Staff at fiduciaries, law firms, and accounting practices handle personally identifiable information every day: client names, AVS numbers, IBANs, case references, addresses. The appeal of public tools like ChatGPT or Claude is obvious — drafting, summarising, rephrasing — but pasting a client letter into a public interface sends that data to cloud infrastructure outside your control.

Context: generative AI and client data

In Switzerland, the nLPD (revised Federal Act on Data Protection) requires transparency, proportionality, and accountability. Many teams are stuck: they want AI, but compliance says no.

The SME dilemma

Banning AI breeds shadow IT. Allowing plain-text ChatGPT exposes client data. Manual anonymisation does not scale on long files. A third path is needed.

  • Copy-paste into ChatGPT — no guarantee on where data goes or how it is reused.
  • Total AI ban — staff work around policy or lose productivity.
  • Manual anonymisation — tedious, incomplete, and unsustainable on long files.

The concept: a privacy gateway

aiproxy is an internal proxy built by d-side solutions: a familiar chat interface (Claude- or ChatGPT-like) backed by a local anonymisation pipeline. Only pseudonymised text leaves Swiss infrastructure for the Claude API (Anthropic). The user then reads a reply where names and references have been automatically restored.

Technical positioning

This is not a self-hosted LLM. It is a data protection layer between your team and a capable cloud model — with local PII detection (Microsoft Presidio), prompt review before sending, and token re-mapping in the response.

The five-step flow

aiproxy diagram: Chat, local Presidio anonymisation, prompt review, Claude, and token re-mapping — Swiss hosting
The aiproxy flow: only pseudonymised data leaves Swiss infrastructure for Claude. The token → original value mapping stays on the server.

1) Chat — familiar interface

The user converses in a web interface (browser only, zero install). Session history, Markdown rendering, demo scenarios to test behaviour on fictitious legal or accounting cases.

2) Anonymisation — Presidio locally

On each message, text is analysed on the Swiss VPS by Microsoft Presidio coupled with spaCy (large models for fr/en/de/es). Detected entities are replaced with indexed tokens. The token → original value mapping stays server-side.

Fictitious example

Before: "Mr Jean Dupont, AVS 756.1234.5678.90, case FR.2024.123, resides in Fribourg."

After: "Mr <PERSONNE_1>, AVS <AVS_1>, case <DOSSIER_1>, resides in Fribourg."

3) Prompt review — transparency before sending

The nLPD transparency panel shows the exact text that will be sent to Claude, the list of detected entities and their tokens. The user can remove an anonymisation deemed excessive (× on an entity) — explicit consent before original data reaches the LLM.

4) Send — validated text only

After validation, only the pseudonymised prompt is sent to the Claude API. Conversation history stored server-side also remains anonymised. No raw documents or unmasked personal data transit to Anthropic.

5) Response mapping — readable answer

Claude is instructed to reuse tokens verbatim in its reply. aiproxy then replaces <PERSONNE_1>, <AVS_1>, etc. with original values. The transparency panel shows how many tokens were remapped.

Video demo

The video below walks through the full pipeline on a fictitious case: entering a message with personal data, Presidio anonymisation, prompt review, sending to Claude, and response re-mapping. (French audio.)

aiproxy demonstration — local anonymisation, prompt review, and re-mapped response (fictitious data).

You can also try the pipeline live at aiproxy.d-side.pro. The interactive review step with selective de-anonymisation per entity is part of the production roadmap.

Presidio and Swiss recognizers

Presidio provides entity detection (NER, patterns, context). d-side extended the engine with Swiss domain recognizers and filtering for legal false positives (e.g. art. 336 CO must not be masked as a location).

Entity Token Example
Person<PERSONNE_N>Jean Dupont
AVS number<AVS_N>756.1234.5678.90
IBAN CH<IBAN_N>CH93 0076 2011 6238 5295 7
IDE number<IDE_N>CHE-123.456.789
Case / file ref.<DOSSIER_N>FR.2024.123
Phone<TEL_CH_N>+41 26 123 45 67
Company<ENTREPRISE_N>Dupont SA
Email<EMAIL_N>client@example.ch

Multilingual detection (French, German, English, Spanish) via Lingua before Presidio analysis. Pilot stack: FastAPI, Docker, nginx, hosted on Infomaniak VPS in Switzerland.

nLPD transparency

The principle is not to hide anonymisation — it is to make it visible and controllable:

  • Transparency panel — text sent to Claude, detected language, badges per entity type.
  • Review before sending — no blind send; the user validates what leaves.
  • Processing in Switzerland — anonymisation and mapping on Swiss infrastructure.
  • Ephemeral sessions — in-memory mapping with TTL, no long-term history in MVP.

Who it is for

aiproxy targets Swiss SMEs that handle personal data and want to offer AI to their teams without compromising client confidentiality:

  • Fiduciaries and accounting practices
  • Law firms and legal practices
  • Any organisation blocked by internal policy on public AI tools

In summary

aiproxy combines a modern AI chat experience with local Presidio anonymisation, nLPD-compliant prompt review, and automatic response re-mapping — all hosted in Switzerland.

Your team gains productivity. Your client data does not leave in plain text for the cloud.

Want to try aiproxy with your team? Request a demo account on aiproxy.d-side.pro.

LD

Luc Demierre

Founder & IT Consultant — d-side solutions Sàrl, Bulle

Specialized in IT architecture, systems security and AI integration for Swiss SMEs. Founder of d-side solutions Sàrl since 2022.

Frequently asked questions

Where is d-side solutions based?
d-side solutions is located at Chemin du Carry 7, 1630 Bulle, in the canton of Fribourg, Switzerland. These case studies are written by our local team.
Do you take on projects in Bulle and Fribourg?
Yes. We support SMEs in the canton of Fribourg, the Gruyère region, and Romandy, as well as mandates across Switzerland.
Can we use AI on client files while staying nLPD-compliant?
Yes — if you control what leaves your infrastructure. aiproxy anonymizes personal data locally (Presidio + Swiss recognizers), shows the pseudonymized prompt before sending, and only transmits validated text to Claude. d-side solutions, based in Bulle (Fribourg), deploys and supports this solution for fiduciaries, law firms, and Swiss SMEs.