Now onboarding pilot firms in the Nordics  ·  Book 30 minutes →

The control layer for AI at work.Sensitive data stays on the laptop.

Your team keeps their own ChatGPT and Claude accounts. Compliance gets the audit trail. Built for regulated Nordic firms.

Book 30 minutes See it live ↓

Runs in the browser  ·  Metadata only  ·  Hosted in Stockholm

Works with ChatGPT Claude Gemini Perplexity
EU EU data residency · Stockholm GDPR-first architecture DORA & NIS2 evidence exports 100% on-device detection
The problem

The work moved faster than the rules.

It runs on personal accounts

AI use in most firms started bottom-up and stayed there. A third of workplace ChatGPT sessions run on private logins, outside SSO, outside retention policies, outside anyone's view.

The people leaking are your best people

Gartner expects at least 80% of unauthorized AI transactions through 2026 to come from employees breaking internal policy to work faster, rather than from attacks. In a regulated firm, a personnummer pasted to save 10 minutes is a GDPR incident with a client's name on it.

A policy shows intent. It can't show what happened

When a client, your auditor or Finansinspektionen asks how AI is used, a document describes the rules. It has no record of a single prompt.

0%
of AI interactions at work involve sensitive data
1 in 3
ChatGPT work sessions run on a personal account
Every 3 days
the average employee puts sensitive data into an AI tool
Source: Cyberhaven Labs, 2026 AI Adoption & Risk Report. Gartner, Market Guide for AI TRiSM.

Vaktor closes the gap where it opens: in the browser, before anything leaves the device.

Try it yourself

Type or paste your own.
It never leaves this page.

What you type
What the AI receives

The field above is editable. Masking runs in your browser, which you can confirm in the network tab (F12). The demo recognizes Swedish personnummer, org numbers, IBANs, emails and a sample client list. Demo data uses official Swedish test numbers.

How it works

From shadow AI to governed AI in an afternoon.

01

Install

A browser extension on each laptop. A team is live in an afternoon, working on chatgpt.com, claude.ai and gemini.google.com as before.

02

Mask

Personnummer, org numbers, IBANs and your client list are replaced before a prompt leaves the device. The same entity gets the same placeholder every time, so the AI can reason about the case and the answer stays useful.

03

Prove

Compliance gets a metadata audit trail: categories, counts, timestamps. Export it when Finansinspektionen, your auditor or a client asks how AI is used.

Who it's for

Regulated firms in the Nordics.

Asset managers, law firms and fintechs with 30 to 150 people, where one leaked client name can end the relationship. Built for the CEO or CTO who owns the risk: your teams use AI today, and Vaktor lets you say yes on your terms.

Verifiability

Verify it yourself.

Vaktor sits outside the prompt path by design. Detection runs on the device, and our backend receives metadata only. Your security consultant can confirm it with standard network monitoring. The claim is checkable, and that is the point.

Where this goes

One control point, every AI surface.

The browser is where AI work happens today, so that's where Vaktor starts. The same control point extends to desktop assistants, coding tools and agents acting on your firm's behalf. Govern access, mask what's sensitive, prove what happened. One layer, every model.

Second opinion

Ask the AI your team opened today.

The models know this problem well. Put the question to the tool itself and see what comes back.

Ask ChatGPT Ask Claude Ask Perplexity
The pilot

Four weeks to a governed rollout.

Week 1

Install across 10 to 25 seats and load your client list. Your team signs into their usual AI accounts and keeps working.

Weeks 2–3

Masking runs live. We tune detection against your real patterns, with a short check-in each week.

Week 4

You get the audit trail export and a joint review: what was masked, what it means for your AI policy, and what a full rollout looks like.

Fixed fee, credited toward the annual plan if you continue.

FAQ

Questions buyers ask us.

What is Vaktor?+
A control layer for AI use in regulated firms. A browser extension masks sensitive data on the device, and a metadata audit trail shows compliance how AI is used across the team. Founded and based in Stockholm.
What does Vaktor store?+
Categories, counts and timestamps. Prompt content stays on the device, so even a breach of Vaktor's own backend would expose nothing your clients told you in confidence. Metadata is hosted in Stockholm.
Which AI tools does it cover?+
Pilots run on ChatGPT, Claude and Gemini in the browser, with each person on their own account. Copilot and Perplexity follow. New surfaces ship as updates to the same extension.
What about desktop apps and coding assistants?+
On the roadmap. Most AI work in our segment runs in the browser today, which is why the pilot starts there. A lightweight endpoint agent for desktop apps and IDE assistants is planned next, and the audit trail is built to cover both from day one.
What does a pilot include?+
10 to 25 seats for four weeks: installation, your client list loaded into detection, weekly tuning, and an audit trail export with a joint review at the end. Fixed fee, credited toward the annual plan if you continue.
Where does this stand with GDPR, DORA and NIS2?+
Masking on the device supports GDPR data minimization before anything reaches a third-country provider. The audit trail is designed to slot into DORA ICT-risk and NIS2 reporting as evidence of technical and organizational measures. Vaktor supplies the measures and the documentation; your DPO keeps the judgment.
Pilot programs are starting now

Bring a prompt your team wrote last week.

30 minutes. We'll show you what would have stayed on the laptop, and what a four-week pilot looks like for your firm.

Book 30 minutes
or email directly: [email protected]