Public sector & government EU-sovereign

Citizens trusted you with their data. AI tools are one paste away.

Across ministries, agencies, councils and public bodies, civil servants already use AI to draft letters, summarise case files and translate documents. The risk isn't that they use it — it's what they paste into it: citizen records, ID numbers, case files, confidential documents. Tracehold catches that on the device, before it ever reaches the AI tool, and maps scattered AI use to GDPR, NIS2, ISO 27001 and SOC 2 — with visibility into your EU AI Act exposure alongside it — through audit-ready reports.

On-device detection EU sovereignty · on-device by default GDPR · NIS2 · ENS-aligned
about to be pasted into AI

Tracehold catches it before it leaves the browser:

A citizen's name, national ID & address national ID number — caught as personal data
Block
A case file marked confidential caught as a restricted document
Redact
A credential in pasted config caught as a secret — never sent
Block

The prompt stays in the browser. Only metadata — type, severity, timestamp — reaches your security team.

On the device
Where detection runs

We see what's about to go to AI right where staff work — before it leaves the machine.

Citizen data stays put
What leaves the browser

By default the prompt never leaves the browser. We only learn the type of finding, how severe it was, and when.

1,600+
Detection patterns

Across 2,200+ recognised AI tools and sites — including the free-form personal data that has no fixed shape.

EU
Built and hosted in Europe

Built and hosted in the EU, with EU data residency throughout.

[ Shadow-AI exposure · observe ]

Shadow AI doesn't respect departmental boundaries

Generative AI didn't arrive through a procurement process — it arrived through the browser, on every desk, in every agency, all at once. Helpful, fast, and one paste away from sending citizens' data to a third party your organisation never signed a contract with. The intent is almost always to do the job better. The exposure is the same regardless.

Citizen & case data

A caseworker pastes a full citizen record — name, national ID, address, benefits or health notes — into an AI tool to draft a reply. An official summarises an applicant's file. Each one is regulated personal data leaving public control.

Confidential documents

Staff drop internal memos, draft legislation, procurement files, tender evaluations and restricted reports into AI tools to "summarise this" or "tidy up the language." Sensitive policy and personal data go straight into a public model's prompt.

Sprawl across agencies

Dozens of departments, agencies and local bodies, each adopting AI at its own pace with no central view. No one can answer the basic question — who is sending what to which AI tool — so the risk stays invisible until it isn't.

Said plainly: traditional DLP watches email and file shares — it never sees the prompt box in a browser tab. That's the exact channel AI runs on. Tracehold was built for that channel: it inspects what's about to be sent to an AI tool, on the device, before it leaves.
[ Detection coverage · redact ]

Built to recognise the data a public body can't afford to lose

With 1,600+ detection patterns across 2,200+ recognised AI tools and sites, Tracehold recognises both the structured data with a fixed shape and the free-form personal data that has none.

Citizen & personal data

Names, dates of birth, addresses, national and tax IDs, case references and benefits or health details — including names and addresses that follow no fixed format and slip past pattern-only tools.

Confidential documents

Internal memos, restricted reports, draft policy, procurement and tender files, legal advice and source code — recognised as confidential material so a quick "summarise this" doesn't quietly export it.

Credentials & keys

API keys, access tokens, passwords, private keys and connection strings hidden inside pasted code or config — caught before they reach an AI assistant and become someone else's.

Catches it at the source

Detection runs on the device, in the browser, the moment something is about to be sent to an AI tool — typed, pasted, uploaded as a file, or embedded in a screenshot. The prompt never leaves the browser by default — there's no proxy and no copy of citizen data sitting on our side.

Warn, redact, or block — your policy

Low-risk cases get a clear heads-up. The sensitive part can be stripped so the rest goes through. High-risk pastes are blocked outright, with a message that explains why — so staff learn, not just get stopped.

Covers the whole desk

Beyond the browser extension, Tracehold reaches the desktop, developer and terminal tools, Outlook, and removable media like USB drives — so the protection follows the work, not just one tab.

Named entities you tell it to watch

Add your own list of sensitive names — agency and department names, confidential project codenames, named officials, key contractors — and Tracehold matches them exactly, everywhere they appear, on top of the built-in patterns.

[ EU digital sovereignty · on-device ]

A tool that protects public data — without becoming a foreign dependency

For a public body, where the tool itself lives matters as much as what it does. Tracehold is built and hosted in the EU, with data residency in Europe. And because most of the detection work happens on the device rather than in our cloud, citizen data has nowhere to travel to in the first place.

Built and hosted in the EU

Tracehold is built and hosted in Europe, with EU data residency — so the tool that protects public data doesn't become a new cross-border transfer problem of its own.

On-device language understanding

Pattern, checksum and named-entity detection all run locally in the browser — no text leaves the device for that layer. Only if your organisation opts in to the deeper semantic layer does any text reach a server, and even then it's processed on our own EU infrastructure, never handed to a third-party model.

Metadata-only by default

Even in a managed deployment, only metadata — type of finding, severity, timestamp — reaches the backend. The prompt content itself never does by default.

Built, hosted and run in the EU

Tracehold is built and hosted in Europe, with EU data residency. Detection happens on the device by default, so the prompt stays right where your staff are working — before it ever needs to go anywhere.

No master back door, no "trust us" — the protections are built into how the product works. See how we protect your data →

[ GDPR · NIS2 · ENS · EU AI Act ]

Uncontrolled AI use touches every framework a public body answers to

Public bodies sit under some of the strictest obligations in Europe. The same paste can trip more than one rulebook at once — and in Spain, the Esquema Nacional de Seguridad sets the bar on top.

GDPR

Pasting a citizen's personal data into a public AI tool can be an unlawful transfer to a third party. Catching it on the device keeps that data from ever leaving public control.

NIS2

Public administrations are in scope for stronger cyber-risk management and accountability. Demonstrable control over how data leaves to AI tools — with an audit trail — is part of showing you manage the risk.

ENS (Spain)

The Esquema Nacional de Seguridad governs how Spanish public bodies protect information and systems. Tracehold is aligned with and mapped to ENS — controlling data flow to AI tools supports those measures. We do not claim ENS certification.

EU AI Act

As public services adopt AI, you need to know where and how it's used, and govern it. Tracehold maps your actual AI use so you can govern it rather than guess at it.

[ Compliance mapping · live readout ]

Compliance mapping you can put in front of leadership and auditors

Tracehold maps your real AI exposure to GDPR, NIS2, ISO 27001 and SOC 2, and gives you a live picture of your EU AI Act exposure alongside it. Instead of an annual return, you get a clear, always-current view that updates as your risk does — and the evidence behind it when an auditor or your data protection authority asks.

Risk, not theatre

The mapping reflects what your people are actually doing with AI today — what's being caught, how often, how severe — not a point-in-time checklist that's stale by lunchtime.

Evidence on demand

Every finding leaves an audit trail with just the essentials — type, severity, timestamp — so you can show diligence to an auditor without exposing the underlying data.

Aligned, and honest about it

Tracehold is aligned with and mapped to ENS, PCI-DSS and SOC 2, with ISO 27001 certification in progress. We tell you exactly what is certified and what is mapped — never more.

From "we think we're fine" to "here's the picture"

Most public bodies can't answer a simple question from leadership: how much citizen data is going to AI right now, across our agencies? Compliance mapping answers it — and shows the trend as your controls take effect.

The mapping covers GDPR, NIS2, ISO 27001 and SOC 2 in one view, plus visibility into your EU AI Act exposure. See compliance in depth →

[ Deployment · MDM-pushed ]

Weeks, not months — no proxy, no network surgery

A public body can't bolt a new inline proxy into its network on a whim. Tracehold rolls out as a browser extension you push with the device management you already run — so the security team stays in control and the network stays untouched.

Pushed via your MDM

Deploy the extension centrally through Microsoft Intune or any standard MDM, tied to your identity provider — Microsoft Entra ID or Okta. No agent your endpoint team has to babysit, no inline gateway.

Start observe-only

Begin in a pilot that watches and reports without blocking anyone. You see exactly what would be caught — and where your real exposure is, across agencies — with zero disruption to the work before you turn on enforcement.

Plugs into your stack

Findings flow to Splunk or Microsoft Sentinel and alerts to Slack or Microsoft Teams. Hosted in the EU with EU data residency throughout.

Most teams go from first call to protected in 2–4 weeks. Detection runs on the device; only metadata reaches the backend by default.
[ Plans · published pricing ]

Start free, scale to governed

Honest, published pricing. Begin on the device for free, add managed visibility and compliance reporting when you're ready.

Free

Runs entirely on the device. No account, no backend — nothing your staff type is sent anywhere.

See what's included

Insight — €40/user·mo

Managed visibility into AI exposure across your agencies, with metadata-only reporting and live compliance mapping.

See Insight

Governance — €60/user·mo

Full enforcement, audit trail and integrations for security and compliance teams that need to prove control.

Talk to our team
[ FAQ · public-sector buyers ]

What public-sector buyers ask first

Does citizen data ever reach Tracehold?
No, not by default. Detection runs on the device, in the browser, and the prompt itself stays in the tab by default. In managed deployments only metadata — the type of finding, its severity and a timestamp — reaches the backend, not the prompt content. If your organisation opts in to the deeper semantic layer, the text it reviews is processed on our own EU infrastructure, never handed to a third-party model.
Where is Tracehold hosted, and does it create a new sovereignty risk?
Tracehold is built and hosted in the EU, with European data residency. On-device detection means most prompts never reach any server at all, ours or anyone else's — and where a deeper analysis layer is enabled, it runs on our own EU infrastructure rather than a third-party AI provider.
How does it help with GDPR, NIS2, ENS and the EU AI Act?
Tracehold maps your real AI use to each framework as live compliance mapping covering GDPR, NIS2, ISO 27001 and SOC 2, with audit-ready reports. You get control over data flowing to third-party AI tools (GDPR), demonstrable risk management with an audit trail (NIS2), and — because every finding is logged — a live picture of where AI is actually being used, so you can govern it under the EU AI Act rather than guess at it. For Spain, Tracehold is aligned with and mapped to the Esquema Nacional de Seguridad (ENS) — controlling data flow to AI tools supports those measures, though we do not claim ENS certification.
Are you certified — ISO 27001, ENS, SOC 2?
We're honest about status. ISO 27001 certification is in progress. Tracehold is aligned with and mapped to ENS, PCI-DSS and SOC 2, but is not certified against them — we never claim certification we don't hold. We're happy to walk through the detail with your security and compliance team.
Can it cover many agencies and departments at once?
Yes. You push the extension through your existing MDM across departments, tied to Microsoft Entra ID or Okta, and each unit's data stays isolated. A central team can get visibility across the estate while changes stay scoped to where they belong. References are available under NDA.
How fast can we be protected?
Weeks, not months. You push the extension through your existing MDM, no proxy or network changes required. Most teams go from first call to protected in 2–4 weeks, starting with an observe-only pilot. Pricing is published up front: Free, Insight (€40/user·mo) and Governance (€60/user·mo).

See what your organisation is already sending to AI

Start an observe-only pilot and get a clear, honest picture of where citizen data and confidential documents are leaking to AI tools — across your agencies, with zero disruption to your people. References available under NDA.