AI governance for regulated Nordic firms

The control layer for AI at work.Sensitive data stays on the laptop.

Your team keeps their own ChatGPT, Claude and Gemini accounts. Vaktor masks sensitive data in the browser before it leaves the device, and gives you the audit trail that proves control.

Book 20 minutes See it live ↓
Works with ChatGPT · Claude · Gemini · Copilot
EU data residency, Stockholm GDPR-first architecture DORA & NIS2 evidence exports 100% on-device detection
0%
of AI interactions at work involve sensitive data
1 in 3
ChatGPT work sessions run on a personal account
Every 3 days
the average employee puts sensitive data into an AI tool
Source: Cyberhaven Labs, 2026 AI Adoption & Risk Report
Try it yourself

Type or paste your own. It never leaves this page.

What you type
What the AI receives

The field above is editable. Masking runs in your browser, which you can confirm in the network tab (F12). The demo recognizes Swedish personnummer, org numbers, IBANs, emails and a sample client list. Demo data uses official Swedish test numbers.

How it works

From shadow AI to governed AI in an afternoon.

01

Install

A browser extension on each laptop. A team is live in an afternoon, working on chatgpt.com, claude.ai and gemini.google.com as before.

02

Mask

Personnummer, org numbers, IBANs and your client list are replaced before a prompt leaves the device. The same entity gets the same placeholder every time, so the AI can reason about the case and the answer stays useful.

03

Prove

Compliance gets a metadata audit trail: categories, counts, timestamps. Export it when Finansinspektionen, your auditor or a client asks how AI is used.

Who it's for

Regulated firms in the Nordics.

Asset managers, law firms and fintechs with 30 to 150 people, where one leaked client name can end the relationship. Built for the CEO or CTO who owns the risk: your teams use AI today, and Vaktor lets you say yes on your terms.

Verifiability

Verify it yourself.

Vaktor sits outside the prompt path by design. Detection runs on the device, and our backend receives metadata only. Your security consultant can confirm it with standard network monitoring. The claim is checkable, and that is the point.

Where this goes

One control point, every AI surface.

The browser is where AI work happens today, so that's where Vaktor starts. The same control point extends to desktop assistants, coding tools and agents acting on your firm's behalf. Govern access, mask what's sensitive, prove what happened. One layer, every model.

The pilot

Four weeks to a governed rollout.

Week 1

Install across 10 to 25 seats and load your client list. Your team signs into their usual AI accounts and keeps working.

Weeks 2–3

Masking runs live. We tune detection against your real patterns, with a short check-in each week.

Week 4

You get the audit trail export and a joint review: what was masked, what it means for your AI policy, and what a full rollout looks like.

Fixed fee, credited toward the annual plan if you continue. Founder-led throughout.

FAQ

Questions buyers ask us.

What is Vaktor?+
A control layer for AI use in regulated firms. A browser extension masks sensitive data on the device, and a metadata audit trail shows compliance how AI is used across the team. Founded in Stockholm in 2026.
What does Vaktor store?+
Categories, counts and timestamps. Prompt content stays on the device, so even a breach of Vaktor's own backend would expose nothing your clients told you in confidence. Metadata is hosted in Stockholm.
Which AI tools does it cover?+
Pilots run on ChatGPT, Claude and Gemini in the browser, with each person on their own account. Copilot and Perplexity follow. New surfaces ship as updates to the same extension.
What about desktop apps and coding assistants?+
On the roadmap. Most AI work in our segment runs in the browser today, which is why the pilot starts there. A lightweight endpoint agent for desktop apps and IDE assistants is planned next, and the audit trail is built to cover both from day one.
What does a pilot include?+
10 to 25 seats for four weeks: installation, your client list loaded into detection, weekly tuning, and an audit trail export with a joint review at the end. Fixed fee, credited toward the annual plan if you continue.
Where does this stand with GDPR, DORA and NIS2?+
Masking on the device supports GDPR data minimisation before anything reaches a third-country provider. The audit trail is designed to slot into DORA ICT-risk and NIS2 reporting as evidence of technical and organisational measures. Vaktor supplies the measures and the documentation; your DPO keeps the judgment.
Pilot programs are starting now

Bring a prompt your team wrote last week.

20 minutes. We'll show you what would have stayed on the laptop, and what a four-week pilot looks like for your firm.

Book 20 minutes
or email directly: [email protected]

Founder-led, from Stockholm. Backgrounds from the Stockholm School of Economics, Carnegie and Normain.