Anoni
Download

Guide

GDPR and AI: anonymize before you prompt.

Pasting a document into an online AI is a data transfer. The GDPR applies. Anoni strips the personal data first, on your machine.

A prompt is processing

When you paste a contract, an email or a case file into an online AI, you send personal data to a third party. Names, addresses, phone numbers, a SIRET. That is a transfer, and the GDPR covers it. The provider becomes a processor. Most consumer plans give you no data processing agreement and no read on where the servers sit. The simplest fix is to not send the personal data at all.

What the CNIL says

In July 2025 the CNIL published its guidance on AI and the GDPR. The line is plain. Minimize the data you feed a model. Keep a legal basis. Know where the processing happens. Anonymizing before the prompt addresses the first point directly. If the document holds no personal data when it reaches the AI, there is far less to justify and far less to leak.

Minimize at the source

Data minimization is not a policy you write once. It is a habit at each step. Before a document leaves your hands, remove what the AI does not need to do its job. A model summarizing a contract does not need the client's real name. It needs the structure, the clauses, the figures. Anoni keeps those and swaps the identities for believable stand-ins, so the answer stays useful.

Why on-device is different

Anoni runs on your machine. The detection model and the rules read the file locally and never upload it. Online tools that anonymize in a browser tab still send your text to a server first. With Anoni the personal data is gone before anything reaches the network. The mapping back to your real data lives in an encrypted AES-256-GCM vault, on your machine, behind your passphrase.

Honest limits

Automatic detection helps. It does not replace a read-through. On our benchmark Anoni catches 89.0% of entities strict and avoids 99.0% of leaks, with 92.7% on OpenPII. Strong numbers, not certainty. On a sensitive document, check the result before you paste it anywhere. The tool helps. It does not decide for you.

These notes follow the CNIL recommendations on AI and the GDPR (July 2025). Download Anoni to try it. See the compliance answers your DPO expects, and the step-by-step guide to anonymizing before AI.