Masker is a privacy layer that sits between your voice agent and your upstream LLM. It is not, on its own, a HIPAA-compliant service — compliance is a property of your overall system. What Masker does is make that system substantially easier to certify by shrinking what crosses trust boundaries, producing auditable evidence per session, and giving you deployment options that keep PHI entirely inside your infrastructure.Documentation Index
Fetch the complete documentation index at: https://docs.masker.dev/llms.txt
Use this file to discover all available pages before exploring further.
This page reflects Masker’s compliance posture as of May 2026. It is updated with every meaningful change — not at a marketing cadence.
Framework snapshot
| Framework | Status |
|---|---|
| HIPAA Safe Harbor | 9 of 18 categories full coverage, 3 partial, 5 in progress — May 30 production launch target for remaining categories |
| HIPAA BAA | Available to all production beta customers |
| SOC 2 Type 1 | In progress with Drata, targeting Q3 2026 |
| SOC 2 Type 2 | Q1 2027 |
| HITRUST | Not in current roadmap; available on request for enterprise pilots |
| GDPR | Architecture is GDPR-ready (data residency controls, right-to-erasure via vault drop); EU-hosted region targeted for late 2026 |
| PCI-DSS | Scope reduction only — Masker Luhn-checks and redacts cardholder data before egress; Masker itself is not a cardholder data environment |
What Masker does for your compliance posture
Reduces what crosses a trust boundary
By the time a payload leaves your infrastructure and reaches your LLM provider, every detected identifier has been replaced with a stable placeholder. OpenAI, Anthropic, and similar providers never process PHI on your behalf — because they never see it. This removes them from your HIPAA boundary.Produces auditable evidence per session
Every redaction event is logged to an HMAC-chained, append-only audit journal. Three artifacts are produced per session from the same event stream:- Live transcript firewall — a side-by-side view showing the regulated side (real PHI) and the public side (placeholders only).
- Audit chain — a tamper-evident JSONL log where each event carries a
prev_hashandcurr_hash. A single mutated byte breaks every downstream hash. - Session compliance report — a signed HIPAA Safe Harbor report in two consistent formats: Masker Audit Schema v1 JSON and an auditor-ready PDF. Both share the same
merkle_root_hex.
Fail-closed audit
If the durable journal append fails, Masker returnsAuditUnavailable and halts processing for that request. There are no quiet drops. You will always know when the audit chain cannot be extended.
BAA chain attestation
Every session compliance report records which BAA-gated paths were used — for example, the production TTS rehydration slug. This creates a per-session attestation that processing stayed within the paths covered by your BAA.Stays inside your infrastructure when you choose
Masker runs as a Docker container in your AWS, GCP, or Azure account. PHI never leaves your network on the way to the model — it leaves as tokens over TLS. This is the recommended deployment for any production healthcare workload.No PHI stored by default
The default configuration does not log raw payloads, does not persist transcripts, and does not retain audio. Only tokens, events, and metadata are stored. Encrypted payload retention is an opt-in per agent with a configurable window.What Masker does not do
- Masker is not a substitute for a security program. Access control, vendor management, breach response, workforce training, and the rest of HIPAA’s administrative safeguards are your responsibility.
- Masker does not sign your BAA with your LLM providers. In most architectures you will not need one (because they never see PHI), but your counsel decides that — not us.
- Masker is not yet certified. SOC 2 Type 1 is in flight for Q3 2026. If your prospect requires SOC 2 before a pilot, the right answer is to wait.
Why the architecture is audit-friendly
A few deliberate choices that shape the compliance posture:Rust with minimal dependencies
Rust with minimal dependencies
A smaller supply chain means fewer CVEs and a codebase that is faster to audit. Masker has no telemetry calls in the container — there is nothing to disclose.
Customer VPC as a first-class target
Customer VPC as a first-class target
Self-hosted deployment has been supported since v0. It is not a bolt-on. When you need PHI to never leave your network, that deployment path is fully supported and documented.
Open-source detection and audit code
Open-source detection and audit code
The detection, tokenization, and audit chain code is in the public repository. Auditors do not have to take our word for how the chain is built — they can read and recompute it themselves.
No SaaS-only constraint
No SaaS-only constraint
You are never forced through a Masker-managed service. Every compliance artifact is producible in an air-gapped, customer-controlled deployment.
Compliance artifacts generated per session
| Artifact | Format | What it proves |
|---|---|---|
| Audit chain | JSONL, HMAC-chained | Every detection event occurred; chain is tamper-evident |
| Session compliance report (JSON) | Masker Audit Schema v1 | Machine-verifiable HIPAA Safe Harbor coverage and redaction counts |
| Session compliance report (PDF) | Auditor-ready HIPAA PDF | Human-readable compliance evidence; same merkle_root_hex as JSON |
| BAA chain attestation | Embedded in report | Which BAA-gated paths were used for this session |
Go deeper
HIPAA Safe Harbor
Coverage matrix for all 18 identifier categories — current status and what “full” means in practice.
Audit reports
What is in a session compliance report, how to download it, and how to verify the Ed25519 signature and chain integrity offline.
Data residency
Where data lives, what crosses region boundaries, and deployment options for strict residency requirements.