DSGVO-konformes Erkennen und Ersetzen von PII in LLM-Prompts

These details have been verified by PyPI

Project links

GitHub Statistics

Maintainers

xtremebyte

These details have not been verified by PyPI

Project description

privacy-guard

DSGVO/GDPR-konforme PII-Anonymisierung für LLM-Workflows.

privacy-guard erkennt personenbezogene Daten zuverlässig in deutschem Text, ersetzt sie durch stabile Platzhalter und ermöglicht eine saubere Rückführung nach der Verarbeitung. Kein ML-Inference-Overhead zur Laufzeit für die meisten Detektoren, klare Ergebnisse, API-ready.

privacy-guard hero

Highlights

🔒 Compliance-first: Schutz sensibler Daten vor externen LLMs
⚡ Runtime-freundlich: Regex/Regel-Detektoren ohne schweren Inference-Stack
🔁 Deterministisch: stabile Platzhalter plus verlustfreie Rückführung
🐳 Deploy-ready: Python Package und FastAPI/Docker sofort nutzbar

Warum privacy-guard?

Schützt sensible Daten vor dem Versand an externe Modelle
Ersetzt PII durch deterministische Platzhalter wie [NAME_1], [IBAN_1]
Stellt Originalwerte mit ScanResult.restore() wieder her
Löst überlappende Treffer mit Prioritätslogik (z. B. SECRET > IBAN > SOCIAL_SECURITY > EMAIL > ...)
Unterstützt Python-Package und FastAPI/Docker-Betrieb

Erfasste PII-Typen

Typ	Beispiel	Methode
`NAME`	`Dr. Anna Schmidt`	spaCy NER (`de_core_news_sm`)
`IBAN`	`DE89 3704 0044 0532 0130 00`	Regex + ISO-7064-Prüfziffer
`CREDIT_CARD`	`4111 1111 1111 1111`	Regex + Luhn-Algorithmus
`PERSONAL_ID`	`C22990047`	Regex — Personalausweis & Reisepass (gleiches Format)
`SOCIAL_SECURITY`	`12 345678 X 123`	Regex — Rentenversicherungsnummer
`TAX_ID`	`12 345 678 903`	Regex + mod-11-Prüfziffer (§ 139b AO)
`PHONE`	`+49 89 12345678`	Regex — DACH-Formate
`EMAIL`	`kontakt@example.de`	Regex
`ADDRESS`	`Hauptstraße 12, 79100 Freiburg`	Regex aus Daten-Dateien
`SECRET`	AWS-Key, GitHub-PAT, …	100+ Musterregeln (TOML)
`URL_SECRET`	`?token=abc123def456`	Regex — Query-Parameter-Werte

Priorität bei überlappenden Treffern: SECRET = URL_SECRET > IBAN = CREDIT_CARD = SOCIAL_SECURITY > PERSONAL_ID = TAX_ID = EMAIL > PHONE > ADDRESS > NAME

Personen des öffentlichen Lebens werden per interner Whitelist (~1 000 Einträge) standardmäßig nicht maskiert.

Installation

Python Package

pip install privacy-guard-scanner

Für den Namensdetektor wird ein spaCy-Modell benötigt:

pip install "de_core_news_sm @ https://github.com/explosion/spacy-models/releases/download/de_core_news_sm-3.8.0/de_core_news_sm-3.8.0-py3-none-any.whl"
# oder:
python -m spacy download de_core_news_sm

API-Stack lokal

pip install -e ".[api]"
uvicorn api.main:app --reload --port 8000

Quickstart (Python)

from privacy_guard import PrivacyScanner

scanner = PrivacyScanner()

result = scanner.scan(
    "Bitte überweise 500 EUR an Hans Müller, "
    "IBAN DE89 3704 0044 0532 0130 00. "
    "Rückfragen an h.mueller@example.de oder +49 89 123456."
)

print(result.anonymised_text)
# Bitte überweise 500 EUR an [NAME_1], IBAN [IBAN_1]. Rückfragen an [EMAIL_1] oder [PHONE_1].

print(result.mapping)
# {'[NAME_1]': 'Hans Müller', '[IBAN_1]': 'DE89 3704 0044 0532 0130 00', ...}

llm_answer = "Vielen Dank, [NAME_1]. Die Daten zu [IBAN_1] sind verarbeitet."
print(result.restore(llm_answer))
# Vielen Dank, Hans Müller. Die Daten zu DE89 3704 0044 0532 0130 00 sind verarbeitet.

Scanner konfigurieren

from privacy_guard import PiiType, PrivacyScanner

scanner = PrivacyScanner(extra_whitelist_names=["Erika Musterfrau"])
scanner.disable_detector(PiiType.NAME)
scanner.enable_detector(PiiType.NAME)

result = scanner.scan("Kontakt: erika@example.de")

Nur bestimmte Findings auswerten:

from privacy_guard import PiiType

secrets = [f for f in result.findings if f.pii_type == PiiType.SECRET]
for finding in secrets:
    print(finding.rule_id, finding.text, finding.confidence)

REST API (Docker)

docker run -p 8000:8000 noxway/privacy-guard:latest

Alternativ via Compose:

docker compose up

Endpunkte

Methode	Pfad	Beschreibung
`GET`	`/health`	Liveness-Check
`POST`	`/scan`	Vollständiger Scan (Findings + Mapping + anonymisierter Text)
`POST`	`/anonymize`	Nur anonymisierten Text zurückgeben

Request-Body

{
  "text": "Hans Müller, IBAN DE89370400440532013000",
  "detectors": ["IBAN", "EMAIL"],
  "whitelist": ["Hans Müller"]
}

Beispiel mit `curl`

curl -X POST http://localhost:8000/scan \
  -H "Content-Type: application/json" \
  -d '{"text": "Kontakt: hans@example.de, IBAN DE89370400440532013000", "detectors": ["EMAIL", "IBAN"]}'

API-Konfiguration

Variable	Standard	Bedeutung
`API_KEY`	leer	Wenn gesetzt, muss `X-API-Key` mitgesendet werden
`CORS_ORIGINS`	`*`	Kommagetrennte Origins, z. B. `https://app.example.com`

Beispiel:

services:
  api:
    image: noxway/privacy-guard:latest
    ports:
      - "8000:8000"
    environment:
      API_KEY: my-secret-key
      CORS_ORIGINS: https://app.example.com

Roadmap-Ideen

Verbesserte Entitäten-Erkennung für Adressen in DACH-Varianten
Optionales Audit-Logging für Compliance-Reports
Erweiterte Mehrsprachigkeit über Deutsch hinaus
Prüfziffernvalidierung für Personalausweis/Reisepass

Lizenz

MIT. Details in LICENSE.

Project details

These details have been verified by PyPI

Project links

GitHub Statistics

Maintainers

xtremebyte

These details have not been verified by PyPI

Release history Release notifications | RSS feed

1.1.0

Mar 11, 2026

1.0.7

Feb 27, 2026

1.0.6

Feb 27, 2026

This version

1.0.3

Feb 26, 2026

1.0.2

Feb 26, 2026

1.0.1

Feb 26, 2026

0.2.0

Feb 25, 2026

0.1.0

Feb 24, 2026

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

privacy_guard_scanner-1.0.3.tar.gz (29.8 kB view details)

Uploaded Feb 26, 2026 Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

The dropdown lists show the available interpreters, ABIs, and platforms. Enable javascript to be able to filter the list of wheel files.

privacy_guard_scanner-1.0.3-py3-none-any.whl (37.1 kB view details)

Uploaded Feb 26, 2026 Python 3

File details

Details for the file privacy_guard_scanner-1.0.3.tar.gz.

File metadata

Download URL: privacy_guard_scanner-1.0.3.tar.gz
Upload date: Feb 26, 2026
Size: 29.8 kB
Tags: Source
Uploaded using Trusted Publishing? Yes
Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for privacy_guard_scanner-1.0.3.tar.gz
Algorithm	Hash digest
SHA256	`7d368c83a95b9624f3526581163eda6feafed1bd1b81928d34973cd51b574ee3`
MD5	`f78e2c4febaddd57394281ef626c6a9d`
BLAKE2b-256	`1825e1078f19ce53c81cb44431bb49bf2edf6f7a95335216866301fcf71580c1`

See more details on using hashes here.

Provenance

The following attestation bundles were made for privacy_guard_scanner-1.0.3.tar.gz:

Publisher: release.yml on adrian-lorenz/privacy-guard

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Statement:
- Statement type: https://in-toto.io/Statement/v1
- Predicate type: https://docs.pypi.org/attestations/publish/v1
- Subject name: privacy_guard_scanner-1.0.3.tar.gz
- Subject digest: 7d368c83a95b9624f3526581163eda6feafed1bd1b81928d34973cd51b574ee3
- Sigstore transparency entry: 999990292
- Sigstore integration time: Feb 26, 2026
Source repository:
- Permalink: adrian-lorenz/privacy-guard@02b3c0cf0b7632f914a51b9d8577df0684779ff4
- Branch / Tag: refs/heads/main
- Owner: https://github.com/adrian-lorenz
- Access: public
Publication detail:
- Token Issuer: https://token.actions.githubusercontent.com
- Runner Environment: github-hosted
- Publication workflow: release.yml@02b3c0cf0b7632f914a51b9d8577df0684779ff4
- Trigger Event: workflow_dispatch

File details

Details for the file privacy_guard_scanner-1.0.3-py3-none-any.whl.

File metadata

Download URL: privacy_guard_scanner-1.0.3-py3-none-any.whl
Upload date: Feb 26, 2026
Size: 37.1 kB
Tags: Python 3
Uploaded using Trusted Publishing? Yes
Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for privacy_guard_scanner-1.0.3-py3-none-any.whl
Algorithm	Hash digest
SHA256	`f620cca158ed099888de9d4512891349ece37882679e7cdeb9ef3271770d7055`
MD5	`fc0f60c842b525c0c72d012c78c5ce88`
BLAKE2b-256	`9d5c1f544554e81cdc564dd329b7b99703f5781e88d6cab7ac1e3f5d2fdee157`

See more details on using hashes here.

Provenance

The following attestation bundles were made for privacy_guard_scanner-1.0.3-py3-none-any.whl:

Publisher: release.yml on adrian-lorenz/privacy-guard

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Statement:
- Statement type: https://in-toto.io/Statement/v1
- Predicate type: https://docs.pypi.org/attestations/publish/v1
- Subject name: privacy_guard_scanner-1.0.3-py3-none-any.whl
- Subject digest: f620cca158ed099888de9d4512891349ece37882679e7cdeb9ef3271770d7055
- Sigstore transparency entry: 999990297
- Sigstore integration time: Feb 26, 2026
Source repository:
- Permalink: adrian-lorenz/privacy-guard@02b3c0cf0b7632f914a51b9d8577df0684779ff4
- Branch / Tag: refs/heads/main
- Owner: https://github.com/adrian-lorenz
- Access: public
Publication detail:
- Token Issuer: https://token.actions.githubusercontent.com
- Runner Environment: github-hosted
- Publication workflow: release.yml@02b3c0cf0b7632f914a51b9d8577df0684779ff4
- Trigger Event: workflow_dispatch

privacy-guard-scanner 1.0.3

Navigation

Verified details

Project links

GitHub Statistics

Maintainers

Unverified details

Meta

Classifiers

Project description

privacy-guard

Warum privacy-guard?

Erfasste PII-Typen

Installation

Python Package

API-Stack lokal

Quickstart (Python)

Scanner konfigurieren

REST API (Docker)

Endpunkte

Request-Body

Beispiel mit curl

API-Konfiguration

Roadmap-Ideen

Lizenz

Project details

Verified details

Project links

GitHub Statistics

Maintainers

Unverified details

Meta

Classifiers

Release history Release notifications | RSS feed

Download files

Source Distribution

Built Distribution

File details

File metadata

File hashes

Provenance

File details

File metadata

File hashes

Provenance

Beispiel mit `curl`