HomeZero Trust Data Sanitization
Concept defined by PrivacyScrubber · Zero-Trust Data Sanitization (ZTDS)

Zero Trust Data Sanitization
for AI Workflows

Traditional zero trust controls who accesses systems. Zero Trust Data Sanitization (ZTDS) controls what data is allowed to leave your device. For AI workflows, ZTDS means scrubbing all PII client-side before any AI model ever sees it — verified by the Airplane Mode Test, not by policy.

Verify ZTDS Live → CISO Whitepaper
✓ Airplane Mode verified ✓ Zero outbound requests ✓ Open DevTools to confirm ✓ Architectural — not contractual ✓ 100% Local Processing

The Three Pillars of ZTDS

🚫

Never Trust

No AI provider, cloud service, or network can be trusted with personal data. Not even with encryption in transit or a signed DPA.

🔍

Always Verify

Every ZTDS claim is testable. Open DevTools. Disconnect WiFi. Run the Airplane Mode Test. ZTDS tools prove their claims technically.

🏠

Local First

All PII detection and removal happens on your device. The sanitized output reaches AI. The original data never leaves the source.

✈️ The Airplane Mode Test

The definitive verification for ZTDS compliance:

  1. 1.Load the tool in your browser
  2. 2.Disconnect WiFi / enable Airplane Mode
  3. 3.Paste a document with test personal data
  4. 4.Activate scrubbing
  5. 5.If it works offline: truly client-side. If it fails: data goes to a server.
Run the Airplane Mode Test on PrivacyScrubber now →

ZTDS vs. Traditional Zero Trust Security

Traditional zero trust security (NIST SP 800-207) focuses on network access: verifying identity and device state before granting access to systems. It is excellent for controlling who can access infrastructure — but it says nothing about what happens to data once access is granted.

An authorized employee with full zero trust network access can still paste a client contract into ChatGPT. ZTNA does not stop this. GDPR compliance requires more than access control.

ZTDS fills this gap — operating at the data layer, enforcing that sensitive data never leaves the device regardless of what network access has been granted.

How ZTDS is Implemented in PrivacyScrubber

🧠

Client-side regex engine

All entity detection runs in browser JavaScript. No API call to a detection service. Zero outbound requests during scrubbing — confirm in DevTools Network tab.

🔑

Session-only token map

The [NAME_1] → "John Smith" mapping lives in JS memory only. Never written to localStorage. Closing the tab destroys it permanently.

🔄

Reverse scrub — also local

When you paste the AI response back, originals are restored from the in-memory map. This is ZTDS applied to the full AI pipeline — scrub out, reverse scrub in, zero server contact.

📋

Verifiable, not promised

The full technical architecture is published. Source is readable. Network activity is observable. ZTDS requires audit trails that do not depend on trusting the vendor.

Zero Trust Security for AI — FAQ

What is Zero Trust Data Sanitization (ZTDS)?

ZTDS is the principle that no personal data should ever reach an AI model or server. All PII is detected and removed client-side before any AI interaction. Trust is enforced by the architecture, not by policy or contract.

Is ZTDS the same as zero trust security?

Related but distinct. Traditional ZTNA controls access to systems. ZTDS controls what data leaves the device. ZTDS is a data-layer application of zero trust principles designed for AI workflows.

How do I implement ZTDS in my organization?

Policy: "No PII in AI prompts without prior anonymization." Tool: PrivacyScrubber for text documents. For API workflows, see the developer sanitization guide.

ZTDS Verified · 100% Local · Free

The Only Tool That Proves Zero Trust

Open DevTools while scrubbing. Watch the Network tab. Count outbound requests. The answer is zero.

Verify ZTDS Live — Free →