Self-Hosted · Open Deployment

Stop AI data leaks
before they leave
your perimeter.

BitDrip intercepts everything your team sends to ChatGPT, Claude, Gemini and other LLMs — blocking PII, credentials, PHI and proprietary data in real time. Runs entirely in your infrastructure. No cloud. No trust required.

⇓ Download v1.0.1 View Docs →
SHA-256: a3f8c2d1e9b4720f3c8a5d6e1b2f9c4d  · 142 MB
Designed to support compliance with GDPR HIPAA PCI DSS SOC 2 ISO 27001 CCPA
YOUR DATA STAYS YOURS.
< 5 min
Average deploy time
6
Compliance frameworks
15+
Detection categories
99.9%
Uptime SLA
Why BitDrip

Built for enterprise security teams

Three capabilities that make BitDrip the right choice for organisations that take data privacy seriously.

🛡
Real-time Protection

Intercepts every prompt sent to ChatGPT, Claude, Gemini and other LLMs. Detects and blocks PII, PHI, payment card data, API keys, passwords, and proprietary content before it leaves your network.

🔒
Zero Cloud Dependency

Runs entirely in your infrastructure via a single Docker Compose file. No data ever touches an external server. Your team's AI usage stays inside your perimeter — always.

📋
Compliance & Audit

Built-in profiles for GDPR, HIPAA, PCI DSS, SOC 2, ISO 27001 and CCPA. Every policy evaluation is cryptographically signed and immutably logged for auditors and regulators.

Security-first architecture

Built against industry standards. Every control is implemented in code and documented.

A01
Broken Access Control
JWT RBAC with role-based permissions. Org-scoped data isolation on every query.
A02
Cryptographic Failures
AES-256 at rest, TLS 1.3 in transit, ed25519 license signing.
A03
Injection
Parameterized queries throughout. Schema-validated inputs. XSS sanitization on all user-controlled output.
A04
Insecure Design
Privacy-by-design. AI content never stored — SHA-256 hashes only.
A05
Security Misconfiguration
Helmet.js (HSTS, CSP, X-Frame-Options). CORS allowlisting. No default credentials.
A06
Vulnerable Components
Automated dependency scanning. Dependabot-enabled weekly updates. Reproducible builds with npm ci.
A07
Auth Failures
Magic-link auth — no passwords, no credential stuffing. Short-lived signed JWTs. OIDC/SSO for enterprise deployments.
A08
Integrity Failures
SHA-256 installer checksums. ed25519-signed license JWTs. Pinned lock files.
A09
Logging Failures
Structured JSON audit logging. Sensitive fields sanitized at source. Tamper-evident event trail.
A10
SSRF
No external URL fetching from user content. Outbound connections allowlisted.

Zero Trust Data Flow

AI content is never stored. SHA-256 hashing means violations are auditable without retaining sensitive data.

Cryptographic Verification

Every installer bundle is SHA-256 signed. License JWTs use ed25519 — the same algorithm that secures SSH keys.

Self-Hosted by Design

Your data never leaves your infrastructure. No phone-home analytics, no cloud dependency for policy decisions.

Designed to support compliance with GDPR HIPAA PCI DSS SOC 2 ISO 27001 CCPA

Controls are implemented in code and documented. Read the documentation →

Compliance Coverage

Designed to support your compliance requirements

BitDrip detects and blocks content that violates each framework's requirements — before it leaves your network.

🇪🇺
GDPR
PII & special-category data — names, emails, addresses, national IDs
🏥
HIPAA
PHI & patient data — medical records, conditions, insurance IDs
💳
PCI DSS
Card numbers (Luhn-validated), CVV codes, PINs
🔐
SOC 2
API keys, passwords, secrets & credentials
📋
ISO 27001
Credentials, proprietary data & internal document markers
⚖️
CCPA
California resident PII & consumer personal data

Designed to support compliance — not a substitute for legal review.

Getting Started

From zero to protected in minutes

Register once, deploy anywhere. No cloud accounts, no agents to manage.

1
Register
Create your account and choose a plan. Receive your signed license file by email.
2
Download
Download the installer bundle. Verify the SHA-256 checksum. Extract and review.
3
Deploy
Run ./install.sh then docker compose up -d. Live in under 5 minutes.
4
Protect
Configure policies in the dashboard. Point your team's AI tools at the gateway. Done.

Full installation guide, configuration reference, and troubleshooting are in the documentation.

Read the Docs →
Pricing

Simple, annual licensing

Start free. No credit card required for the Community tier.

Community
Free
forever
  • Up to 10 users
  • All detection rules
  • Browser extension
  • Audit logging
  • Community support
Download Free ↓
Starter
$1,500
/ year
  • Up to 50 users
  • All detection rules
  • Browser extension
  • Compliance reports
  • Email support
Get Started →
Most Popular
Professional
$5,000
/ year
  • Up to 250 users
  • 3 deployments
  • All detection rules
  • Compliance reports
  • Keycloak SSO / AD
  • Priority support
Get Started →
Enterprise
Custom
annual contract
  • Unlimited users
  • Unlimited deployments
  • Custom SLA & onboarding
  • Dedicated CSM
  • SIEM integrations
  • Air-gap & HA support
Contact Us →
Ready to stop the leaks?
Register free, download the installer and have BitDrip running in your environment today. Community tier covers up to 10 users with full policy enforcement and audit logging.
Linux x86_64 Linux arm64 macOS Windows (WSL2) Docker Podman
Latest: v1.0.1 ·  Released: 2026-05-22 ·  SHA-256: a3f8c2d1e9b4720f3c8a5d6e1b2f9c4d7a8e3b1f6c2d9e4a7b8f1c3d6e9a2b5
⇓ Download v1.0.1 Register Free →
More from Anchor Cyber Security
Anchor Insight
Security awareness training & phishing simulations delivered in Slack
insight.anchorcybersecurity.com ↗
Compliance Bootcamp
Post-audit compliance gap tracking across 19 frameworks
bootcamp.anchorcybersecurity.com ↗
TL;CR
CPE credit tracking for cybersecurity professionals
tlcr.app ↗