Skip to main content
The General Data Protection Regulation (GDPR) applies to all EU/EEA residents’ data, regardless of where your company is located. When you send personal data to AI providers like OpenAI or Anthropic, you’re transferring it to a third-party processor — often outside the EU. Blindfold solves this by tokenizing personal data in the EU region before it reaches any AI provider. The LLM only sees anonymized tokens like <Person_1> — never real names, emails, or addresses.

Key GDPR Requirements for AI Applications

Requirement: Only process the minimum personal data necessary for the purpose.Risk with AI: Sending full user messages to an LLM means the AI provider processes all personal data in the text — far more than necessary.With Blindfold: PII is replaced with tokens before the AI call. The LLM only receives what it needs to generate a useful response, without real personal data.
Requirement: Data collected for one purpose must not be used for another.Risk with AI: AI providers may log, train on, or analyze the personal data you send them.With Blindfold: Since only tokens reach the AI provider, there’s no real personal data to repurpose.
Requirement: Personal data transfers outside the EU/EEA require adequate safeguards (Schrems II ruling).Risk with AI: Most LLM providers (OpenAI, Anthropic) process data in the US, triggering Chapter V transfer rules.With Blindfold: Use the EU region (region="eu") — PII is tokenized on EU servers. Only anonymized tokens cross borders, which are no longer personal data under GDPR.
Requirement: Data subjects can request deletion of their personal data.Risk with AI: Data sent to AI providers may be retained in their logs and training data — deletion is impossible.With Blindfold: No real personal data reaches the AI provider. For your own records, use redact() to permanently remove PII.
Requirement: Formal agreements must exist between data controllers and processors.With Blindfold: Since tokenized data is no longer personal data, your DPA requirements with AI providers are simplified. Blindfold offers its own DPA — contact hello@blindfold.dev.

How Blindfold Maps to GDPR

GDPR ArticleRequirementBlindfold Feature
Art. 5(1)(c)Data minimizationTokenization removes PII before AI calls
Art. 5(1)(b)Purpose limitationAI provider never receives real data
Art. 17Right to erasureredact() permanently removes PII
Art. 25Data protection by designSDK-level PII protection in your pipeline
Art. 30Records of processingAudit logs track all PII operations
Art. 32Security of processingencrypt() with AES-256 for storage
Art. 44-49Cross-border transfersEU region ensures PII stays in Europe

EU Region + gdpr_eu Policy

Region Selection

Use the EU region to ensure personal data is processed on EU-based servers: 
from blindfold import Blindfold

client = Blindfold(
    api_key="your-api-key",
    region="eu",  # PII processed in the EU
)

What gdpr_eu Detects

The gdpr_eu policy covers all GDPR Article 4(1) personal data types:
Entity TypeExamples
PersonHans Mueller, Marie Dupont
Email Addresshans.mueller@example.de
Phone Number+49 170 1234567
AddressBerliner Str. 42, 10115 Berlin
IBANDE89 3704 0044 0532 0130 00
National ID NumberCountry-specific national IDs
Passport NumberC01X00T47
Tax IDCountry-specific tax identifiers
Date of Birth15/03/1985
Credit Card Number4532-7562-9102-3456
Bank Account NumberAccount numbers
IP Address192.168.1.100
Health Insurance NumberInsurance identifiers
Medical ConditionDiagnoses, symptoms

Code Examples

Tokenize Before Sending to OpenAI

The most common pattern: protect EU user data before any AI API call. 
from blindfold import Blindfold
from openai import OpenAI

blindfold = Blindfold(api_key="your-key", region="eu")
openai = OpenAI(api_key="your-openai-key")

user_message = (
    "Hi, my name is Hans Mueller and I need help with my subscription. "
    "My email is hans.mueller@example.de, IBAN DE89 3704 0044 0532 0130 00."
)

# Step 1: Tokenize PII in the EU
tokenized = blindfold.tokenize(user_message, policy="gdpr_eu")
# → "Hi, my name is <Person_1> and I need help with my subscription.
#    My email is <Email Address_1>, IBAN <IBAN_1>."

# Step 2: Send only tokens to OpenAI
completion = openai.chat.completions.create(
    model="gpt-4o-mini",
    messages=[{"role": "user", "content": tokenized.text}],
)
ai_response = completion.choices[0].message.content

# Step 3: Restore real values in the response
restored = blindfold.detokenize(ai_response, tokenized.mapping)
print(restored.text)

Right to be Forgotten (Article 17)

When a data subject requests deletion, use redact() to permanently remove their PII: 
# User requests data deletion under GDPR Art. 17
user_records = fetch_user_records(user_id)

for record in user_records:
    redacted = blindfold.redact(record.content, policy="gdpr_eu")
    update_record(record.id, redacted.text)
    # "Hans Mueller emailed about billing"
    # → "[REDACTED] emailed about billing"

# PII permanently removed — compliant with Right to be Forgotten

Batch Processing Support Tickets

Process multiple EU support tickets in a single API call: 
tickets = [
    "Customer Marie Dupont (marie.dupont@example.fr) reports billing issue.",
    "Jan Novak (jan.novak@example.cz) requests data export under GDPR Art. 15.",
    "Sofia Garcia, sofia.garcia@example.es, cannot access her account.",
]

# Tokenize all tickets at once
batch = blindfold.tokenize_batch(tickets, policy="gdpr_eu")

for i, result in enumerate(batch.results):
    print(f"Ticket {i+1}: {result['text']}")
    print(f"  PII removed: {result['entities_count']} entities")

Data Residency

When you use region="eu":
  • Processing: PII detection runs on EU-based servers at eu-api.blindfold.dev
  • No cross-border transfer: Personal data never leaves the EU during processing
  • Tokens are not personal data: The anonymized output (<Person_1>) can safely cross borders
  • Your API key works globally: No separate keys needed per region
See Regions for full details on data residency.

Audit Trail for DPAs

Every Blindfold API call is logged in your audit trail, providing documentation for Data Processing Agreements:
  • What was detected: Entity types and counts per request
  • When: Timestamp of every PII operation
  • Which policy: The detection policy used
  • Processing region: EU or US
Export audit logs from the Blindfold Dashboard for DPA compliance reviews.

Cookbook Example

For a complete, runnable GDPR + OpenAI integration, see the cookbook:

GDPR + OpenAI Python Example

Full working example with EU region, gdpr_eu policy, single queries, and batch ticket processing.

GDPR Compliance Checklist

Use this checklist when integrating Blindfold for GDPR compliance:
1

Use the EU region

Set region="eu" in your SDK client to ensure PII is processed in Europe.
2

Apply the gdpr_eu policy

Use policy="gdpr_eu" on all tokenize/redact/encrypt calls handling EU data.
3

Tokenize before AI calls

Always call blindfold.tokenize() before sending text to any LLM provider.
4

Implement Right to be Forgotten

Use blindfold.redact() to permanently remove PII when data subjects request deletion.
5

Sign a DPA with Blindfold

Contact hello@blindfold.dev to sign a Data Processing Agreement.
6

Review audit logs regularly

Export audit logs from the dashboard for compliance documentation.
7

Document your data flows

Record where PII enters your system, how it’s protected, and where anonymized data is sent.