Open source · npm
The library
Three lines of TypeScript between your app and any LLM. Streaming-safe redact() → restore(), with a token vault you control. For builders.
npm install @raeven-co/setherOpen source · Live on npm · Now with a browser extension
Sether hides personal data from your AI.
Think Grammarly, but for the personal data you send to AI. Sether tokenises emails, phones, cards, names, and secrets before they reach any LLM (OpenAI, Anthropic, Gemini, your own), then restores them in the reply. Drop it into your code, add it to your browser, or route through the hosted gateway.
npm install @raeven-co/sether · MIT licensed · zero vendor lock-in
Customer supportBankingHealthcareRecruitingLegalSales / CRMDevOps logsE-commerce
Streaming-native
Server-Sent Events safe
TypeScript-first
Dual ESM + CJS · ~35 KB
134 tests passing
Property-based + ReDoS-checked
MIT licensed
No vendor lock-in
One engine · three ways
Keep personal data out of AI — wherever it flows.
The same open-source detection core, packaged for your code, your browser, and your infrastructure.
Free · Chrome
Sether Shield
For anyone who pastes into ChatGPT, Claude, or Gemini. It catches personal data in your prompt and scrubs it in one click. Changed your mind? One tap restores the original. 100% local, nothing leaves your browser. No code, no account.
Add to ChromeComing soon
The hosted gateway
Point your OpenAI or Anthropic SDK at one URL. Redaction, restore, and audit-ready logs — fully managed, or self-hosted in your own VPC. For teams.
Join the waitlistWire streams, not vendor SDKs.
Today's npm package exposes Sether with .redact() and .restore() transforms. Pipe any text stream through them on the way to and from your LLM client — OpenAI, Anthropic, Bedrock, or anything else that speaks HTTP. Drop-in SDK wrappers for fetch, Express, OpenAI, and Anthropic shipped in 0.2.0. Run a round-trip on our server.
- ✓ Chunk-boundary safe streaming
- ✓ TypeScript-first, dual ESM/CJS
- ✓ Built-in detector pack + your own
Detectors - ✓ Token vault stays in your process (pluggable
Vault)
import { Sether } from '@raeven-co/sether';
import { Readable } from 'node:stream';
async function streamToString(stream: NodeJS.ReadableStream) {
let out = '';
for await (const chunk of stream) out += chunk.toString();
return out;
}
const sether = new Sether();
const original = 'Contact alice@example.com or call +1 415 555 2671.';
const redacted = await streamToString(
Readable.from([original]).pipe(sether.redact()),
);
const restored = await streamToString(
Readable.from([redacted]).pipe(sether.restore()),
);
console.log(restored === original); // trueYou shipped LLM features. Compliance shipped with them — whether you noticed or not.
GDPRArticle 28
Forwarding a customer's email to any LLM provider without sub-processor disclosure is a violation. Max fine: 4% of global annual revenue.
EU AI ActArt. 10
Phase 2 enforcement begins August 2026. Undocumented high-risk AI flows trigger penalties up to 7% of global revenue.
SOC 2CC6.7
Auditors now require demonstrable controls on personal data at sub-processor boundaries. No controls = audit finding = lost enterprise deals.
The fines aren't hypothetical. The first GDPR enforcement actions specifically tied to AI flows landed in 2025. Your audit committee, your board, and your cyber insurance underwriter all now ask about it. Two years ago they didn't.
How it works
From npm install to streaming redaction in under an hour.
01
Install
npm install @raeven-co/sether — runs in your Node process. No separate gateway required for the open-source build.
02
Pipe
Attach sether.redact() to outbound text and sether.restore() to inbound text from the same Sether instance. Built-in detectors cover email, phone, cards, SSN, IBAN, IPv4/IPv6.
03
Restore
The in-process vault maps tokens back to originals so users see real values again. Chunk-safe across SSE and long responses — verified by property-based tests.
Architecture
Your data stays in your infrastructure.
Tokens map back to originals through a Vault. The default is an in-memory LRU with TTL — fine for single-process paths. Implement the Vault interface yourself when you need Redis, Postgres, or shared state across workers. Nothing in this OSS package sends your streams to Raeven.
- ✓ Redacted text is what crosses the wire to the model
- ✓ Pluggable
Vault— memory included - ✓ Same engine as the browser sandbox and server playground
- ✓ Hosted tier roadmap: DPA, retention policies, SIEM export
Use cases
Built for AI compliance. Generalizes to anything sensitive.
Sether's primitives — detect, tokenise, restore — apply anywhere you move sensitive text across a trust boundary. AI compliance is the headline; the same code paths work for listings, logs, and support tooling when you wire the streams yourself.
PRIMARY
AI compliance
Sit between your app and any LLM provider — OpenAI, Anthropic, Bedrock, Gemini, your own fine-tunes. Tokenise structured personal data in the outbound stream so providers only see placeholders, then restore for the user on the way back. You keep evidence of what crossed the boundary in your own logs and policies.
MARKETPLACES
NDA-bound listings
Job boards and marketplaces often need to publish enough detail for matching without leaking client identities. Use the same redact / restore primitives to tokenise emails, phones, and account identifiers in copy before it is public — then restore only inside authenticated flows you control.
OBSERVABILITY
Log sanitization
The same streaming transforms can scrub structured identifiers (email, phone, IBAN, IP, SSN patterns) from log lines before they hit Datadog, Splunk, or Sentry. The secrets pack — API keys plus high-entropy strings — shipped in 0.2.0.
Pricing
Anchored below what you already pay OpenAI.
The OSS is free forever. Hosted tiers start at $5/mo — a quarter of ChatGPT Plus — because a security layer should never cost more than the thing it secures.
OSS
Self-host. MIT licensed. No limits.
$0forever
- ✓ Unlimited redactions (your infra)
- ✓ Core detector pack
- ✓ In-memory vault
- ✓ Community support on GitHub
Indie
A quarter of ChatGPT Plus. For solo devs.
$5/mo
- ✓ 100K hosted redactions / mo (roadmap)
- ✓ All OSS detectors + hosted NER (roadmap)
- ✓ 7-day audit log (roadmap)
- ✓ Email support
- ✓ 1 seat
Most popular
Team
Still under ChatGPT Plus. For shipping startups.
$15/mo
- ✓ 2M hosted redactions / mo
- ✓ Custom detectors
- ✓ 30-day audit log + export
- ✓ DPA included
- ✓ 5 seats
Business
Compliance-grade. SOC2 / SSO / BAA.
Custom
- ✓ Unlimited redactions
- ✓ SSO + SAML
- ✓ 1-year audit retention
- ✓ SOC2 / GDPR / HIPAA reports
- ✓ BAA + SLA
- ✓ Dedicated support
Annual saves 20%. Need self-hosted Enterprise with BAA + SLA? Talk to us.
Compliance + security
Built for the buyer who has to defend it in the audit.
Designed for evidence-minded teams.
The open-source library gives you deterministic streaming redaction and provable round-trips — the technical foundation compliance questions keep coming back to. Tagged exports mapped to GDPR / SOC 2 / HIPAA control matrices land with the hosted Pro tier; today you own the logging story in your own SIEM.
Open source.
The core library is MIT licensed on GitHub. Read the code. Fork it. Audit it. The hosted version is what you pay for — not lock-in.
GDPRMapped
SOC 2Mapped
HIPAAMapped
EU AI ActMapped
Sether maps controls to these frameworks. Independent SOC 2 Type 1 attestation in progress (Q3 2026).
Frequently asked
Questions buyers actually ask.
What is 'PII'?
Many teams use the term PII — personally identifiable information. If the acronym does not resonate with yours, think personal data: names, emails, phone numbers, payment details, and anything that could identify a real person. Sether tokenizes those values before they reach the model.
Why not just use Microsoft Presidio?
Great if you have a Python team and need batch processing. Sether is streaming-native and TypeScript-first — built for the JS/TS stack the AI dev community actually uses. Often complementary; not directly competitive.
Why not just write our own regex?
You can — and we won't pretend the basic detection is hard. The 80% you'd own forever (audit log retention, SOC2 control mapping, EU AI Act tracking, DPA templates, cross-customer threat updates) is the part nobody wants to maintain. We've eaten that pain.
Where does my data actually live?
With the npm package, streams are processed inside your Node process. The default MemoryVault keeps token→value mappings in RAM for that process; implement the Vault interface when you need shared or durable storage. This marketing site's server playground runs Sether only to handle your pasted sample in that request — it is not a substitute for your own security review.
How fast is integration?
Most teams wire Readable streams through redact() and restore() in an afternoon. Drop-in Express / fetch / OpenAI SDK helpers are on the 0.2 roadmap so you can skip some boilerplate.
What happens if Sether goes out of business?
Worst case, you fork the OSS core — it's MIT licensed and the npm package is yours forever. Best case, we keep shipping. Either way, no vendor lock-in by design.
When will you have SOC2?
Type 1 in progress, expected Q3 2026. Type 2 follows ~6 months later. Controls documentation available on request in the meantime.
Can I use Sether for non-AI use cases like marketplace NDA redaction?
Yes — the OSS primitives are plain text transforms. You can tokenise emails, phones, IBANs, IPs, and similar patterns in listings or logs, then restore only where your app authorises it. The opt-in identity pack (0.3.0) also redacts label-anchored names, dates of birth, passport numbers, and addresses; free-text NER for unlabelled names in prose is on the roadmap. A hosted dashboard for conditional policies is on the roadmap; today you implement policy in your own code.
Ship AI features. Pass the audit. Sleep at night.
Install the OSS in minutes. Join the list for hosted trials and onboarding — we never share your email.
npm install @raeven-co/sether