Privacy Protection for AI â€” Works with Claude Desktop, Cursor, and Any MCP Tool

Connect your AI tools directly to anonym.legal via HTTP transport â€” just add a URL and API key. 48 languages, 6 anonymization operators, entity groups, presets, and personal encryption keys.

Get Started Free View Documentation

MCP Server

→ tool_call: anonymize_text

text: "Contact John Smith at john@acme.com"

lang: "en"

⟳ Analyzing... 2 entities found

├ PERSON → "John Smith" (0.97)

└ EMAIL → "john@acme.com" (0.99)

← "Contact <PERSON> at <EMAIL>"

✓ 2 entities anonymized (42ms)

The Hidden Risk in AI-Assisted Work

Every time you use ChatGPT, Claude, or Cursor, you might be sharing sensitive information. Most users don't realize their data is being sent to third-party AI providers.

Customer names and emails

Financial account numbers

Medical records and patient IDs

Trade secrets and proprietary data

Why Secure MCP Servers Matter — 2026 Research

8,000+

MCP servers publicly exposed

492

servers with zero authentication

36.7%

vulnerable to SSRF attacks

CVSS 8.8

CVE-2026-25253 severity

MCP servers that handle raw user prompts without PII filtering expose sensitive data to AI models and downstream tool calls. anonym.legal acts as a secure MCP gateway — anonymizing PII before it reaches any other MCP server, AI model, or external API.

How It Works: Automatic Protection

You Write Normally

With sensitive data

AI Tool

Cursor, Claude, etc.

anonym.legal MCP Server

1. Detect

Find sensitive info

2. Replace

Use placeholders

3. Store

Encrypted, temporary

AI Processes

Safe placeholders only

Restore Values

Original data back

The MCP Server acts as a privacy shield between your AI tools and sensitive data. AI never sees your real information.

What Gets Protected?

The system automatically detects and protects 285+ types of sensitive information

People

John Doe, Jane Smith, Dr. Williams

Emails

john@example.com, info@company.org

Phones

+1-555-1234, (555) 123-4567

Credit Cards

4532-1234-5678-9010

Addresses

123 Main Street, New York, NY

Dates

January 15, 2026, 01/15/2026

Medical Info

Patient ID, prescription numbers

Financial IDs

IBANs, Tax IDs, VAT numbers

Digital Identifiers

IP addresses, MAC addresses, URLs

And 40+ More Types

License plates, passport numbers, etc.

Key Benefits

Works with Claude Desktop, Cursor & All MCP Tools

HTTP transport â€” just add a URL and API key to your config. Works with Claude Desktop, Cursor, VS Code, and any MCP tool. No Node.js required.

6 Anonymization Operators

Choose the right method: Replace, Redact, Hash (SHA-256/512), Encrypt (AES-256), Mask, or Keep. Apply different operators per entity type.

Entity Groups & Presets

Use predefined groups (UNIVERSAL, FINANCIAL, DACH, FRANCE, NORTH_AMERICA) or create personal presets for consistent anonymization across sessions.

48 Languages Supported

Detects PII in English, German, French, Spanish, Chinese, Japanese, Arabic, and 41 other languages. RTL support included.

Personal Encryption Keys

Load your own AES-128/192/256 keys for encrypt operator. Decrypt anytime with your key. Keys stored securely in your account.

Session Management

Tokenization mode with session IDs for reversible anonymization. List, manage, and delete sessions. 24h or 30-day persistence options.

Works With Your Favorite AI Tools

HTTP transport â€” Claude Desktop, Cursor, any MCP tool

Cursor IDE

Available

Protect code secrets and sensitive data while coding with AI assistance via HTTP

Claude Desktop

Available

HTTP transport â€” add a URL and API key. No local setup required. Just add to claude_desktop_config.json

Continue (VS Code)

Available

Secure AI coding assistant integration directly in Visual Studio Code via HTTP

Cline (VS Code)

Available

AI-powered coding with automatic privacy protection via MCP HTTP

Any MCP Tool

Available

Streamable HTTP transport works with any MCP-compatible application

Setup in 2 Minutes

HTTP transport works for all clients â€” Claude Desktop, Cursor, and any MCP tool

Claude Desktop, Cursor & all MCP tools

Claude Desktop, Cursor, and any MCP tool:

1Get your API key from Settings â†’ API Access
2Open your MCP client configuration file
3Add URL https://anonym.legal/mcp with Authorization: Bearer YOUR_KEY
4Restart your AI tool â€” 7 privacy tools available!

claude_desktop_config.json / mcp.json

{
  "mcpServers": {
    "anonym-legal": {
      "type": "http",
      "url": "https://anonym.legal/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_API_KEY"
      }
    }
  }
}

No installation required:

1Get your API key from Settings â†’ API Access
2Add MCP server URL: https://anonym.legal/mcp
3Configure Authorization header with Bearer token
4Works instantly â€” no Node.js, no local server

mcp_config.json

{
  "mcpServers": {
    "anonym-legal": {
      "type": "http",
      "url": "https://anonym.legal/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_API_KEY"
      }
    }
  }
}

Use Cases

Software Development

Review code containing API keys, database credentials, and customer data without exposing secrets to AI providers.

Legal Firms

Anonymize client names, case numbers, and sensitive details when using AI to draft documents, ensuring attorney-client privilege.

Healthcare

Analyze patient notes and reports with AI assistance while keeping patient identities and medical records completely private.

Customer Support

Process customer inquiries with AI help while automatically protecting email addresses, phone numbers, and account details.

Finance

Use AI for report analysis while protecting account numbers, transaction details, and customer identities.

MCP Server vs Manual Redaction

Aspect	Manual Redaction	anonym.legal MCP
Speed	Minutes per document	< 1 second
Accuracy	Human error-prone	95%+ AI accuracy
Reversible	No - permanent	Yes - fully reversible
Maintenance	Constant vigilance	Automatic
Languages	One at a time	48 simultaneously
Integration	Copy/paste workflow	Seamless in your tools
Cost	Staff time	From â‚¬0/month

anonym.legal MCP vs. Unprotected MCP

Without a secure MCP server layer, raw PII flows into AI models and all downstream tool calls — including other MCP servers, APIs, and logs. anonym.legal anonymizes data before it leaves your environment.

Capability	Unprotected MCP Server	anonym.legal MCP
PII in AI prompts	Raw names, emails, SSNs sent to LLM	Anonymized tokens sent — originals never leave
Authentication	Often none (492 servers exposed, no auth)	Bearer token + rate limiting on every request
SSRF protection	36.7% vulnerable to SSRF (CVE-2026-25253)	SSRF allowlist enforced — no private IP access
Data to downstream MCPs	Raw PII forwarded to all connected tools	Anonymized before forwarding — zero PII leakage
GDPR / HIPAA compliance	Non-compliant — PII in AI training data risk	Compliant — PII stays encrypted, reversible only by you
Audit trail	No log of what PII was exposed	Session-based tokens with full detokenization audit
Multilingual PII detection	English-only or no detection	285+ entity types across 48 languages

Claude Code — Automatic PII Hook

Anonymize every prompt automatically — zero manual steps

The Claude Code hook intercepts every prompt before it reaches Claude, strips PII with the MCP server, and restores original values in the response. One-time setup, then it runs silently on every message.

User types promptHook detects PIIReplaces with tokensClaude works safelyResponse restored

Create the anonymize hook

Save as ~/.claude/hooks/anonymize-prompt.py — intercepts every UserPromptSubmit event and calls the MCP server.

# ~/.claude/hooks/anonymize-prompt.py
import sys, json, requests, os

data = json.load(sys.stdin)
prompt = data.get("prompt", "")
key = os.environ.get("ANONYM_API_KEY", "")

resp = requests.post("https://anonym.legal/api/mcp/anonymize",
    headers={"Authorization": f"Bearer {key}"},
    json={"text": prompt, "language": "en", "mode": "tokenize"})

if resp.ok:
    result = resp.json()
    data["prompt"] = result["anonymized_text"]
    data["session_id"] = result["session_id"]

print(json.dumps(data))

Create the restore hook

Save as ~/.claude/hooks/deanonymize-response.py — automatically detokenizes Claude's response using the session ID.

# ~/.claude/hooks/deanonymize-response.py
import sys, json, requests, os

data = json.load(sys.stdin)
response = data.get("response", "")
session_id = data.get("session_id", "")
key = os.environ.get("ANONYM_API_KEY", "")

if session_id:
    resp = requests.post("https://anonym.legal/api/mcp/detokenize",
        headers={"Authorization": f"Bearer {key}"},
        json={"text": response, "session_id": session_id})
    if resp.ok:
        data["response"] = resp.json().get("detokenized_text", response)

print(json.dumps(data))

Register hooks in Claude Code settings

Add both hooks to ~/.claude/settings.json under the hooks key.

// ~/.claude/settings.json
{
  "hooks": {
    "UserPromptSubmit": [
      {
        "hooks": [{"type": "command",
          "command": "python3 ~/.claude/hooks/anonymize-prompt.py"}]
      }
    ],
    "Stop": [
      {
        "hooks": [{"type": "command",
          "command": "python3 ~/.claude/hooks/deanonymize-response.py"}]
      }
    ]
  }
}

Full hook guide FAQ: Auto-anonymization in Claude Code →

Frequently Asked Questions

How do I connect Claude Desktop or Cursor?

All clients use HTTP transport â€” just add the URL https://anonym.legal/mcp and your API key to your MCP config file. No Node.js or local installation needed. For Claude Code users, the hook system enables fully automatic anonymization on every prompt.

What operators are available?

6 operators: Replace (fake data), Redact (remove), Hash (SHA-256/512), Encrypt (AES-256 with your key), Mask (partial hide), and Keep (exclude from anonymization).

Can I use my own encryption keys?

Yes! Load personal AES keys (16/24/32 chars) from your account or enter them manually. Encrypt with your key, decrypt later with the same key. Keys never leave your control.

What are entity groups?

Predefined collections: UNIVERSAL (common PII), FINANCIAL (banking), DACH (German-speaking), FRANCE, NORTH_AMERICA, etc. Saves time configuring which entities to detect.

What's the difference between redact and tokenize modes?

Redact mode permanently removes PII. Tokenize mode replaces with reversible tokens and returns a session_id. Use detokenize_text with the session_id to restore original values.

How do sessions work?

Tokenization creates sessions (24h or 30-day persistence). Use list_sessions to see active sessions, delete_session to remove them. Sessions store the mapping between tokens and original values.

API Reference

7 tools available via MCP protocol. Free operations marked with *.

Tool	Description	Cost
anonym_legal_analyze_text	Detect PII entities without modifying text	2-10+ tokens
anonym_legal_anonymize_text	Anonymize text with configurable operators	3-20+ tokens
anonym_legal_detokenize_text	Restore original PII from tokenized text	1-5+ tokens
anonym_legal_get_balance	Check token balance and billing cycle	Free *
anonym_legal_estimate_cost	Estimate token cost before processing	Free *
anonym_legal_list_sessions	List active tokenization sessions	Free *
anonym_legal_delete_session	Delete a session and its token mappings	Free *

Operator Reference

Configure per-entity anonymization using the operators parameter.

Operator	Description	Parameters	Example Output
replace	Replace with custom value	new_value (string, max 100 chars)	<PERSON_1>
redact	Permanently remove	None	[REDACTED]
hash	One-way hash	hash_type: SHA256 \| SHA512	a3f2b8c1...
encrypt	AES-256-GCM encryption	key (16-32 chars)	ENC:base64...
mask	Partial character masking	chars_to_mask, masking_char, from_end	John ****
keep	Keep original value	None	John Smith

Request Examples

Analyze Text

{
  "text": "John Smith lives at 123 Main St, New York. SSN: 123-45-6789",
  "language": "en",
  "score_threshold": 0.5,
  "entities": ["PERSON", "LOCATION", "US_SSN"]
}

Anonymize with Per-Entity Operators

{
  "text": "John Smith, SSN 123-45-6789, email john@example.com",
  "language": "en",
  "mode": "tokenize",
  "operators": {
    "PERSON": { "type": "replace" },
    "US_SSN": { "type": "mask", "chars_to_mask": 5, "from_end": false },
    "EMAIL_ADDRESS": { "type": "hash", "hash_type": "SHA256" }
  }
}

Response (Anonymize)

{
  "anonymized_text": "<PERSON_1>, SSN ***-**-6789, email a3f2b8c1d4e5...",
  "entities_found": 3,
  "tokens_charged": 5,
  "session_id": "sess_abc123",
  "entity_types": { "PERSON": 1, "US_SSN": 1, "EMAIL_ADDRESS": 1 }
}

Error Codes

Code	Description	Resolution
400	Invalid request parameters	Check text length (max 100KB), operator config
401	Invalid or missing API key	Verify API key in Settings â†’ API Access
429	Token balance exhausted	Check balance, upgrade plan, or wait for cycle reset
500	Server error	Retry after a few seconds, contact support if persistent

From the Blog

View all articles

Technical

Cross-Application PII: Word, Chrome, and AI

Customer data flows from browser research to Word drafts to Claude prompts. Each context switch is a potential leakage point.

July 8, 20266 min

AI Security

AI Coding Assistants Leak Production PII

Unit test fixtures with real customer records. Log files with production data for debugging. GitHub found 39 million secrets leaked in 2024.

July 6, 20268 min

AI Security

Screenshot PII: Leaks in Internal Tools

Slack, Teams, Jira, and email regularly receive screenshots containing customer PII. This access-control violation bypasses every DLP tool.

July 2, 20266 min

Developer Resources

Developer portal for MCP Server integration

anonymize.dev is the dedicated developer portal for anonym.legal — featuring MCP Server guides, code examples, case studies, blog articles on AI data security, and a full glossary of privacy & AI terms.

Visit anonymize.dev Developer Blog Privacy Case Studies

Try anonym.legal MCP Free

No credit card required. 200 tokens/cycle. Setup takes 2 minutes.

Start Free Trial View Documentation