PrismGuard

Inspiration

We noticed how easily personal information gets leaked when people chat with AI assistants. Users share phone numbers, addresses, even ID photos without realizing this data might be stored or processed by external services. We wanted to create a solution that lets people use AI freely while keeping their privacy intact.

What it does

PrismGuard sits between users and AI services, automatically detecting and removing sensitive information from both text and images before any external processing happens. For text: Our fine-tuned TinyBERT model detects names, phone numbers, addresses, and other PII, replacing them with safe placeholders. For images: YOLOv8 identifies faces, license plates, and ID documents, then blurs these regions using computer vision techniques. Users get the same AI experience, but their personal data never leaves the privacy layer.

How we built it

We created a microservices architecture with several components: Frontend: Next.js chat interface with image upload support Backend: FastAPI server using LangChain for AI orchestration Privacy Gateway: Central coordinator for all anonymization requests Text Guard: TinyBERT 4L-312D fine-tuned on the AI4Privacy dataset Vision Service: YOLOv8 model for face and license plate detection Storage: Supabase for chat history and secure file storage Everything connects through Docker containers with proper API boundaries.

Challenges we ran into

Model accuracy: Getting reliable PII detection across different text formats and image qualities took significant tuning. Performance: Processing images in real-time while maintaining chat responsiveness required careful optimization. Integration complexity: Connecting multiple AI services, storage systems, and privacy layers without breaking the user experience. Storage strategy: Figuring out what to store, what to delete, and how long to keep redacted versions for compliance.

Accomplishments that we're proud of

We built a working end-to-end system that actually protects privacy without sacrificing functionality.

What we learned

Privacy is complex: Different types of PII need different handling strategies. What works for names doesn't work for addresses or phone numbers.

Performance matters: Even the best privacy protection is useless if it makes the system too slow to use. Integration is everything: The technical challenge isn't just building the AI models, it's making them work seamlessly together.

What's next for PrismGuard

Voice and video support: Extend privacy protection to audio and video conversations. Custom privacy policies: Let organizations define their own PII detection rules and redaction levels. On-device processing: Move some privacy operations directly to user devices for maximum security. Compliance dashboard: Build management tools for GDPR, CCPA, and other privacy regulations. Open source release: Make core privacy components available for other developers to use and improve.