By George Curta · Last updated 2026-03-182026-03-18

返回博客技术

零知识架构缩短销售周期

企业供应商安全问卷平均包含100个以上问题。零知识架构能够明确回答最难的问题，并推动成交。

George CurtaMarch 18, 20267 分钟阅读

vendor security questionnaireenterprise procurementzero-knowledge architecturesales cycle accelerationCISO approval

2026年更新

安全审查拖慢企业销售

企业交易遵循一个清晰的规律：具有强大功能的供应商因供应商安全审查而失去数月时间，甚至整个交易。这个流程存在有其原因：企业团队对接触其记录的每个工具都承担责任，受监管行业有严格的供应商规则。

医疗机构必须追踪供应商如何处理PHI，金融机构必须向监管机构展示保障措施，法律团队必须保护客户文件。审查是合理的，但对于没有零知识架构的供应商来说，它成为一个很少快速推进的漫长关卡。

阻碍或加速交易的问题

企业安全问卷涵盖100至200多个问题。大多数问题对任何称职的供应商都有充分答案：补丁计划、员工培训、事件响应——这些只需要良好的文档。

少数几个问题为没有零知识设计的云供应商制造了真正的摩擦，这些是决定交易的问题。

"您的员工能看到客户数据吗？"

对于服务端加密供应商：某些情况下可以。支持人员可以查看记录以解决问题，法律命令可以强制交出数据，这个答案会触发更多审查，往往需要风险团队审核。

对于零知识供应商：不能。员工在任何情况下都无法读取明文记录，设计使得没有客户密钥就无法解密，这个答案关闭了问题，推动审查前进。

"完整泄露会暴露什么？"

对于服务端供应商：可能包含密钥材料的加密数据，审查者会提出后续问题，答案不够清晰。

对于零知识供应商：AES-256-GCM密文，无密钥。完整服务器泄露不暴露任何可用内容。

"您能在传票下交出明文数据吗？"

对于服务端供应商：是的，在法律程序下可以，这对持有敏感记录的机构是直接顾虑。

对于零知识供应商：我们只能提供密文，我们不持有密钥，任何法律命令都无法强迫我们交出我们没有的内容。

Argon2id参数细节

受监管行业的审查会要求精确的密码参数：密钥派生方法、迭代次数和内存成本在医疗、金融和政府交易中都是常见问题，每一个缺失的细节都会拖慢流程。

200,000次迭代的Argon2id是OWASP基于密码的密钥派生最低要求的4倍。具体答案推动审查前进，模糊答案——"我们使用标准加密"——触发后续文档请求并拖慢交易。

ISO 27001认证的提升效果

ISO 27001合规处理了不同类别的审查摩擦。ISO 27001:2022附件A中的100多个控制覆盖了大多数供应商审查中的组织层面问题：访问控制、密钥管理、物理保护、事件处理。

要求ISO 27001的机构可以跳过测试单个控制——认证就是证明，表明控制存在并经过第三方审计。在企业采购中，这将六个月的审查变成三至六周的核查。

零知识设计加上ISO 27001合规是强有力的采购组合：最难的保护问题获得清晰答案，组织控制有记录在案。对于受监管市场的隐私工具交易，这对组合产生更快的审批。

请参阅法律合规文档和安全合规页面了解完整详情，以及FAQ中心了解常见问题。

参考资料

技术

Cross-Platform PII: Mac, Linux, and Windows

Privacy officers on Mac, legal on Windows, data engineers on Linux — all processing the same data with different tools. Here's why OS-agnostic detection.

技术

Cross-Application PII: Word, Chrome, and AI

Customer data flows from browser research to Word drafts to Claude prompts. Each context switch is a potential leakage point.

技术

GDPR in App Logs: JSON PII Compliance

Application logs contain customer email addresses, IPs, and account numbers that GDPR Article 5(1)(e) requires be managed.

准备好保护您的数据了吗？

开始使用 285 种实体类型在 48 种语言中匿名化 PII。

开始免费试用查看功能

About this page

We update this page when our platform or the law changes.

Read our founder note for how we work.

Each change shows up in the timestamp at the top.

We follow these rules

GDPR (EU 2016/679).
ISO/IEC 27001:2022.
NIS2 (EU 2022/2555).
HIPAA safe harbor under 45 CFR § 164.514(b)(2).

Our promise

We do not sell your data.

We do not train models on your text.

We store your files in Germany.

You can delete your account at any time.

You own your work.

Where we run

Our servers live in Falkenstein, Germany.

We use Hetzner. They hold ISO 27001 certification.

All data stays in the EU.

Backups run every day.

Need help?

Email support@anonym.legal.

We reply within one business day.

How we test

We run a full check suite on every release.

Each surface gets its own sweep script and report.

Human reviewers spot-check the output each week.

We track recall and precision on a labelled set.

Bad runs block the deploy.

What we never do

We never sell your information to third parties.
We never train models on what you upload.
We never keep your work after you delete it.
We never share keys with any outside firm.
We never run ads inside the product.

Plans in plain words

We sell credits, not seats.

One credit covers one short job.

Long jobs use a few credits each.

You can top up at any time.

Unused credits roll over each month.

Read the plans page for current rates.

Who built this

A small team of engineers and lawyers built this.

We ship from Europe and work in the open.

Our founder note spells out why we started.

Where to start

How the parts fit

A browser add-on cleans text inside Chrome.

A Word plug-in handles drafts in Office.

A small desktop tool works on whole folders.

An agent protocol link feeds large models safely.

All four share one core engine and one rule set.

Words from our team

We started this work after a lunch about cookies.

One friend kept getting odd ads on her phone.

We asked why a court file leaked through a draft.

We sketched the first build on a napkin that week.

By month three we had a tiny demo for a friend.

She used it on her first case the next day.

Common questions we hear

Can the tool read scanned PDFs? Yes, with OCR.

Does it work on long files? Yes, in small chunks.

Can I roll my own rule set? Yes, save it as a preset.

Does it run offline? The desktop build runs offline.

Do you keep my files? No, the cloud build wipes after each run.

Will it learn from my work? No, we never train on inputs.

A short tour of the workflow

Upload a file or paste a snippet of prose.

Pick the entities you want gone from the draft.

Choose a method: replace, mask, hash, encrypt, or redact.

Press run and watch the side panel show each hit.

Skim the result and tweak any rule that misfired.

Save the cleaned file or send it to a teammate.