Built for the AI compliance era · Shipping May 15, 2026
Sether hides personal data from your AI.
A streaming redaction layer between your app and any LLM provider — OpenAI, Anthropic, Bedrock, Gemini, your own fine-tunes. Pipe outgoing text through redact() and the return stream through restore() so emails, phones, cards, SSNs, IBANs, and IPs are tokenised before they cross your boundary, then swapped back for the user. The browser sandbox below also previews heuristic "name" tagging (NER ships in 0.2).
npm install @raeven-co/sether · MIT licensed · zero vendor lock-in
Live sandbox
Paste anything. Watch Sether redact it before it would reach the LLM.
Same detection logic as @raeven-co/sether, running entirely in your browser. Your test data never leaves your device. Detectors marked PRO are heuristic previews — production-grade NER ships in 0.2. Try the server playground to run the npm package's streaming redact → restore on our API (256 KB cap).
In production: pipe your streams.
Streaming-native. Chunk-boundary safe. ReDoS-checked. Pair with your own logging — automated regulation-tagged audit export is on the hosted roadmap.
import { Sether } from '@raeven-co/sether';
import { Readable } from 'node:stream';
const sether = new Sether();
const safeForLLM = Readable
.from(['my email is alice@example.com'])
.pipe(sether.redact());
// … stream to your LLM client, then:
const safeForUser = responseStream.pipe(sether.restore());Wire streams, not vendor SDKs.
Today's npm package exposes Sether with .redact() and .restore() transforms. Pipe any text stream through them on the way to and from your LLM client — OpenAI, Anthropic, Bedrock, or anything else that speaks HTTP. Drop-in SDK wrappers are on the roadmap (0.2). Run a round-trip on our server.
- ✓ Chunk-boundary safe streaming
- ✓ TypeScript-first, dual ESM/CJS
- ✓ Built-in detector pack + your own
Detectors - ✓ Token vault stays in your process (pluggable
Vault)
import { Sether } from '@raeven-co/sether';
import { Readable } from 'node:stream';
async function streamToString(stream: NodeJS.ReadableStream) {
let out = '';
for await (const chunk of stream) out += chunk.toString();
return out;
}
const sether = new Sether();
const original = 'Contact alice@example.com or call +1 415 555 2671.';
const redacted = await streamToString(
Readable.from([original]).pipe(sether.redact()),
);
const restored = await streamToString(
Readable.from([redacted]).pipe(sether.restore()),
);
console.log(restored === original); // trueYou shipped LLM features. Compliance shipped with them — whether you noticed or not.
Forwarding a customer's email to any LLM provider without sub-processor disclosure is a violation. Max fine: 4% of global annual revenue.
Phase 2 enforcement begins August 2026. Undocumented high-risk AI flows trigger penalties up to 7% of global revenue.
Auditors now require demonstrable controls on personal data at sub-processor boundaries. No controls = audit finding = lost enterprise deals.
The fines aren't hypothetical. The first GDPR enforcement actions specifically tied to AI flows landed in 2025. Your audit committee, your board, and your cyber insurance underwriter all now ask about it. Two years ago they didn't.
How it works
From npm install to streaming redaction in under an hour.
Install
npm install @raeven-co/sether — runs in your Node process. No separate gateway required for the open-source build.
Pipe
Attach sether.redact() to outbound text and sether.restore() to inbound text from the same Sether instance. Built-in detectors cover email, phone, cards, SSN, IBAN, IPv4/IPv6.
Restore
The in-process vault maps tokens back to originals so users see real values again. Chunk-safe across SSE and long responses — verified by property-based tests.
Architecture
Your data stays in your infrastructure.
Tokens map back to originals through a Vault. The default is an in-memory LRU with TTL — fine for single-process paths. Implement the Vault interface yourself when you need Redis, Postgres, or shared state across workers. Nothing in this OSS package sends your streams to Raeven.
- ✓ Redacted text is what crosses the wire to the model
- ✓ Pluggable
Vault— memory included - ✓ Same engine as the browser sandbox and server playground
- ✓ Hosted tier roadmap: DPA, retention policies, SIEM export
Use cases
Built for AI compliance. Generalizes to anything sensitive.
Sether's primitives — detect, tokenise, restore — apply anywhere you move sensitive text across a trust boundary. AI compliance is the headline; the same code paths work for listings, logs, and support tooling when you wire the streams yourself.
AI compliance
Sit between your app and any LLM provider — OpenAI, Anthropic, Bedrock, Gemini, your own fine-tunes. Tokenise structured personal data in the outbound stream so providers only see placeholders, then restore for the user on the way back. You keep evidence of what crossed the boundary in your own logs and policies.
NDA-bound listings
Job boards and marketplaces often need to publish enough detail for matching without leaking client identities. Use the same redact / restore primitives to tokenise emails, phones, and account identifiers in copy before it is public — then restore only inside authenticated flows you control.
Log sanitization
The same streaming transforms can scrub structured identifiers (email, phone, IBAN, IP, SSN patterns) from log lines before they hit Datadog, Splunk, or Sentry. High-entropy secret keys are on the detector roadmap (0.2).
Pricing
Anchored below what you already pay OpenAI.
The OSS is free forever. Hosted tiers start at $5/mo — a quarter of ChatGPT Plus — because a security layer should never cost more than the thing it secures.
OSS
Self-host. MIT licensed. No limits.
- ✓ Unlimited redactions (your infra)
- ✓ Core detector pack
- ✓ In-memory vault
- ✓ Community support on GitHub
Indie
A quarter of ChatGPT Plus. For solo devs.
- ✓ 100K hosted redactions / mo (roadmap)
- ✓ All OSS detectors + hosted NER (roadmap)
- ✓ 7-day audit log (roadmap)
- ✓ Email support
- ✓ 1 seat
Team
Still under ChatGPT Plus. For shipping startups.
- ✓ 2M hosted redactions / mo
- ✓ Custom detectors
- ✓ 30-day audit log + export
- ✓ DPA included
- ✓ 5 seats
Business
Compliance-grade. SOC2 / SSO / BAA.
- ✓ Unlimited redactions
- ✓ SSO + SAML
- ✓ 1-year audit retention
- ✓ SOC2 / GDPR / HIPAA reports
- ✓ BAA + SLA
- ✓ Dedicated support
Annual saves 20%. Need self-hosted Enterprise with BAA + SLA? Talk to us.
Compliance + security
Built for the buyer who has to defend it in the audit.
Designed for evidence-minded teams.
The open-source library gives you deterministic streaming redaction and provable round-trips — the technical foundation compliance questions keep coming back to. Tagged exports mapped to GDPR / SOC 2 / HIPAA control matrices land with the hosted Pro tier; today you own the logging story in your own SIEM.
Open source.
The core library is MIT licensed on GitHub. Read the code. Fork it. Audit it. The hosted version is what you pay for — not lock-in.
Sether maps controls to these frameworks. Independent SOC 2 Type 1 attestation in progress (Q3 2026).
Frequently asked
Questions buyers actually ask.
What is 'PII'?
Many teams use the term PII — personally identifiable information. If the acronym does not resonate with yours, think personal data: names, emails, phone numbers, payment details, and anything that could identify a real person. Sether tokenizes those values before they reach the model.
Why not just use Microsoft Presidio?
Great if you have a Python team and need batch processing. Sether is streaming-native and TypeScript-first — built for the JS/TS stack the AI dev community actually uses. Often complementary; not directly competitive.
Why not just write our own regex?
You can — and we won't pretend the basic detection is hard. The 80% you'd own forever (audit log retention, SOC2 control mapping, EU AI Act tracking, DPA templates, cross-customer threat updates) is the part nobody wants to maintain. We've eaten that pain.
Where does my data actually live?
With the npm package, streams are processed inside your Node process. The default MemoryVault keeps token→value mappings in RAM for that process; implement the Vault interface when you need shared or durable storage. This marketing site's server playground runs Sether only to handle your pasted sample in that request — it is not a substitute for your own security review.
How fast is integration?
Most teams wire Readable streams through redact() and restore() in an afternoon. Drop-in Express / fetch / OpenAI SDK helpers are on the 0.2 roadmap so you can skip some boilerplate.
What happens if Sether goes out of business?
Worst case, you fork the OSS core — it's MIT licensed and the npm package is yours forever. Best case, we keep shipping. Either way, no vendor lock-in by design.
When will you have SOC2?
Type 1 in progress, expected Q3 2026. Type 2 follows ~6 months later. Controls documentation available on request in the meantime.
Can I use Sether for non-AI use cases like marketplace NDA redaction?
Yes — the OSS primitives are plain text transforms. You can tokenise emails, phones, IBANs, IPs, and similar patterns in listings or logs, then restore only where your app authorises it. Heuristic name tagging in the browser sandbox is a preview only (NER ships in 0.2). A hosted dashboard for conditional policies is on the roadmap; today you implement policy in your own code.
Ship AI features. Pass the audit. Sleep at night.
Install the OSS in minutes. Join the list for hosted trials and onboarding — we never share your email.
npm install @raeven-co/sether