StellarGate Overview
A privacy proxy that sits between your application and any LLM. Sensitive data replaced with reversible tokens before the prompt leaves your perimeter; the response is de-anonymized on the way back. Your app gets a useful answer. External LLMs learn nothing.
What it solves
You want to use GPT-4, Claude, Gemini, or any other proprietary LLM. You can’t send client data there — privilege, GDPR, bank secrecy, patient confidentiality, internal IP. StellarGate anonymizes the prompt automatically, forwards the sanitized version to the LLM, and resolves tokens in the response. The LLM never sees real names, IDs, amounts, or anything else you classify as sensitive.
When to use which mode
StellarGate offers three deployment modes. Pick one based on how much control you want and where the proxy runs.
| Mode | Who calls the LLM | Where StellarGate runs | When to use |
|---|---|---|---|
| Transparent Proxy | StellarGate (on your behalf) | Our EU cloud | Most teams. Fastest path. |
| Tokenized Handoff | Your app | Our EU cloud | You want to inspect outbound payloads before sending |
| Self-Hosted | StellarGate (in your infra) | Your data centre | Regulated workloads, no internet egress, strict data locality |
See Operating Modes for the full detail.
What gets anonymized
Out of the box, StellarGate detects 15+ entity categories: people, contact details, financial data, identity numbers, medical records, organizations, dates, locations, URLs, and more. On top of that you add custom dictionaries and regex patterns for your domain-specific terms.
Full detail in What We Detect.
Deterministic first, ML second
One of the most important properties: StellarGate applies your custom dictionaries and regex patterns before ML detection. This means specific terms you name (client names, project codenames, internal IDs) are replaced 100% of the time, not 99.9%. ML detection fills in what rules didn’t catch.
For the most regulated work, dictionaries + regex are what your auditor will ask about. ML detection is how we cover the long tail.
Human-in-the-loop
For the most sensitive requests — legal, medical, financial — require a human approval before the sanitized payload is sent to the LLM. A reviewer sees the original alongside the anonymized version, approves/modifies/rejects. Every decision logged. See Human-in-the-Loop.
Compatibility
StellarGate is OpenAI SDK-compatible. Most existing apps that use openai.chat.completions.create(...) work by changing one URL. Anthropic, Google Gemini, and other providers supported via their own compatibility layers.
What it doesn’t do
- Does not guarantee privacy against every attack model — a determined LLM can sometimes infer context from structure. For maximum privacy, combine StellarGate with on-prem inference (Mode 3).
- Does not fix an LLM’s output — if the response contains hallucinated data about your tokens, that’s still hallucination. Ground your prompts with retrieval where possible.
- Does not replace data governance — it’s one layer in a broader data-protection programme. Combine with RBAC, audit logging, and encryption.
Pricing
Per-token on the anonymization engine (€0.10 / 1M tokens for Modes 1 & 2). In Mode 1, the LLM provider’s cost is passed through at their public rate — no markup from us. Mode 3 is an annual licence.
Full detail on the API pricing page.