# Documentation

Compliance-as-a-Service for AI Applications

Aptly is a drop-in API that sits between your application and any LLM provider, automatically redacting PII and creating immutable audit logs for every request.

What It Does

Automatic PII Detection

Scans every request for sensitive data (SSNs, emails, credit cards, names, etc.) before sending to LLMs

Configurable Redaction

Choose how to handle PII: mask it (PERSON_A), hash it, or remove it entirely

Immutable Audit Trail

Every request is logged with timestamps, PII detections, and full metadata (database-enforced immutability)

Multi-Provider Support

Works with OpenAI, Anthropic, Google, Cohere, Together AI, and more via LiteLLM

How It Works

Request Flow
┌─────────────┐
│ Your App    │
└──────┬──────┘
       │
       │ 1. API Request
       │
┌──────▼──────────────────────────────────────────┐
│ Aptly Middleware                                │
│                                                  │
│ ┌────────────────┐      ┌──────────────────┐   │
│ │ PII Detection  │─────▶│ Redaction        │   │
│ └────────────────┘      └──────────────────┘   │
│                                                  │
└──────┬───────────────────────────────────┬──────┘
       │                                   │
       │ 2. Redacted Request              │ 3. Audit Log
       │                                   │
┌──────▼──────┐                    ┌──────▼──────┐
│ LLM Provider│                    │ Database    │
│ (OpenAI)    │                    │ (Immutable) │
└─────────────┘                    └─────────────┘

Your application sends requests to Aptly instead of directly to OpenAI/Anthropic/etc. Aptly scans for PII, redacts it based on your settings, forwards the clean request to your chosen LLM, and logs everything before returning the response.

Why Use Aptly

Zero Code Changes

If you're already using the OpenAI SDK, you only need to change the base_url parameter. That's it. No refactoring, no new libraries to learn.

Compliance Out of the Box

GDPR requires you to demonstrate "appropriate technical and organizational measures" for data protection. Aptly gives you automatic PII redaction and immutable audit logs—the two foundational requirements.

You Own Your Keys

Aptly never stores your LLM provider API keys. You pass them per-request, maintaining full control and ensuring Aptly can never make unauthorized calls on your behalf.

Provider Agnostic

Switch between OpenAI, Anthropic, Google, or Cohere without changing your integration. Aptly normalizes the interface so your code stays the same.

Next Steps