Cogny Cloud feature · Swedish-hosted PII layer

    Send Claude the analysis. Keep the PII at home.

    Cogny Shield routes every tool-call result — HubSpot, BigQuery, Stripe, Shopify, your CRM — through a Swedish-hosted LLM that tags personal data and replaces it with stable placeholders before the result ever reaches the frontier model. Per-warehouse opt-in. Token-metered. GDPR-clean by construction.

    ❯ enable cogny shieldsecurity overview →

    cogny --diagnosis

    THE PROBLEM

    Why GDPR-bound teams cannot use frontier AI on customer data

    PII leaves the EU by defaultMost AI agents pipe whatever the CRM, ad platform, or warehouse returns straight into a US frontier model. For warehouses processing customer data, that breaks GDPR before the analysis even begins.
    Redaction tools cripple the analysisNaive regex strippers replace every email and name with [REDACTED], so the model loses any sense of identity, cohort, or follow-up. The output becomes useless.
    On-prem LLMs are not on the tableRunning Claude or GPT on your own hardware is not realistic for most teams. You need the frontier model — but you cannot send raw PII to it.
    DPAs only get you so farA signed Article 28 agreement does not change the fact that the data was transferred. For sensitive industries, the answer needs to be technical, not just contractual.

    cogny --pipeline

    HOW IT WORKS

    Three stops between your data and the frontier model

    01
    Tool returns data
    HubSpot, BigQuery, Stripe, Shopify — whatever the AI agent calls, the raw response comes back to Cogny inside the EU.
    02
    Berget tags the PII
    Cogny routes the response through Berget, a Swedish-hosted open-weights LLM. The model wraps every name, email, phone, address, SSN, and IP in tags.
    03
    Placeholders go to Claude
    Cogny replaces each tagged value with a stable placeholder — <masked_email1>, <masked_name1> — and forwards the masked text to Claude. The original values never leave the EU.

    cogny --trace

    A SINGLE TOOL CALL

    What each layer in the pipeline actually sees

    Tool returnsHello, peter@company.com — your invoice for Anna Lindberg (070-123 45 67) is overdue.
    Berget tagsHello, <cogny_pii type="email">peter@company.com</cogny_pii> — your invoice for <cogny_pii type="name">Anna Lindberg</cogny_pii> (<cogny_pii type="phone">070-123 45 67</cogny_pii>) is overdue.
    Claude seesHello, <masked_email1> — your invoice for <masked_name1> (<masked_phone1>) is overdue.
    You see (mapping)<masked_email1> = peter@company.com • <masked_name1> = Anna Lindberg • <masked_phone1> = 070-123 45 67

    cogny --benefits

    WHAT YOU GET

    GDPR safety without throwing away the frontier model

    Stays in the EUBerget runs in Sweden. The PII tagging happens before any data crosses to the frontier model. The mapping is stored alongside the tool result in your warehouse.
    Stable identifiersRepeated PII values reuse the same placeholder, so the model can still reason about identity and cohorts: <masked_email1> appears in three rows = same person.
    Full transparencyEvery masked tool result shows a "Cogny Shield" disclosure card with the placeholder→original mapping. You see what the AI saw and what it never saw.
    Fail-closed by designIf Berget times out or errors, the tool result is replaced with an error message — not the raw text. PII never leaks because the masking step failed.
    Pay only for what you maskBerget charges 0.20 EUR per million input tokens for the gpt-oss-120b tagger. Token-metered, billed alongside your normal AI usage. Disable it any time.
    Per-warehouse opt-inCogny Shield is a warehouse-level toggle. Customer-data warehouses turn it on; analytics-only warehouses leave it off. No global compromise.

    cogny --tradeoffs

    HONEST CAVEATS

    What you give up when you turn the shield on

    Every successful tool result becomes one extra Berget call. For a heavy multi-tool analysis that's a small cost overhead and a small latency overhead. Token-metered like any other AI usage and visible in your billing.

    The frontier model loses some of its grip on names, email phrasing, and other identity-flavored signals — it can still reason about cohorts and counts, but stylistic personalization (“write a follow-up to Peter”) gets blunter.

    That trade is not free, but for most teams in regulated industries it's the difference between “we cannot use AI on this data” and “we can.”

    cogny --related

    SEE ALSO
    Security at CognyHow we encrypt, isolate, and audit. RLS, OAuth vault, GDPR webhooks, and incident response.explore →
    Trusted MCPsWhy first-party MCP servers matter — and how Shield is extending to cover the NSA-flagged risks.explore →

    enable per warehouse

    Frontier intelligence. Without the data transfer.