The Privacy Proxy for Claude Code.
Work without
sending secrets.
A local privacy proxy that intercepts Claude Code prompts and masks API keys, tokens, and personal data before they leave your machine. ~0.02 ms on a typical prompt.
Every prompt is a potential leak.
"I'm just asking it to refactor a function." And yet, Claude Code just uploaded your entire .env to the cloud.
You ask for help with that function. Your IDE loads the file. Which imports from a config module. Which your agent includes in context. Which contains your production database URL.
This is what gets sent to Claude right now, with no protection:
You can't watch every prompt. Your team can't either.
One .env in context. One secret in a comment. One moment of inattention. This is not a theoretical risk — it's happening in every coding session, right now.
One silent layer between you and the cloud.
TigerMole runs as a local proxy on your machine. Watch what happens to a real request: intercepted, scanned against 111 rules, masked in ~0.02 ms — and restored on the way back.
The proxy runs on your machine. Your code and secrets never reach TigerMole's servers.
After activation it runs with no cloud dependency — just a license revalidation every 15 days.
Masking adds a couple of milliseconds. You won't feel it in your workflow.
Every masking decision is logged on your machine — tamper-evident, optionally encrypted with your own key.
Write what you'd send to Claude.
See what leaves your machine.
This runs in your browser with a subset of the same rule families Tigermole applies locally. Nothing is sent to any server.
111 rules. Compiled in. Zero configuration.
If it shouldn't leave your network, Tigermole catches it. Rules written in Rust, compiled into the binary. No remote updates, no telemetry.
OpenAI · Anthropic/Claude · Google Gemini · Mistral · Cohere · Perplexity · Replicate · HuggingFace
AWS · Azure · GCP · Terraform Cloud · HashiCorp Vault · DigitalOcean · Vercel · Netlify
PostgreSQL · MySQL · MongoDB · Redis · Elasticsearch · Supabase — full connection strings with embedded passwords
GitHub · GitLab · npm auth · PyPI · CircleCI · Jenkins · Bitbucket
Stripe · Twilio · SendGrid · OAuth secrets · JWT secrets · RSA/EC private keys
Email addresses · ID/passport numbers · Credit cards (Luhn-validated) · IBAN · SSN
P50 0.02 ms · P95 0.03 ms on a typical prompt. P95 0.465 ms on clean text up to 64 KB. Measured per request in release.
Your code and your prompts only travel to Anthropic — already masked. The only other connections are your license activation and its renewal against api.tigermole.com (which never include your code, prompts, or secrets) and a latency ping. Zero telemetry. Masking runs 100% on your machine.
If something fails,
the request is blocked.
Never the other way around.
Most tools let data through when they're unsure. Tigermole does the opposite. If the masking engine fails for any reason — panic, timeout, parse error — the request is blocked entirely. It will never forward unmasked data. Ever. This is not a setting. Not a toggle. It's how it's built.
Built for security. Proven by design.
Zero trust in the tool. Full control for your security team.
Your code and your prompts only travel to Anthropic — already masked. The only other connections are your license activation and its periodic renewal against api.tigermole.com, which never include your code, prompts, or secrets. No telemetry. Masking runs entirely on your machine and keeps working offline for up to 30 days.
If the masking engine encounters any error — panic, timeout, parse failure — the request is blocked, not forwarded. Your secrets don't leave even when something goes wrong. This behavior is covered by explicit tests and is not configurable.
P50 0.02 ms · P95 0.03 ms on a typical prompt. Clean text up to 64 KB reaches P95 0.465 ms. Secret-dense payloads are a separate workload and are documented.
Every log entry is chained with SHA-256 and, on Team plans, signed with ED25519 and optionally encrypted with your own X25519 key. Tamper-evident by design. Defensible under GDPR Article 32.
All 111 detection rules ship compiled into the binary — no remote rule updates, nothing to misconfigure. Developers manage local allowlists for false positives; the rule set itself cannot be silently altered.
Every role has a reason to protect their prompts.
From individual developers to compliance teams.
One deploy. Tamper-evident audit logs included.
Ships via your existing toolchain — EXE / MSI · DEB. Structured audit logs, no extra process overhead.
Zero accidental key leaks.
The same compiled-in rules on every machine, invisible in daily work. Your most junior dev can't leak what never leaves the machine.
Tamper-evident logs for regulators.
Every masked event recorded with what, when, and why. Defensible documentation without building custom tooling.
Use AI freely on any codebase.
Even on client code. Stop second-guessing what landed in the model's context window.
Start free. Scale when you need it.
Try Individual free for 14 days. Team is purchased directly for 1 to 20 seats.
- 1 developer · 1 machine
- 111 detection rules
- Windows · Linux · macOS coming soon
- Community support
- Everything in Individual
- Audit log signed with ED25519 (optionally X25519-encrypted with your key · ENC2: prefix)
- JSON export of the audit log
- Everything in Team
- Custom detection rules
- Custom volume-based pricing
- Tailor-made app build with your branding and rules
- SLA + dedicated support
- Custom onboarding
You can't unsend a secret.
But you can make sure you never send one.
No card. No cloud account. No config changes.
Installed in 60 seconds.
