Migration guide
Teams move from Private AI to Philter when an open source, auditable engine becomes a requirement, when they want the surrounding toolkit (proxy, discovery, monitoring, benchmarking) rather than a redaction API alone, or when commercial usage-based pricing stops fitting the volume. Because both run as a self-hosted service in your environment, the migration is mostly a policy and request-shape translation, not a re-architecture.
The reasons teams give for migrating off Private AI, in roughly the order we hear them.
A security review, a regulated deployment, or an auditor's question turns "trust the vendor's datasheet" into "show me the detection logic." Philter's rules and models are open source under Apache 2.0; you can read, build, and verify them. See Show me the code path.
Redaction is one step. Teams consolidate onto Philter to also get discovery, drift monitoring, benchmarking, and the LLM proxy from one toolkit and one policy model.
Commercial, usage-based pricing is predictable at low volume and grows with it. Philter's open source engine has no per-call license cost, and marketplace deployment bills a flat per-instance-hour rate that flattens at scale.
How Private AI concepts translate to Philter equivalents. The intent maps directly; the request and response shapes differ, and Philter's policy engine opens up control Private AI does not expose.
| Private AI | Philter | Notes |
|---|---|---|
POST /process/text de-identify call | POST /api/filter | Same intent (find and transform PII in text). Philter returns redacted text by default; the explanation with entity spans is available with an additional parameter. |
| Enabled entity types in the request | Policy identifiers block | Private AI selects entity types per request; Philter selects and configures them in a reusable JSON policy, plus dictionaries, regex, and custom identifiers. |
| Entity accuracy / processing options | Per-entity confidence and severity in policy | Philter exposes confidence and severity per entity type, with different thresholds per policy. |
| Replacement type (mask, synthetic, marker) | Filter strategies (mask, redact, encrypt, FPE, replace, abbreviate, pass through) | Philter supports more strategies, including format-preserving encryption and consistent synthetic replacement scoped to a document or context. |
| Re-identification / entity map | Consistent pseudonymization + format-preserving encryption | Where Private AI returns an entity map for re-identification, Philter offers reversible format-preserving encryption and context-scoped consistent replacement. Map your reversibility needs onto these deliberately (see pitfalls). |
| Files endpoint (PDF, image, audio) | Text and PDF natively; audio and images via a pre-step | Philter redacts text and PDF. For audio, transcribe first (for example with Amazon Transcribe) and redact the transcript; for images, OCR first. Confirm this fits your modality needs before migrating. |
| Container deployment (Kubernetes / Docker) | Container in your VPC, on-prem, or air-gapped | Both deploy as a container, so your orchestration and networking carry over with minimal change. |
A safe migration runs Philter in shadow mode against your existing Private AI traffic, validates parity on a sample, then cuts over per integration point. Most teams complete it in two to four weeks.
List every call to Private AI, the entity types enabled at each, the replacement behavior, and crucially the modalities (text, PDF, image, audio). Flag any image or audio paths, since those need a transcription or OCR pre-step under Philter.
For each integration point, write a Philter policy that maps the enabled entity types and replacement behavior. Use the migration to add anything you were doing in application code around Private AI (custom identifiers, conditional rules) directly into the policy.
Deploy Philter from a cloud marketplace (or your own registry) into your environment. No application code changes yet; you are standing it up next to the existing pipeline.
Send a sample of production text to both Private AI and Philter. Diff the entity detections and the redacted output. Tune the Philter policy to close meaningful gaps, typically a custom regex for an internal identifier or a confidence adjustment.
Switch one integration point at a time. Watch entity-type counts with Phield or your own metrics. Roll back instantly if anything looks off. Migrate image and audio paths last, once the transcription or OCR pre-step is in place.
Once everything is on Philter and stable, wind down the Private AI contract and remove its credentials from your pipeline.
Both Private AI's container and Philter run as a service in your environment, so the call path is structurally the same: application sends text to a local service and gets redacted text back. The two architectural differences to plan for are (1) modality: if you used Private AI's image or audio endpoints, add an OCR or speech-to-text pre-step before Philter, and (2) reversibility: if you relied on Private AI's re-identification, decide whether Philter's format-preserving encryption or context-scoped consistent replacement covers that need, or whether the data should not be reversible at all. For high availability, run two or more Philter instances behind an internal load balancer.
Private AI uses commercial usage-based pricing negotiated with sales, so compare against your actual contracted rate. Philter's open source engine has no per-call license cost; marketplace deployment bills a flat per-instance-hour rate ($0.49/hr) regardless of document count, plus your own compute. For steady high-volume workloads, the flat per-instance model is typically the cheaper curve; for low volume, run the numbers against your specific contract.
A 30-minute call with Jeff covers your current setup, the migration path that fits your stack, and where the gotchas usually live. No sales pitch.