A few months ago, a lawyer told me he drafts pleadings with ChatGPT – including client names, case numbers, diagnoses. It hit me: that’s a §203 problem in plain sight.
In Germany, anyone bound by professional confidentiality – lawyers, doctors, tax advisors, notaries – who sends client data to ChatGPT/Claude/Gemini violates §203 of the Criminal Code. Cloudflare’s AI Gateway just blocks such requests. But “blocking” isn’t a solution for someone who needs the AI. The right answer is “YES, but safely”.
The only place this is cleanly solvable is the browser. Before the data leaves the machine.
Saklam detects personal data in the browser and replaces it with tokens – [NAME_1], [CASE_2], [ADDRESS_1]. The LLM only ever sees tokens. The response comes back and is reassembled with the real values in the browser. No clear data hits the server.
The stack:
- GLiNER PII models, running locally in the browser (~200 MB cache)
- ONNX Runtime Web for inference
- LiteLLM as proxy (auth, routing, audit log)
- Provider-agnostic – OpenAI, Anthropic, Google
Available as web chat, desktop app, JavaScript SDK, and Docker for on-premise. The privacy level matches the sensitivity: web chat for daily work, desktop for confidential matters, Docker for firms with their own servers.