KPG

• 

  KYC Privacy Gateway

Inspiration

With the rapid adoption of generative AI, organisations are eager to leverage its power. But sensitive data often slips through prompts — NRICs, phone numbers, account details — creating massive risks of privacy leakage, identity theft, and regulatory fines. We wanted to build a solution that makes AI safer to use by design, not as an afterthought.

What it does

KYC Privacy Gateway (KPG) is a privacy firewall for AI systems. It detects and redacts PII from analyst prompts before they are sent to an AI model. It tokenises sensitive data, replacing it with safe placeholders to keep prompts usable. It allows analysts to search and summarise results securely, ensuring no PII is leaked. It maintains an audit trail, showing exactly what was redacted, tokenised, and anonymised.

In short: KPG prevents privacy leaks while still enabling powerful AI workflows.

How we built it

• Backend: Python + FastAPI, served with Uvicorn
  
• Frontend: React (Vite) with Lynx for cross-platform UI
  
• NLP: Hugging Face Transformers for PII detection (NER models)
  
• AI Processing: OpenAI API for summarisation and risk scoring
  
• Security: Tokenisation layer and optional integration with PETs (privacy-enhancing technologies) like homomorphic encryption
  

Challenges we ran into

• Tuning entity recognition models to correctly capture Singapore-specific identifiers like NRIC and account numbers
  
• Designing a smooth frontend workflow that feels intuitive for analysts, while still ensuring strong privacy checks
  
• Balancing speed vs. security — ensuring PII detection runs in real time without slowing down analysis
  
• Coordinating frontend and backend integration within the hackathon’s time constraints
  

Accomplishments that we're proud of

• Built a working end-to-end prototype within the hackathon timeframe
  
• Designed a privacy-first workflow that directly aligns with the hackathon’s Privacy Meets AI theme
  
• Created a clear audit trail system, making privacy protection transparent and verifiable
  
• Demonstrated how AI can be both powerful and safe with thoughtful design
  

What we learned

• How to combine NLP + privacy engineering effectively
  
• The importance of user transparency — audit logs and dashboards build trust
  
• How regulatory requirements (like PDPA, GDPR) can shape technical design decisions
  
• That even simple tokenisation + PII detection pipelines can dramatically reduce privacy risks
  

What's next for KPG

• Expand beyond text: integrate image redaction (faces, license plates, IDs)
  
• Multi-language support: adapt for regional identifiers beyond English
  
• Browser extension / API plugin: make KPG easy to integrate with existing AI tools
  
• Stronger PETs: integrate full homomorphic encryption for ultra-secure inference
  
• Deploy at scale: pilot with financial services, healthcare, and compliance teams
  

Built With

• docker
• fastapi
• javascript
• llm
• lynx
• node.js
• npm
• openai
• python
• react
• uvicorn