise: Deployed in 5 minutes, adopted immediately.

Zero Friction: Chrome/Edge extension deployable via MDM (Microsoft Intune, Google Workspace).
SSO Microsoft: Secure one-click login.
Dedicated Support: Assistance with installation and security policy configuration.

📋 AI Usage Policy Template (Risk Levels Version)

GENERATIVE AI TOOLS USAGE POLICY

Approved Tools: [Enterprise ChatGPT Plus / Claude Pro / Copilot M365 / Local LLM]

Data Classification & Authorized Uses:

🟢 GREEN (Public) Unrestricted use authorized
• Translation of public texts
• Generic code generation (no proprietary business logic)
• Brainstorming (ideas, abstract concepts)
• Rephrasing already published marketing content

🟠 ORANGE (Internal) Conditional use (anonymization required)
• Non-sensitive business data (aggregated stats, trends)
• Internal source code (remove client names, sensitive variables)
• Internal documents (anonymize names/positions before sharing)
⚠️ Required action: Use Veil-it obfuscation feature or anonymize manually.

🔴 RED (Confidential / PII) Prohibited use (or Local LLM only)
• Customer personal data (names, emails, phones, addresses)
• Financial data (revenues, margins, salaries, IBAN)
• Trade secrets (product roadmaps, non-public strategies)
• Intellectual property (pending patents, proprietary algorithms)
• HR data (evaluations, medical records)
⛔ Absolute prohibition except via On-Premise deployed LLM (e.g., local LLaMA).

Golden Rule: Before sending a prompt, ask yourself: "Would I be comfortable if this text appeared in a public AI training dataset accessible to my competitors?"

Sanctions: Repeated violations may result in disciplinary action (cf. Internal Regulations Article X).

Support: When in doubt → Contact the DPO or IT Security before sending.

Your Shadow AI Exposure Audit (20 min)

Technical session with a CTO (me or my team):

Attack surface audit: Analysis of your current AI tools (authorized and detected Shadow AI)

Live Veil-it demo: Real-time PII detection, obfuscation, admin dashboard

Compliance mapping: Your sector (Finance, Healthcare, Tech) vs regulatory requirements (GDPR, AI Act, NIS2)

Technical ROI: Deployment cost vs breach cost

Book a demo to secure your data