DDS Protect Architecture

Transparent Sidecar Proxy — Zero Data Egress

YOUR INFRASTRUCTURE Your App OpenAI Client DDS Protect Docker Container :8080 openai/privacy-filter 8 PII categories • 96% F1 50-200ms latency Audit Trail SQLite WAL Dashboard audit-viewer.html DATA FLOW DETAIL 1. Receive 2. Detect PII 3. Redact 4. Forward THIRD PARTY (INTERNET) OpenAI API /v1/chat/completions Anthropic Claude API HuggingFace model download ⚠ DATA EGRESS RISK Without DDS Protect, raw customer PII is sent to: OpenAI • Anthropic • Azure • third-party LLM providers GDPR fines up to €20M or 4% global revenue Docker Host (8GB+ RAM) raw PII sanitized (HTTPS) sanitized log event read one-time model download (~3GB) LLM response Legend PII Detection Sanitized Data LLM API Audit / DB Raw PII Flow Safe / Sanitized

Data Flow

  • • Raw request enters DDS Protect
  • • PII spans detected & redacted
  • • Redaction event logged to SQLite
  • • Sanitized request forwarded to LLM

Security Properties

  • • PII never leaves your infrastructure
  • • Detection model runs locally
  • • Audit trail is append-only
  • • No telemetry, no phone-home

Deployment

  • • Single Docker container
  • • One env var change to integrate
  • • CPU or GPU (CUDA/MPS)
  • • 8GB RAM, ~5GB disk

DDS Protect by Desmond Digital · Architecture Diagram v1.0 · Zero Data Egress by Design