Philterd

Talk to an Expert

Tell us about your stack and the privacy problems you're trying to solve. We typically respond within one business day.

Prefer to skip the form? Pick a time on our calendar →
or send a message

Please do not enter PII or PHI in this form. If you need to share an example, use a sanitized one.

For integrators & system builders

Philter for Integrators & System Builders

If you build healthcare, legal, or AI solutions on behalf of clients, the PII layer is usually the part that slows the project down — license fees you can't predict, vendor approvals you can't control, deployment shapes that don't match your client's environment. Philter is the redaction engine you bundle into the deliverable. Open source under your control, deployed in your client's cloud, supported by you.

See reference architectures → Browse the policy library →

Why integrators bundle Philter

Bundle Philter into the deliverable — no sub-license required

Philter is open source. You can run it, modify it, ship it inside your client's environment as part of a fixed-price SOW. No per-seat fees, no per-deal vendor approval, no quarterly true-up. The license is the same whether you're delivering one engagement or fifty.

Deploys in your client's cloud, operated by you

Runs in the client's AWS, Azure, or GCP account. The client owns the data path; you own the implementation. No three-way support chain, no “please open a ticket with the vendor” while a deployment stalls. When a client asks where the PII goes, the honest answer is “nowhere — it stays in your account.”

Reference architectures you can paste into a proposal

Diagrams and policy templates for the patterns clients actually buy: HIPAA-grade redaction in a client VPC, e-discovery production scrubbing, RAG ingestion for a client AI build. Drop them into the proposal; refine them in the kickoff.

No data residency surprises

Self-hosted means no data leaves the client's perimeter. That makes the BAA conversation short (your client's existing cloud BAA already covers the path), the GDPR conversation short (no cross-border transfer), and the procurement conversation short (no new sub-processor).

Source-available answers when a client digs in

When the client's security team asks how a detection works, the answer is in a repo they can read. No “trust the black box,” no NDA to see how the engine works. That makes you faster in security review and harder to displace.

Predictable cloud-marketplace pricing for the supported path

When a client prefers vendor-supported Philter (instead of self-built), the AWS / GCP / Azure marketplace listings install through the client's existing cloud billing. Predictable per-instance pricing — see the pricing page. The integrator stays in the relationship; the cloud marketplace is just the install path.

Reference architectures

Three patterns we see integrators ship most often. Each one runs inside the client's cloud account and pairs with policy templates from the open source policy library.

HIPAA-grade redaction pipeline

For: Healthcare clients

Clinical text from the EHR (or claims, intake forms, patient-portal messages) gets de-identified before landing in the analytics warehouse or AI feature. HIPAA Safe Harbor policy as the starting point; tune for the client's MRN and account-number patterns.

EHR / source → Philter (in client VPC) → de-identified output → warehouse / RAG / AI feature

E-discovery + filing-ready redaction

For: Legal clients

FRBP 9037 / FRCP 5.2 automation for productions and court filings. Bates-style identifier handling, structured exemption codes via Arbiter for human review, full audit trail. Replaces manual review of routine PII without removing the reviewer's authority on the gray cases.

Production set → Philter (in client VPC) → Arbiter review queue → filing-ready output + audit trail

LLM prompt + retrieval guardrails

For: AI builds for either vertical

Drop Philter AI Proxy between the client's application and their LLM provider (OpenAI, Anthropic, Bedrock, Vertex). PII gets redacted from prompts, retrieval context, and tool calls — without touching the client's application code.

Application → Philter AI Proxy (in client VPC) → LLM provider

Each architecture pairs with policy templates from the open source library — pre-built for HIPAA Safe Harbor, clinical de-identification, medical chatbots, e-discovery, AI training data, and more. Browse the policy library →

How an integrator engagement works

  • You stay in the client relationship. Philterd doesn't talk to your client unless you bring us in. You own the SOW, the kickoff, the success criteria, the renewal.
  • Start from the open source. Self-host Philter into the client's VPC during the build phase. Zero cost to evaluate, full access to every detection rule, the same engine that runs in production.
  • Optional supported install via cloud marketplace. When the client wants a vendor-supported path for ongoing patches, point them at the AWS / GCP / Azure listing. Same engine, marketplace billing through their cloud.
  • Engaged work, when it helps you close. Custom NLP models for a client's clinical vocabulary, embedded engineering for a complex pipeline, privacy architecture review for a regulated workload — we can scope that as a sub-engagement to your project. See the Engaged tier on pricing.
  • One technical contact. Direct line to the engineer behind the toolkit. No tier-one queue. No support portal that asks you to fill out a form before someone reads it.

Common shapes of an integrator engagement

The bundles we see most often, in roughly the order they show up in proposals:

1. Healthcare data-modernization projects. A client is moving clinical data into an analytics warehouse, a data lake, or a new application. Somewhere in the spec is “PII must be de-identified before it lands in the warehouse.” Philter is the de-identification step. The integrator owns the pipeline; Philterd’s open source policy library covers the HIPAA Safe Harbor table-stakes; the integrator’s clinical-informatics partner validates against a gold-standard sample.

2. AI features on top of regulated data. A client wants a clinical chatbot, a legal-research assistant, an underwriting copilot, a contact-center summarizer. The pre-LLM redaction step is the cleanest way to make the BAA / DPA chain defensible. Philter AI Proxy sits between the client’s application and the LLM provider. The integrator builds the application; the redaction layer travels with the proxy, not the model.

3. E-discovery and filing-production redaction. A litigation team handling productions or court filings has a manual-review bottleneck for routine PII (SSNs, account numbers, minors’ names, financial-account info). Philter does the automated pass; Arbiter handles the human-in-the-loop review for the gray cases. The integrator’s e-discovery practice owns the workflow; the audit trail handles the FRBP / FRCP defensibility question.

4. Compliance-driven retrofits. A client failed (or wants to get ahead of) an audit. They need PII redaction wired into specific pipelines: log redaction, customer-service transcripts, third-party data sharing. The integrator scopes the retrofit; Philter is the layer that goes into each affected pipeline.

What we ask of integrator partners

We don’t run a formal partner program yet — that’s deliberate, because adding a deal-registration portal and a tier matrix before there’s volume to support it would be theater. What we do ask, in exchange for direct technical access during your engagements:

  • Attribution when Philter ends up in the production stack. A short note (with or without your client’s name) so we can keep refining the integrator-facing materials around real engagements.
  • Feedback on what’s missing. A gap in the policy library, a deployment pattern that needs a runbook, an integration we haven’t documented — tell us, and it usually gets fixed.
  • Early signal on what your clients are asking for. Integrators see the regulated-AI buying cycle six months before the vendor does. That’s worth a great deal.

If a formal partner program (deal registration, certified-integrator tier, joint marketing) makes sense for your engagements, we’ll build it. Tell us what would help.

Bring Philter into your next client engagement

30 minutes to walk through the deliverable you're building and where Philter fits. You'll leave with a concrete deployment plan, the reference architecture in writing, and a sense of how the engagement could pair with your services. No partner contract to sign; just a working conversation.

See pricing →