> ## Documentation Index
> Fetch the complete documentation index at: https://docs.masker.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Masker: HIPAA-grade compliance firewall for voice AI

> Masker intercepts every voice AI conversation, tokenizes PHI before it reaches your LLM, and rehydrates it on the way back — no PHI in your model logs.

Masker is a compliance firewall for voice AI. It proxies every conversation turn between your voice platform and your LLM, detects and tokenizes protected health information before it reaches the model, and reverses the substitution on the way back — so your callers hear natural responses while your LLM provider's logs never contain real PHI.

<Note>
  **Status: private beta.** The portal at [masker-voice.fly.dev](https://masker-voice.fly.dev) and the live demo at [try.masker.dev](https://try.masker.dev) are open for evaluation today. Production beta — with a signed BAA, SLAs, and VPC deployment — launches **May 30, 2026**. To join, see [Beta access](/beta-access).
</Note>

## What you can do with Masker

<CardGroup cols={2}>
  <Card title="Connect a voice agent" icon="phone" href="/quickstart">
    Sign in with GitHub, create an agent in the portal, and get a per-agent proxy URL in under two minutes. No SDK, no code change — just a URL.
  </Card>

  <Card title="See live redaction" icon="eye-slash" href="/how-it-works">
    Place a real call and watch PHI get tokenized before it reaches OpenAI. Verify in OpenAI's own completion logs that no raw data crossed the boundary.
  </Card>

  <Card title="Download signed audit reports" icon="file-shield" href="/compliance/audit-reports">
    Every session generates an Ed25519-signed compliance report with a full BAA chain, HIPAA Safe Harbor coverage breakdown, and a verifiable audit chain.
  </Card>

  <Card title="Try the no-signup demo" icon="flask" href="https://try.masker.dev">
    The hosted demo at try.masker.dev runs the full pipeline against a stub LLM — no account or Vapi key required.
  </Card>
</CardGroup>

## Feature status

These are the capabilities available today, in beta, or on the roadmap. Every feature listed here reflects what the product actually does — not a marketing projection.

| Feature                                            | Status                                     |
| -------------------------------------------------- | ------------------------------------------ |
| Vapi integration via per-agent proxy URL           | ✅ Live                                     |
| ElevenLabs and Bolna integration                   | ✅ Live                                     |
| GitHub OAuth sign-in                               | ✅ Live                                     |
| Real-time PHI detection (regex + Gemma-4 NER)      | ✅ Live                                     |
| Vault-deterministic tokens (HMAC-SHA256)           | ✅ Live                                     |
| Reversible AEAD tokens (AES-256-GCM-SIV)           | ✅ Live                                     |
| HIPAA Safe Harbor coverage (9 of 18 fully covered) | 🟡 Partial — full coverage by May 30, 2026 |
| Per-session signed compliance reports (JSON + PDF) | ✅ Live                                     |
| Hash-chained audit journal with merkle root        | ✅ Live                                     |
| Bolna and Retell platform integrations             | 🚧 In beta                                 |
| Self-hosted Rust container in customer VPC         | 🚧 Available on request                    |
| Signed BAA + SLAs                                  | 🚧 May 30, 2026                            |
| Multi-tenant teams and RBAC                        | 🚧 Roadmap                                 |

## Where to start

If you're new to Masker, start with the [Quickstart](/quickstart) to place your first masked call. If you want to understand the proxy pipeline before touching configuration, read [How it works](/how-it-works) first.

For production access or a pilot, see [Beta access](/beta-access) or email [hello@masker.dev](mailto:hello@masker.dev).
