Sovereign-Sync: DPDP-Compliant Privacy Gateway

An open-source local proxy that uses high-speed C-filtering to redact PII from AI prompts, ensuring DPDP Act compliance.

Repository
Team Members
Nilambar Karmakar
Nilambar Karmakar
nilambar_karmakar
Description

🛡️ The Problem

In 2026, the adoption of GenAI is universal, but so is the risk of data leakage. Every time a user sends a prompt to a cloud-based LLM (like OpenAI or Gemini), they risk exposing Personally Identifiable Information (PII) such as Aadhar numbers, PAN details, and financial records.

Under India's Digital Personal Data Protection (DPDP) Act 2023, businesses are now legally liable for these leaks. Small and Medium Enterprises (SMEs) lack the resources to build complex privacy layers, and existing tools are often proprietary or slow.

The Solution

Sovereign-Sync is an open-source, local-first proxy that acts as a "Privacy Shield." It sits between the user and the AI API.

  1. It intercepts the prompt.

  2. It masks sensitive data using a hybrid high-speed engine.

  3. It re-identifies the data when the AI's response returns, so the user experience remains seamless while the cloud provider only ever sees anonymized tokens.

🛠️ Technical Architecture

The project is built with a focus on performance and privacy:

  • High-Speed Filtering (The Shield): A low-level module written in C using the PCRE2 library. This allows for near-instantaneous scanning of deterministic patterns (Aadhar, PAN, Phone numbers) with minimal CPU overhead.

  • Contextual Intelligence (The Brain): A Python (FastAPI) layer that utilizes Named Entity Recognition (NER) via Microsoft Presidio to detect "fuzzy" PII like names and addresses that don't follow a fixed pattern.

  • In-Memory Vault: Uses a secure, local-only mapping system to ensure that the relationship between a "token" (e.g., [PERSON_1]) and the "real data" (e.g., Rahul Sharma) never leaves the local machine.

🌍 Real-World Impact & Localization

  • DPDP Compliance: Specifically designed to help Indian fiduciaries meet Section 4 and Section 8 of the DPDP Act.

  • Cost-Effective Security: Provides a professional-grade security layer for small and medium enterprises (SMEs) as a free, open-source tool.

  • Zero-Trust: No data is logged or stored on any server; once the session ends, the vault is cleared.

Issues & PRs Board
No issues or pull requests added.