Protection de la confidentialité pour l'IA — Fonctionne avec Claude Desktop, Cursor et n'importe quel outil MCP

Connectez vos outils IA directement à anonym.legal via le transport HTTP — ajoutez simplement une URL et une clé API. 48 langues, 6 opérateurs d'anonymisation, groupes d'entités, présets et clés de chiffrement personnelles.

Get Started Free View Documentation

MCP Server

→ tool_call: anonymize_text

text: "Contact John Smith at john@acme.com"

lang: "en"

⟳ Analyzing... 2 entities found

├ PERSON → "John Smith" (0.97)

└ EMAIL → "john@acme.com" (0.99)

← "Contact <PERSON> at <EMAIL>"

✓ 2 entities anonymized (42ms)

The Hidden Risk in AI-Assisted Work

Every time you use ChatGPT, Claude, or Cursor, you might be sharing sensitive information. Most users don't realize their data is being sent to third-party AI providers.

Customer names and emails

Financial account numbers

Medical records and patient IDs

Trade secrets and proprietary data

Why Secure MCP Servers Matter — 2026 Research

8,000+

MCP servers publicly exposed

492

servers with zero authentication

36.7%

vulnerable to SSRF attacks

CVSS 8.8

CVE-2026-25253 severity

MCP servers that handle raw user prompts without PII filtering expose sensitive data to AI models and downstream tool calls. anonym.legal acts as a secure MCP gateway — anonymizing PII before it reaches any other MCP server, AI model, or external API.

How It Works: Automatic Protection

You Write Normally

With sensitive data

AI Tool

Cursor, Claude, etc.

anonym.legal MCP Server

1. Detect

Find sensitive info

2. Replace

Use placeholders

3. Store

Encrypted, temporary

AI Processes

Safe placeholders only

Restore Values

Original data back

The MCP Server acts as a privacy shield between your AI tools and sensitive data. AI never sees your real information.

What Gets Protected?

The system automatically detects and protects 285+ types of sensitive information

People

John Doe, Jane Smith, Dr. Williams

Emails

john@example.com, info@company.org

Phones

+1-555-1234, (555) 123-4567

Credit Cards

4532-1234-5678-9010

Addresses

123 Main Street, New York, NY

Dates

January 15, 2026, 01/15/2026

Medical Info

Patient ID, prescription numbers

Financial IDs

IBANs, Tax IDs, VAT numbers

Digital Identifiers

IP addresses, MAC addresses, URLs

And 40+ More Types

License plates, passport numbers, etc.

Key Benefits

Fonctionne avec Claude Desktop, Cursor et tous les outils MCP

Transport HTTP — ajoutez simplement une URL et une clé API à votre configuration. Fonctionne avec Claude Desktop, Cursor, VS Code et tout outil MCP. Node.js n'est pas nécessaire.

6 Anonymization Operators

Choose the right method: Replace, Redact, Hash (SHA-256/512), Encrypt (AES-256), Mask, or Keep. Apply different operators per entity type.

Entity Groups & Presets

Use predefined groups (UNIVERSAL, FINANCIAL, DACH, FRANCE, NORTH_AMERICA) or create personal presets for consistent anonymization across sessions.

48 Languages Supported

Detects PII in English, German, French, Spanish, Chinese, Japanese, Arabic, and 41 other languages. RTL support included.

Personal Encryption Keys

Load your own AES-128/192/256 keys for encrypt operator. Decrypt anytime with your key. Keys stored securely in your account.

Session Management

Tokenization mode with session IDs for reversible anonymization. List, manage, and delete sessions. 24h or 30-day persistence options.

Works With Your Favorite AI Tools

Transport HTTP — Claude Desktop, Cursor, n'importe quel outil MCP

Cursor IDE

Available

Protect code secrets and sensitive data while coding with AI assistance via HTTP

Claude Desktop

Available

Transport HTTP — ajoutez l'URL et la clé API. Aucune configuration locale requise. Ajoutez simplement à claude_desktop_config.json

Continue (VS Code)

Available

Secure AI coding assistant integration directly in Visual Studio Code via HTTP

Cline (VS Code)

Available

AI-powered coding with automatic privacy protection via MCP HTTP

Any MCP Tool

Available

Streamable HTTP transport works with any MCP-compatible application

Setup in 2 Minutes

Le transport HTTP fonctionne pour tous les clients — Claude Desktop, Cursor et n'importe quel outil MCP

Claude Desktop, Cursor & all MCP tools

Claude Desktop, Cursor et n'importe quel outil MCP :

1Obtenez votre clé API à partir de Paramètres → Accès API
2Ouvrez votre fichier de configuration du client MCP
3Ajoutez l'URL https://anonym.legal/mcp avec Authorization: Bearer YOUR_KEY
4Redémarrez votre outil IA — 7 outils de confidentialité disponibles !

claude_desktop_config.json / mcp.json

{
  "mcpServers": {
    "anonym-legal": {
      "type": "http",
      "url": "https://anonym.legal/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_API_KEY"
      }
    }
  }
}

HTTP (Cursor, VS Code, etc.):

1Get your API key from Settings → API Access
2Add MCP server URL: https://anonym.legal/mcp
3Configure Authorization header with Bearer token
4Fonctionne instantanément — pas de Node.js, pas de serveur local

mcp_config.json

{
  "mcpServers": {
    "anonym-legal": {
      "type": "http",
      "url": "https://anonym.legal/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_API_KEY"
      }
    }
  }
}

Use Cases

Software Development

Review code containing API keys, database credentials, and customer data without exposing secrets to AI providers.

Legal Firms

Anonymize client names, case numbers, and sensitive details when using AI to draft documents, ensuring attorney-client privilege.

Healthcare

Analyze patient notes and reports with AI assistance while keeping patient identities and medical records completely private.

Customer Support

Process customer inquiries with AI help while automatically protecting email addresses, phone numbers, and account details.

Finance

Use AI for report analysis while protecting account numbers, transaction details, and customer identities.

MCP Server vs Manual Redaction

Aspect	Manual Redaction	anonym.legal MCP
Speed	Minutes per document	< 1 second
Accuracy	Human error-prone	95%+ AI accuracy
Reversible	No - permanent	Yes - fully reversible
Maintenance	Constant vigilance	Automatic
Languages	One at a time	48 simultaneously
Integration	Copy/paste workflow	Seamless in your tools
Cost	Staff time	From €0/month

anonym.legal MCP vs. Unprotected MCP

Without a secure MCP server layer, raw PII flows into AI models and all downstream tool calls — including other MCP servers, APIs, and logs. anonym.legal anonymizes data before it leaves your environment.

Capability	Unprotected MCP Server	anonym.legal MCP
PII in AI prompts	Raw names, emails, SSNs sent to LLM	Anonymized tokens sent — originals never leave
Authentication	Often none (492 servers exposed, no auth)	Bearer token + rate limiting on every request
SSRF protection	36.7% vulnerable to SSRF (CVE-2026-25253)	SSRF allowlist enforced — no private IP access
Data to downstream MCPs	Raw PII forwarded to all connected tools	Anonymized before forwarding — zero PII leakage
GDPR / HIPAA compliance	Non-compliant — PII in AI training data risk	Compliant — PII stays encrypted, reversible only by you
Audit trail	No log of what PII was exposed	Session-based tokens with full detokenization audit
Multilingual PII detection	English-only or no detection	285+ entity types across 48 languages

Claude Code — Crochet PII Automatique

Anonymisez chaque prompt automatiquement — zéro étape manuelle

Le crochet Claude Code intercepte chaque prompt avant qu'il n'atteigne Claude, supprime les PII avec le serveur MCP et restaure les valeurs d'origine dans la réponse. Configuration unique, puis il s'exécute silencieusement à chaque message.

L'utilisateur tape le promptLe crochet détecte les PIIRemplace par des tokensClaude fonctionne en sécuritéRéponse restaurée

Créer le crochet d'anonymisation

Enregistrer sous ~/.claude/hooks/anonymize-prompt.py — intercepte chaque événement UserPromptSubmit et appelle le serveur MCP.

# ~/.claude/hooks/anonymize-prompt.py
import sys, json, requests, os

data = json.load(sys.stdin)
prompt = data.get("prompt", "")
key = os.environ.get("ANONYM_API_KEY", "")

resp = requests.post("https://anonym.legal/api/mcp/anonymize",
    headers={"Authorization": f"Bearer {key}"},
    json={"text": prompt, "language": "en", "mode": "tokenize"})

if resp.ok:
    result = resp.json()
    data["prompt"] = result["anonymized_text"]
    data["session_id"] = result["session_id"]

print(json.dumps(data))

Créer le crochet de restauration

Enregistrer sous ~/.claude/hooks/deanonymize-response.py — dépixélise automatiquement la réponse de Claude en utilisant l'ID de session.

# ~/.claude/hooks/deanonymize-response.py
import sys, json, requests, os

data = json.load(sys.stdin)
response = data.get("response", "")
session_id = data.get("session_id", "")
key = os.environ.get("ANONYM_API_KEY", "")

if session_id:
    resp = requests.post("https://anonym.legal/api/mcp/detokenize",
        headers={"Authorization": f"Bearer {key}"},
        json={"text": response, "session_id": session_id})
    if resp.ok:
        data["response"] = resp.json().get("detokenized_text", response)

print(json.dumps(data))

Enregistrer les crochets dans les paramètres Claude Code

Ajouter les deux crochets à ~/.claude/settings.json sous la clé hooks.

// ~/.claude/settings.json
{
  "hooks": {
    "UserPromptSubmit": [
      {
        "hooks": [{"type": "command",
          "command": "python3 ~/.claude/hooks/anonymize-prompt.py"}]
      }
    ],
    "Stop": [
      {
        "hooks": [{"type": "command",
          "command": "python3 ~/.claude/hooks/deanonymize-response.py"}]
      }
    ]
  }
}

Guide complet des crochets FAQ : Auto-anonymisation dans Claude Code →

Frequently Asked Questions

Comment me connecter à Claude Desktop ou Cursor ?

Tous les clients utilisent le transport HTTP — ajoutez simplement l'URL https://anonym.legal/mcp et votre clé API à votre fichier de configuration MCP. Aucune installation Node.js ou locale requise. Pour les utilisateurs de Claude Code, le système de hook permet une anonymisation entièrement automatique à chaque invite.

What operators are available?

6 operators: Replace (fake data), Redact (remove), Hash (SHA-256/512), Encrypt (AES-256 with your key), Mask (partial hide), and Keep (exclude from anonymization).

Can I use my own encryption keys?

Yes! Load personal AES keys (16/24/32 chars) from your account or enter them manually. Encrypt with your key, decrypt later with the same key. Keys never leave your control.

What are entity groups?

Predefined collections: UNIVERSAL (common PII), FINANCIAL (banking), DACH (German-speaking), FRANCE, NORTH_AMERICA, etc. Saves time configuring which entities to detect.

What's the difference between redact and tokenize modes?

Redact mode permanently removes PII. Tokenize mode replaces with reversible tokens and returns a session_id. Use detokenize_text with the session_id to restore original values.

How do sessions work?

Tokenization creates sessions (24h or 30-day persistence). Use list_sessions to see active sessions, delete_session to remove them. Sessions store the mapping between tokens and original values.

API Reference

7 tools available via MCP protocol. Free operations marked with *.

Tool	Description	Cost
anonym_legal_analyze_text	Detect PII entities without modifying text	2-10+ tokens
anonym_legal_anonymize_text	Anonymize text with configurable operators	3-20+ tokens
anonym_legal_detokenize_text	Restore original PII from tokenized text	1-5+ tokens
anonym_legal_get_balance	Check token balance and billing cycle	Free *
anonym_legal_estimate_cost	Estimate token cost before processing	Free *
anonym_legal_list_sessions	List active tokenization sessions	Free *
anonym_legal_delete_session	Delete a session and its token mappings	Free *

Operator Reference

Configure per-entity anonymization using the operators parameter.

Operator	Description	Parameters	Example Output
replace	Replace with custom value	new_value (string, max 100 chars)	<PERSON_1>
redact	Permanently remove	None	[REDACTED]
hash	One-way hash	hash_type: SHA256 \| SHA512	a3f2b8c1...
encrypt	AES-256-GCM encryption	key (16-32 chars)	ENC:base64...
mask	Partial character masking	chars_to_mask, masking_char, from_end	John ****
keep	Keep original value	None	John Smith

Request Examples

Analyze Text

{
  "text": "John Smith lives at 123 Main St, New York. SSN: 123-45-6789",
  "language": "en",
  "score_threshold": 0.5,
  "entities": ["PERSON", "LOCATION", "US_SSN"]
}

Anonymize with Per-Entity Operators

{
  "text": "John Smith, SSN 123-45-6789, email john@example.com",
  "language": "en",
  "mode": "tokenize",
  "operators": {
    "PERSON": { "type": "replace" },
    "US_SSN": { "type": "mask", "chars_to_mask": 5, "from_end": false },
    "EMAIL_ADDRESS": { "type": "hash", "hash_type": "SHA256" }
  }
}

Response (Anonymize)

{
  "anonymized_text": "<PERSON_1>, SSN ***-**-6789, email a3f2b8c1d4e5...",
  "entities_found": 3,
  "tokens_charged": 5,
  "session_id": "sess_abc123",
  "entity_types": { "PERSON": 1, "US_SSN": 1, "EMAIL_ADDRESS": 1 }
}

Error Codes

Code	Description	Resolution
400	Invalid request parameters	Check text length (max 100KB), operator config
401	Invalid or missing API key	Verify API key in Settings → API Access
429	Token balance exhausted	Check balance, upgrade plan, or wait for cycle reset
500	Server error	Retry after a few seconds, contact support if persistent

From the Blog

View all articles

Technical

Cross-Application PII: Word, Chrome, and AI

Customer data flows from browser research to Word drafts to Claude prompts. Each context switch is a potential leakage point.

July 8, 20266 min

AI Security

AI Coding Assistants Leak Production PII

Unit test fixtures with real customer records. Log files with production data for debugging. GitHub found 39 million secrets leaked in 2024.

July 6, 20268 min

AI Security

Screenshot PII: Leaks in Internal Tools

Slack, Teams, Jira, and email regularly receive screenshots containing customer PII. This access-control violation bypasses every DLP tool.

July 2, 20266 min

Developer Resources

Developer portal for MCP Server integration

anonymize.dev is the dedicated developer portal for anonym.legal — featuring MCP Server guides, code examples, case studies, blog articles on AI data security, and a full glossary of privacy & AI terms.

Visit anonymize.dev Developer Blog Privacy Case Studies

Try anonym.legal MCP Free

No credit card required. 200 tokens/cycle. Setup takes 2 minutes.

Start Free Trial View Documentation