Developer-first PII infrastructure

Ship faster.
Log everything.
Leak nothing.

Shroud is a drop-in HTTP API that scrubs PII, PHI and PCI data from arbitrary strings, JSON payloads, and log streams — before they hit your logs, your warehouse, or your LLM prompts. One endpoint, 28 detectors, sub-15 ms p95.

BEFORE
user@acme.com paid $9,432 with card 4111 1111 1111 1111 — MRN 8471293
↓ shroud.redact(…)
AFTER
[EMAIL] paid [AMOUNT] with card [CARD] — MRN [MRN]
How it works

Three tiers of detection in ~15 ms.

Tier 1 — Regex + checksums

Hand-tuned patterns for 28 categories, validated by Luhn, MRZ, IBAN mod-97 and friends. Handles 85 % of hits at 2 ms/KB. Written in Rust.

Tier 2 — Distilled classifier

A 60 MB distilled BERT catches contextual names, addresses, prescription narratives. 8 ms/KB on L4, 6× on CPU.

Tier 3 — Teacher pass

Opt-in audit against a larger model for high-stakes payloads. Adds ~180 ms. Off by default.

The 60-second integration

One SDK call. One HTTP round-trip.

# pip install shroud
from shroud import Client

shroud = Client(api_key="sk_live_…")
clean = shroud.redact("user@acme.com paid $9,432 with card 4111 1111 1111 1111")
# → "[EMAIL] paid [AMOUNT] with card [CARD]"
Pricing

Usage-based, developer-friendly.

Hobby

$0
  • 100 K chars/mo
  • Redact-only
  • Community support

Startup

$49 /mo
  • 5 M chars/mo
  • Redact + tokenize
  • Email support
  • One workspace

Team

$299 /mo
  • 50 M chars/mo
  • HIPAA BAA
  • SSO + SCIM
  • Audit export

Enterprise

Custom
  • Unmetered
  • VPC / on-prem
  • Custom detectors
  • DPA + BAA
Security

Built for teams the auditor takes seriously.

SOC 2 Type II

Type I complete Q1 2026. Type II audit in flight; expected Q4 2026.

HIPAA-ready

Business Associate Agreement available on Team tier and above.

Regional isolation

us-east / eu-central / ap-south. Payloads never cross regions.