Developers

Build agent-to-agent workflows that protect the data they pass.

PrivacyPal's SDK lets one agent encode sensitive data into Privacy Twins, share the twins with another agent or third-party API, and decode the response back to real values — without ever exposing PII, PHI, or proprietary IP outside your trust boundary.

Read the SDK docs View examples
import { PrivacyPalClient } from '@privacypal/sdk';

const client = new PrivacyPalClient({
  apiUrl: 'https://api.privacypal.ai',
  apiKey: process.env.PRIVACYPAL_API_KEY
});

// Encode — PII replaced with Privacy Twins
const encoded = await client.encode({
  data: 'Patient: Jane Doe, DOB: 1985-03-15',
  sourceContainer: 'ehr-system',
  sourceElement: 'patient-record'
});

// Safe to send to any AI or 3rd-party API
const reply = await sendToAI(encoded.encodedData);

// Decode — restore real values
const decoded = await client.decode({
  continuationId: encoded.continuationId,
  data: reply
});
from privacypal_sdk import PrivacyPalClient
import os

client = PrivacyPalClient(
  api_url='https://api.privacypal.ai',
  api_key=os.environ['PRIVACYPAL_API_KEY']
)

# Encode — PII replaced with Privacy Twins
encoded = client.encode(
  'Patient: Jane Doe, DOB: 1985-03-15',
  source_container='ehr-system',
  source_element='patient-record'
)

# Safe to send to any AI or 3rd-party API
reply = send_to_ai(encoded['encodedData'])

# Decode — restore real values
decoded = client.decode(
  continuation_id=encoded['continuationId'],
  data=reply
)
SDKs

Two first-class SDKs. More on the way.

Node.js and Python today — fully supported, production-ready. A public REST API is also available for any runtime that speaks JSON. Additional language SDKs are in progress.

@privacypal/sdk

Node.js 18+ & browser. ES Modules. TypeScript types built in. Encode/decode, batch, file encoding, streaming AI chat, multi-turn sessions, optional client-side NLP.

$npm install @privacypal/sdk

privacypal-sdk

Python 3.9+. Sync API today, async coming. Same encode/decode/batch surface as Node, with helpers for pandas DataFrames and request bodies.

$pip install privacypal-sdk
Coming Soon

privacypal-go

Go module with net/http middleware and context-aware encode/decode. Targeting the same v1 wire protocol as Node and Python.

REST API

Plain HTTPS — encode, decode, batch — for any runtime that speaks JSON. Use directly when an SDK isn't available for your stack.

View API documentation →
What you get

Agent-to-agent infrastructure, with privacy as the default.

Agent entry points

Encode the sensitive parts of an inbound request, hand the twins to whatever agent or API you need, then decode the response back to real values. The protected entity stays inside your boundary.

Compliance by default

HIPAA, GDPR, and SOC 2 friendly out of the box. PII, PHI, and PCI classes are detected automatically, with structure-preserving twins so downstream parsers and prompts keep working.

Streaming AI chat

Server-Sent Events helpers for OpenAI, Anthropic, and Gemini. Encode the prompt, stream the model's response, decode tokens on the way out — your end users see normal token-by-token output.

Self-hosted option

Run the same SDK against PrivacyPal Cloud inside your own network. Encode/decode never leaves your VPC, and audit logs land in storage you already own.

Database scanning (DSPM)

Discover and classify sensitive data sitting in your own databases, file shares, and document stores — so you know what an agent should encode before it ever leaves the row.

x402 payments Future

Coming on the roadmap: agents will be able to require x402 payment before decoding sensitive results — enabling agentic marketplaces where data is shared only on settled terms.

0.10ms
Encode latency per 100 records on a warm gateway.
1-way & 2-way
One-way anonymization or reversible Privacy Twin encoding — chosen per request.
0limits
No per-record cap. Batch as much as your gateway can serve.
Examples

Real workflows. Real APIs.

Three patterns from production deployments — encode/decode the way the SDK actually works.

Agent entry point for secure A2A communication

Encode the sensitive input, hand the twins off to an external agent, then decode the response back to original values.

const encoded = await client.encode({
  data: 'User: John Smith, Email: john@acme.com, ID: user-123',
  sourceContainer: 'my-agent',
  sourceElement: 'user_input'
});

// Share encoded data with an external agent
const response = await sendToExternalAgent(encoded.encodedData);

// Decode the response back to real values
const decoded = await client.decode({
  continuationId: encoded.continuationId,
  data: response.text
});
console.log(decoded.decodedData);
encoded = client.encode(
  'User: John Smith, Email: john@acme.com, ID: user-123',
  source_container='my-agent',
  source_element='user_input'
)

# Share encoded data with an external agent
response = send_to_external_agent(encoded['encodedData'])

# Decode the response back to real values
decoded = client.decode(
  continuation_id=encoded['continuationId'],
  data=response['text']
)
print(decoded['decodedData'])

Healthcare AI: patient data to a 3rd-party analyzer

Encode PHI before sending to a vendor API, decode the analysis on the way back — HIPAA-compliant by design.

const encoded = await client.encode({
  data: 'Patient: Jane Doe, DOB: 1985-03-15, Dx: Condition X',
  sourceContainer: 'ehr-system',
  sourceElement: 'patient-record'
});

const analysis = await fetch('https://vendor-api.com/analyze', {
  method: 'POST',
  body: JSON.stringify({ data: encoded.encodedData })
});

const result = await client.decode({
  continuationId: encoded.continuationId,
  data: (await analysis.json()).report
});
encoded = client.encode(
  'Patient: Jane Doe, DOB: 1985-03-15, Dx: Condition X',
  source_container='ehr-system',
  source_element='patient-record'
)

response = requests.post(
  'https://vendor-api.com/analyze',
  json={'data': encoded['encodedData']}
)

result = client.decode(
  continuation_id=encoded['continuationId'],
  data=response.json()['report']
)

Financial services: decentralized dark pool x402 coming soon

Encode trade info to protect trader identity, match through Privacy Twins, and (in a future release) decode only after x402 payment is settled.

// Future: import { x402Middleware } from '@x402/payment';

const encoded = await client.encode({
  data: 'Trader: trader-789, Symbol: AAPL, Qty: 1000',
  sourceContainer: 'dark-pool',
  sourceElement: 'trade-request'
});

const match = await findCounterparty(encoded.encodedData);

if (match.found) {
  // Future: x402 payment required before decode
  const realData = await client.decode({
    continuationId: encoded.continuationId,
    data: match.counterpartyData
  });
  return realData.decodedData;
}
# Future: from x402 import middleware

encoded = client.encode(
  'Trader: trader-789, Symbol: AAPL, Qty: 1000',
  source_container='dark-pool',
  source_element='trade-request'
)

match = find_counterparty(encoded['encodedData'])

if match['found']:
  # Future: x402 payment required before decode
  real_data = client.decode(
    continuation_id=encoded['continuationId'],
    data=match['counterpartyData']
  )
  return real_data['decodedData']

Get your API key.
Ship your first encode in minutes.

Sign up for a PrivacyPal Cloud account, drop the SDK into your agent, and start encoding sensitive data on the way out the door.

Talk to Engineering Read the docs