When you type a query into most AI tools, everything you type goes to the cloud exactly as written. Your name, your company's name, your client's name, the dollar figures in your analysis, the case details you're researching — all of it transmitted to a third-party server, logged, potentially retained, and in some configurations, used to improve future models.
HammerLockAI's PII anonymizer intercepts your query before it leaves your device and strips the identifiers out. By the time your query reaches any cloud AI provider, the sensitive specifics have been replaced with generic placeholders. The model answers the anonymized query. The response comes back. HammerLockAI restores the original context locally. You see a complete, contextually accurate response — but the provider never saw your actual data.
This is what PII scrubbing before cloud transmission means in practice.
What Counts as PII
PII — Personally Identifiable Information — is the category of data that can identify a specific individual or organization. In the context of professional AI use, the relevant categories include:
Names. Personal names, company names, client names, opposing counsel, counterparties, executives. Any named entity that ties a query to a specific real-world person or organization.
Contact information. Email addresses, phone numbers, physical addresses. These are direct identifiers that can link a query to an individual even without a name.
Financial identifiers. Account numbers, specific dollar figures tied to named parties, invoice numbers, transaction identifiers.
Legal identifiers. Case numbers, docket identifiers, contract reference numbers, client matter numbers.
Medical identifiers. Patient identifiers, record numbers, diagnosis codes tied to named individuals.
Geographic specifics. Precise addresses, GPS coordinates, facility names that could identify a specific location or individual.
The common thread: data that, combined with the query's subject matter, would allow a provider to identify who the query is about.
How the Anonymization Pipeline Works
The anonymizer operates as a preprocessing layer between your input and the outbound API call. Here's the sequence:
Step 1: Entity detection. The anonymizer scans your query for named entities using a combination of pattern matching (for structured identifiers like emails and phone numbers) and named entity recognition (for names, companies, and locations). It builds a map of detected PII in the query.
Step 2: Substitution. Each detected entity is replaced with a generic placeholder. "Sarah Chen, CEO of Meridian Capital" becomes "Person A, CEO of Company A." "john.smith@acmecorp.com" becomes "email_1@domain.com." The query structure and meaning are preserved; the identifiable specifics are replaced.
Step 3: Placeholder mapping stored locally. The mapping between real values and placeholders is stored in your encrypted local vault — not transmitted anywhere. This mapping is what allows HammerLockAI to restore the original context in responses.
Step 4: Anonymized query transmitted. The scrubbed query — with all PII replaced by placeholders — is what gets sent to the AI provider. The provider sees a coherent, answerable question with generic entity references.
Step 5: Response restoration. When the provider's response returns, HammerLockAI applies the reverse mapping: placeholders are replaced with the original values. The response you see in your interface uses real names, companies, and identifiers — because the restoration happened locally before display.
What the Provider Actually Sees
To understand the protection this provides, it helps to see a concrete example.
Your query: "I need a summary of the compliance exposure for Nexus Biotech's Q3 FDA submission, specifically around Dr. Amanda Reyes' clinical trial data for their oncology pipeline."
After anonymization, the provider receives: "I need a summary of the compliance exposure for Company A's Q3 FDA submission, specifically around Person A's clinical trial data for their oncology pipeline."
The provider returns a response about compliance exposure, clinical trial data, and FDA submission requirements — all substantively correct and useful. HammerLockAI restores the specific names. You see a response that references Nexus Biotech and Dr. Reyes. The provider never did.
From a legal and compliance perspective, this matters significantly. You've obtained the analytical value of a frontier AI model without transmitting client-identifiable data to a third-party server. The attorney-client privilege analysis changes. The HIPAA risk profile changes. The fiduciary duty analysis changes.
What Anonymization Doesn't Cover
It's important to be clear about what the PII anonymizer does and doesn't do.
The anonymizer addresses the identity exposure problem — ensuring that queries can't be tied to specific named individuals or organizations by the provider. It does not make the subject matter of your query private. If you ask about a specific legal strategy, the general outlines of that strategy are still visible to the provider, even if the client's name isn't.
For queries where even the subject matter is sensitive — classified information, proprietary trade secrets, particularly sensitive strategic decisions — the right answer is local-only mode: run Ollama locally, disable cloud providers for that session, and ensure the query never leaves your device at all. HammerLockAI supports this configuration. The anonymizer is the second-best option when you need cloud-model capability but want to minimize identifier exposure.
The anonymizer also isn't perfect at detecting every possible PII pattern in every context. It's particularly strong on structured identifiers (emails, phone numbers) and common named entity types (personal names, company names). It's less reliable on highly domain-specific identifiers — internal codenames, proprietary system names, idiosyncratic organizational identifiers. Review queries containing unusual identifiers before sending if you have concerns.
Brave Search and PII Scrubbing
HammerLockAI's Brave-powered web search also runs through the PII anonymizer. Search queries are scrubbed before they leave your device, so Brave's search infrastructure never sees your name, your company, or your client's name associated with your search terms.
This applies to every search HammerLockAI initiates — inline citations, real-time research queries, document context lookups. The search provider sees anonymized queries. You see cited, accurate results with your real context restored.
The Local Vault: Where the Mapping Lives
The placeholder mapping — the key that maps generic substitutions back to real values — is stored in your encrypted local vault, protected by the same AES-256-GCM encryption as your conversations and uploaded documents. It's never transmitted, never stored on HammerLock servers, and is only accessible to someone who knows your encryption password.
This means the privacy guarantee is end-to-end: PII is stripped before transmission, the mapping that would allow reconstruction is locked on your device, and the response is reconstructed locally before you see it.
The provider has an anonymized query. You have the full context. Nobody in between has both.
HammerLockAI is built on a fork of OpenClaw, the open-source agentic AI runtime. View the source on GitHub →