Use AI. Protect Data.
Docuflair Mask
Safely send documents to ChatGPT, Copilot, DeepL or Claude — without exposing personal data. Docuflair Mask replaces sensitive information with consistent pseudonyms and automatically restores them after AI processing.
The Problem: Employees Use AI — Without Safeguards
Shadow AI is the biggest data protection risk of the AI era
65% of employees use AI tools like ChatGPT, Copilot or DeepL at work — but only 25% of organisations have policies in place. Contracts are summarized in ChatGPT, emails analysed with Copilot, expert reports translated with DeepL. Personal data flows uncontrolled to external providers — a systematic GDPR violation that bans alone cannot solve.
Shadow AI
Employees use private AI accounts when official channels are missing. Usage becomes invisible to IT — risk increases.
Uncontrolled Data Leakage
43% of knowledge workers upload company data to AI tools. Approximately 400 data loss incidents per week are caused by AI tools.
Bans Don't Work
27% of organisations have banned ChatGPT — yet employees still use personal devices. The result: zero control, higher risk.
The Solution: Enablement
Instead of banning AI: pseudonymization as a technical safeguard. Employees use AI productively — sensitive data stays protected.
What is Docuflair Mask?
Docuflair Mask is a GDPR-compliant on-premises solution for pseudonymizing personal data in documents in accordance with GDPR Art. 4(5). The software detects sensitive information across 9 PII categories — names, addresses, company names, IBAN, email addresses, phone numbers, dates of birth, tax numbers and file references — and replaces them with consistent pseudonyms. Cross-document replacement tables enable controlled re-identification after external processing. Docuflair Mask is designed for law firms, public authorities and enterprises that need to safely pass documents to AI tools like ChatGPT, translators or auditors without exposing personal data.
How It Works — In 6 Steps
From original document to AI result with original data
Import Documents
Upload contracts, emails, expert reports or personnel files — over 70 file formats including PDF, Word, Excel and scans.
Detect PII Automatically
The software detects personal data across 9 categories: names, addresses, companies, IBAN, email, phone, dates of birth, tax numbers, file references.
Generate Consistent Pseudonyms
"Max Smith" becomes "Person_A" — across the entire document set. Same person = same pseudonym across all documents.
Export Pseudonymized Version
The document is exported with pseudonyms — ready for external processing. The replacement table is stored encrypted.
Send to AI Tool
Send the pseudonymized document to ChatGPT, Copilot, DeepL, Claude or any other external service — without GDPR risk.
Re-Identify Results
After processing, all pseudonyms are automatically replaced with the original data — as if the AI had worked directly with the real data.
Use AI Safely — Practical Examples
Real-world scenarios for pseudonymized AI processing in daily work
Translate Contracts
Translate contracts with DeepL — client names, addresses and account numbers remain pseudonymized.
Summarize Emails
Copilot summarizes long email threads — real names and subject lines are protected by pseudonyms.
Analyse Expert Reports
Claude analyses expert reports — parties involved, addresses and file references remain protected.
Review Contract Clauses
ChatGPT reviews terms and clauses for risks — without knowing the real contracting parties.
Extract Deadlines
AI extracts dates and deadlines from decisions and contracts — without knowing who is involved.
Spell Checking
Have documents checked externally without exposing real names and addresses.
Due Diligence
Hand over financial documents to external auditors — fully pseudonymized.
AI-Powered Analysis
Use ChatGPT, Claude or Gemini for document analysis — GDPR-compliant and auditable.
Consistent Pseudonyms with Replacement Tables
Full control over the mapping between real and pseudonymized data
Consistent Replacement
- Max Smith → Person_A across the entire document set
- Same person = same pseudonym across all documents
- Automatic detection of all variants (first/last name, abbreviations)
9 PII Categories
- Names, addresses, companies, IBAN, email, phone
- Dates of birth, tax numbers, file references
- Freely configurable pseudonym formats
Replacement Table Security
- Encrypted storage (AES)
- Stored separately from documents — separate custody possible
- Accessible only to authorized users
Re-Identification & Audit
- One-click restoration of original data
- Selective re-identification of individual entries
- Complete audit trail of all operations
Anonymization vs. Redaction vs. Pseudonymization
Three methods compared — only one is suited for AI
| Feature | Anonymization | Redaction (Redact) | Pseudonymization (Mask) |
|---|---|---|---|
| Method | Data is generalized | Data is removed | Data is replaced with pseudonyms |
| Reversibility | Irreversible | Irreversible | Reversible (with replacement table) |
| Document context | Lost | Partially lost | Fully preserved |
| AI result usable? | No — context missing | No — data missing | Yes — complete and re-identifiable |
| GDPR status | No longer personal data | Anonymization (Art. 4) | Art. 4(5) — still personal data, but protected |
| Typical use | Statistics, research | Subject access requests, FOI | AI processing, translation, due diligence |
GDPR Legal Framework: Pseudonymization as a Safeguard
What the General Data Protection Regulation says about pseudonymization
Art. 4(5) — Definition
- Pseudonymization means processing personal data in such a manner that it can no longer be attributed to a specific person without the use of additional information
- Additional information (replacement table) must be kept separately
Art. 25 — Data Protection by Design
- Pseudonymization is explicitly cited as an example of technical measures
- Organisations should implement appropriate measures such as pseudonymization
Art. 32 — Security of Processing
- Pseudonymization as a technical measure to ensure processing security
- Appropriate level of protection considering the state of the art
Important to Know
- Pseudonymized data remains personal data — GDPR still applies
- However: the risk when handing over to external services is significantly reduced
The Right Solution for Every Industry
Pseudonymization for your specific requirements
Law Firms & Legal
Client files & contracts
- Contract review by AI without client data
- Deadline extraction from pseudonymized files
- Due diligence with external reviewers
- Legal AI analysis without privilege risk
Tax Advisors
Client data & tax assessments
- AI summaries of tax assessments
- Deadline extraction for filing dates
- Translations for international clients
- Data extraction from receipts and invoices
Public Sector
Official documents & decisions
- Process FOI requests pseudonymized
- AI-powered summaries of case files
- Translations for international correspondence
- Spell checking of official documents
Enterprise
Contracts, HR & compliance
- Contract review through external AI tools
- Pseudonymize HR documents for AI analysis
- Compliance reviews with external consultants
- Translations of confidential business documents
Further Resources
Deepen your knowledge of AI, data protection and pseudonymization
Using ChatGPT Safely in Business
How to use AI tools productively without violating the GDPR.
Read articlePreventing Shadow AI
Why bans don't work and how enablement curbs uncontrolled AI usage.
Read articleDocuflair Redact
When irreversible redaction is the right method — for subject access requests and FOI.
Learn moreFrequently Asked Questions
Answers to the most important questions about pseudonymization
What is pseudonymization and how does it differ from anonymization?
Pseudonymization replaces personal data with consistent placeholders (e.g. "Max Smith" becomes "Person_A") that can be restored to the original data using a protected replacement table. Anonymization, by contrast, removes data irreversibly — context is lost and AI results become unusable. Redaction also permanently removes data. Only pseudonymization is reversible and preserves document context.
Why is pseudonymization better than anonymization for AI tools?
With anonymization and redaction, context and connections are lost — the AI cannot deliver meaningful results. Pseudonymization preserves the document structure: the AI processes complete sentences with consistent pseudonyms and delivers usable results. After processing, pseudonyms are automatically re-identified via the replacement table.
Is pseudonymization GDPR-compliant for AI use?
Yes. Pseudonymization is explicitly defined in Art. 4(5) GDPR and is recommended in Art. 25 (data protection by design) and Art. 32 (security of processing) as a technical safeguard. Pseudonymized data remains personal data, but the risk when transferring to AI tools is significantly reduced.
Which AI tools can I use with Docuflair Mask?
Docuflair Mask is tool-agnostic: you can send pseudonymized documents to any AI tool or external service, including ChatGPT (OpenAI), Microsoft Copilot, DeepL, Claude (Anthropic), Google Gemini, translation services, external auditors and consultants. Since pseudonymization occurs before handover, it does not matter which tool processes the documents.
What does Docuflair Mask cost?
Docuflair Mask is available as part of the Docuflair platform. Licensing is based on the number of users and the chosen feature set. Request a free demo to see the solution live and receive an individual quote.
Complementary Products
Discover additional solutions that pair perfectly with pseudonymization
Docuflair Scan
Digitize paper documents in high quality — the foundation for precise pseudonymization.
Learn moreUse AI. Protect Data.
See in 15 minutes how you can pseudonymize documents and safely pass them to ChatGPT, Copilot, DeepL or Claude.