AI Data Protection

Keep Company Data Safe While Using AI.

NexusNest protects sensitive information when teams use ChatGPT, Claude, Gemini, Copilot, Cursor, and other AI tools.

prompt - intercepted by NexusNest
Hi, debugging a checkout issue for
customer [REDACTED_PERSONAL_INFO_1] ([REDACTED_PERSONAL_INFO_2]).
Her card [REDACTED_FINANCIAL_DATA_1] keeps failing.
Our prod DB password is [REDACTED_CREDENTIALS_1]
and the AWS key is [REDACTED_CREDENTIALS_2].
Delivered to the AI provider. 5 secrets redacted, 0 leaked. Originals never stored.
DetectRedactDeliver

Your team may already share private data

Many AI tools collect information quietly while your team uses them every day.

ChatGPT

Customer PII pasted into summaries

Support agents paste full customer rows - name, email, phone, order history - and ask for a polished reply.

pasted into the prompt box
Draft a polite reply to this customer:
Priya Sharma · priya.s@meridianbank.in
+91 98201 14437 · order #88412
card ending 4421 · refund pending
Cursor & Copilot

Credentials inside code context

A test fixture with real AWS keys, an open .env tab, a hard-coded production password. All shipped as context.

sent as editor context
DATABASE_URL=postgres://admin:hunter2prod@10.0.4.2
AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
STRIPE_SECRET=sk_live_8kFm2nQv9TxR4w
Claude

Internal docs in long-form prompts

Strategy memos, draft contracts, customer briefs - pasted into a 200k-token window for a quick polish.

from a confidential memo
Tighten this up for the board deck:
Q3 STRATEGY - CONFIDENTIAL
Acquisition target: Vorlane Systems
Offer range: $12-14M · close by Nov
Copilot Chat

Proprietary source code

A "refactor this for me" selection that includes an internal algorithm, a proprietary heuristic, or a customer-facing query.

selected and sent for refactor
// refactor this for me
function scoreCreditRisk(applicant) {
const w = [0.31, 0.22, 0.47]; // tuned weights
return w.reduce(...

Why your existing DLP doesn't catch this

Classic DLP was built for a world where exfiltration meant emailing a CSV or uploading a folder. AI usage looks nothing like that.

Classic DLP watches

  • Outgoing email and attachments
  • USB drives and external storage
  • SaaS uploads (Drive, Dropbox, SharePoint)
  • File shares and managed cloud apps

The same employee who would never email a customer list to a personal address will paste it into ChatGPT to draft a reply. Classic DLP doesn't see the paste.

AI DLP watches

  • The prompt box, in real time
  • Browser, desktop apps, and IDE assistants - every surface
  • The full payload, including pasted snippets and selections
  • The content, before it ever reaches the model

The leak isn't a file on a known channel - it's the prompt you send to the AI. If your control point doesn't inspect that request before it reaches the model, it's too late.

See Everything. Protect What Matters.

That's the principle behind NexusNest

What the AI actually sees

The user types whatever they want. Sensitive spans are redacted in-flight. The prompt that reaches the AI provider has placeholders in place of the secrets.

Live redactionagent feed - real time

Originals are never stored. The AI still answers the underlying question - it just answers it without the secrets.

How it works

One agent on each laptop. No network rewiring, no browser extensions, no employee training session.

1

Install the agent

Deploy via .pkg, .exe, or MDM. Two minutes per laptop, zero configuration.

2

Traffic is captured

AI requests are intercepted for redaction. Everything else is logged passively.

3

Data is protected

Sensitive spans are redacted before the prompt reaches the AI provider. The dashboard shows what was caught.

Covers every AI tool your team actually uses

Browser, desktop apps, CLIs, IDE assistants - one agent, every surface. Custom or internal tools? Admins add them from the dashboard.

Two products. One agent.

PromptWall redacts AI prompts. NetLens watches all the other traffic. Both run from the same lightweight agent.

PromptWall

PromptWall

AI data redaction

Intercepts outbound AI requests and redacts sensitive content - PII, credentials, source code - before it reaches the AI provider.

  • Covers every AI tool: browser, desktop apps, IDEs, CLI
  • Custom per-department redaction policies
  • Redacted prompts logged; originals never stored
How it works
NetLens

NetLens

Network monitoring

Passively logs every HTTP/HTTPS request from employee devices for compliance visibility. No blocking, no modification.

  • Per-employee and per-machine activity views
  • AI vs non-AI traffic breakdown
  • Configurable retention with auto-cleanup
See it in action

What changes the day it's live

Three concrete shifts you can show to your security team, your CFO, and your regulator.

Audit-ready in week one

Every prompt logged with the categories detected, the employee, and the AI tool. Export to CSV for compliance reviews.

Zero workflow change for employees

Redaction is transparent. AI tools still answer; users keep working. No browser extensions, no policy training session.

Maps to DPDP Section 8 and 33

A defensible "reasonable security safeguards" posture under India's DPDP Act, with the audit log a regulator would actually accept.

Read the DPDP overview

Simple, seat-based pricing

Pay per seat, cancel anytime. Mix and match plans across your organization - pick the right plan for each team.

Starter

Stop your team from pasting customer data, passwords, and code into ChatGPT, Claude, Copilot, and Cursor.

$12/seat/mo

billed monthly

  • Up to 500 prompts scanned per person each month
  • Catches names, emails, phone numbers, payment info, health data, secrets, and source code automatically
  • Works with every major AI tool — desktop apps, browser, IDEs
  • Dashboard showing exactly what was redacted, when, and for whom
  • Audit history kept for 90 days
  • Export everything to CSV for your records
Most popular

Business

For teams that need their own rules — block specific phrases, store full request bodies, get pinged on high-risk prompts.

$25/seat/mo

billed monthly

  • Up to 2,000 prompts scanned per person each month
  • Write your own rules: block, warn, or quietly redact anything you care about
  • Optionally store full request and response bodies for forensics
  • Real-time Slack alerts when something sensitive slips through (coming soon)
  • Sign in with Google/Microsoft SSO (coming soon)
  • Everything in Starter, plus a 5× higher per-minute limit

Enterprise

For larger orgs that need answers when security, compliance, or finance asks — with an SLA behind it.

$49/seat/mo

billed monthly

  • Up to 6,000 prompts scanned per person each month
  • Priority support with a written response-time SLA
  • Direct Slack channel with our team (coming soon)
  • Volume pricing past 50 seats — talk to us
  • Everything in Business, plus a 4× higher per-minute limit

Custom

Talk to us

On-prem deployment, custom redaction rules, dedicated infra, audit evidence packs for SOC2 / DPDP / ISO, MSA / DPA, volume discounts.

Self-hosted option Custom detection models SLA & priority support Volume pricing

14-day free trial on every plan. No credit card required to start. Configure seats and billing after signup.

Frequently Asked Questions

Everything CTOs, IT admins, and security teams ask before they roll out AI data loss prevention.

The basics

AI DLP stops sensitive data - PII, credentials, source code, customer records, internal documents - from leaving your network when employees paste into ChatGPT, Claude, Copilot, Gemini, or any AI tool. NexusNest is different because we don't ship a browser plugin or rely on the AI provider's API. We install a tiny agent on the employee's machine that intercepts AI traffic, redacts sensitive fields before the request reaches the AI provider, and forwards a redacted version to the AI. The AI never sees your secrets.
PromptWall is the redaction engine - it intercepts AI requests and redacts sensitive data. NetLens is the visibility layer - it shows all employee AI activity, who's using which tools, and which prompts triggered redaction. They ship as a single agent. PromptWall blocks leaks; NetLens proves they were blocked and gives you the audit trail.

Coverage

ChatGPT (chat.openai.com, chatgpt.com, api.openai.com), Anthropic Claude (claude.ai, api.anthropic.com), Google Gemini (gemini.google.com, generativelanguage.googleapis.com), GitHub Copilot, Cursor, Codeium, and any other AI tool you add to the allowed list. The agent inspects HTTPS traffic to known AI endpoints; you can add custom domains as your team adopts new tools.
Yes. The agent works at the OS network layer, not in the browser. It catches prompts from desktop AI apps (ChatGPT, Claude, Cursor, JetBrains AI), browser extensions (Copilot, Continue), CLI tools (Claude Code, OpenAI CLI), and SaaS chat tabs. If it goes out as HTTPS to a known AI domain, we see it and redact it.
Personal information (names, emails, phone numbers, addresses, government IDs), financial data (credit cards, bank accounts, IBANs), health data (medical record numbers, diagnoses), credentials (API keys, OAuth tokens, AWS access keys, JWTs, passwords), source code blocks, and internal document markers. You can also define custom regex or keyword policies for industry-specific data (PCN, MRN, MR-N, claim IDs, etc.).

Rollout & employees

No. The agent adds under 5 milliseconds of latency per prompt - imperceptible compared to AI response time which is usually 500ms+. Redaction happens in parallel with the prompt being forwarded. If the redaction server is unreachable, the agent fails open: prompts go through unredacted and a non-blocking degraded-mode banner appears, so employees never lose access to their tools.
Sign up at app.nexusnest.io, add employees, generate a license key for each, and share the installer link. Employees run the .pkg (macOS), .exe (Windows), or .deb (Linux) installer once, paste their key, and they're protected. Average install time is under two minutes. MDM-friendly silent install flags are available for Jamf, Intune, and Kandji.
Employees see a one-time menu-bar banner when sensitive data is redacted, telling them the action was successful. They cannot disable redaction from their device - the agent runs as a launchd / systemd service and the proxy is system-wide. Admins can disable redaction globally from the dashboard if needed (e.g., during onboarding).

Privacy & compliance

No. We never store the original prompt - it's discarded the moment the redacted version is computed, so the AI provider only ever receives the redacted text. Only the redacted prompt (the version the AI provider received), redaction metadata (which categories triggered), and timestamps are sent to the NexusNest dashboard. Request and response bodies are NOT stored by default; you can opt in per-domain for specific compliance use cases.
The standard SaaS deployment fits most companies. For air-gapped, regulated, or fully on-prem requirements, contact us at hello@nexusnest.io - we can ship a self-hosted server image (Docker / Kubernetes) that runs entirely inside your infrastructure with no outbound dependencies.
DPDP, GDPR, HIPAA, and similar regulations require demonstrable controls over how personal data leaves the organization. NexusNest gives you the technical control (redaction before egress) plus the audit log (which categories were redacted, when, for which employee). We don't issue compliance certifications, but we provide the evidentiary trail your auditors will ask for.

Plans & trial

Starter is ₹499/seat/month with 500 redacted prompts per seat. Business is ₹999/seat/month with 2,000 prompts/seat plus custom policies, payload storage, SSO, and Slack alerts. Enterprise is ₹1,999/seat/month with 6,000 prompts, priority support, and an SLA. Yearly billing is 20% off. Every plan includes the desktop agent and the dashboard.
Yes. Every new account gets a 14-day trial with all Enterprise features unlocked and a 5,000-prompt quota - no credit card required. After the trial you pick a plan from the dashboard.

See Everything. Protect What Matters.

Deploy NexusNest on every employee laptop in under 10 minutes. No credit card required.

Start free trial

Your business is safe with us

NexusNest is independently certified and audited, so your security and procurement teams can verify - not just trust. Download the certificates anytime.