Privacy Mode
BetaJanusLM can anonymize documents locally before any data reaches the AI agent, so that no personally identifiable information ever leaves your machine.
When privacy mode is active, the ingest workflow changes: instead of placing files in raw/, you place them in maskzone/. A UserPromptSubmit hook intercepts every prompt, detects pending files in maskzone/, and runs a local PII detection model before the agent sees anything.
How it works
The model identifies names, emails, phone numbers, dates, addresses, URLs, account numbers, and secrets — replacing each with a category placeholder ([NAME], [EMAIL], [PHONE], etc.). The anonymized text is written to raw/ as a clean markdown file. Originals stay in maskzone/ — you remove them when you're ready. By the time the agent starts processing, it only ever sees the redacted version.
try it
“Enable privacy mode and ingest this confidential report”
Detection model
The detection model is OpenAI Privacy Filter, released under the Apache 2.0 license. It runs entirely on-device via ONNX Runtime — no API calls, no cloud processing, no data transmitted externally. Model weights are cached locally in ~/.cache/huggingface/ after the first download.
Setup
Installs the required Python dependencies, downloads the model, runs a test inference to verify detection accuracy, and sets the can_anonymize_pii flag — all automatically after user confirmation.
Just flip the flag; dependencies and model stay cached for instant reactivation with no re-download.
Privacy mode comparison
| What changes | Privacy mode OFF | Privacy mode ON |
|---|---|---|
| Document entry point | raw/ | maskzone/ |
| PII handling | None — agent sees full text | Detected and replaced before agent access |
| Original files | Preserved in raw/ | Kept in maskzone/ — user removes manually |
| Agent visibility | Full document content | Redacted text only — no PII exposure |
Activation
Activate with /privacy-mode or in natural language — “enable privacy mode”, “anonymize everything”, “don't send data externally”. Disable the same way — dependencies stay cached, ready for instant reactivation.
Claude Code only
Privacy mode currently requires Claude Code. The anonymization pipeline relies on a UserPromptSubmit hook that runs deterministic Python code before each prompt — a mechanism specific to Claude Code's hook system. Other agents can read the wiki and run all other workflows normally, but the automatic pre-prompt anonymization is not available outside Claude Code.
Disclaimer
Privacy mode is a best-effort convenience layer. The underlying model may miss, misclassify, or only partially redact certain PII — especially in non-English text, domain-specific jargon, or unconventional formats. This feature does not replace enterprise-grade Data Loss Prevention (DLP) systems, data classification policies, or dedicated anti-exfiltration controls. If your organization handles regulated data (GDPR, HIPAA, PCI-DSS, etc.), treat privacy mode as an additional safeguard, not as your primary line of defense.