How It Works

The honest version, for the people who'd ask.

Decoy splits the work between your browser and the cloud LLM. This page walks through what each side does, what it sees, and what it doesn't. If something doesn't add up, write to us. We'd rather have the conversation than have you wonder.

The Flow

Eight steps. Four on your side. Four on theirs.

  1. 01
    You paste. Sensitive data and a question, dropped into Decoy in your browser. Nothing has left your machine.
  2. 02
    Decoy reads. A local NER model and a regex layer scan the text for names, organisations, identifiers, currency, dates, percentages. Everything sensitive gets flagged.
  3. 03
    Decoy tokenises. Each flagged entity is replaced with a stable opaque token: [C_xxxx] for companies, [P_xxxx] for people, [N_xxxx] for numbers. The token-to-value mapping is held in your browser memory only.
  4. 04
    You confirm the mask. Decoy shows you what's about to be sent and what's been hidden. You can adjust either side before sending.
  5. 05
    The cloud plans. The tokenised prompt goes to your chosen LLM (Claude, GPT, Gemini, your API key, your choice) with strict instructions: do not compute, return a structured JSON plan composing operations against the literal tokens.
  6. 06
    The cloud returns the plan. A JSON document with a list of formulas, each one written as multiply([N_2201], [N_2202], 2) or similar. No real values. The cloud cannot reconstruct your data because it never had it.
  7. 07
    Decoy executes locally. A small deterministic engine in your browser parses the JSON, substitutes tokens for their real values from the in-memory map, and runs the operations. It can multiply, add, subtract, divide, max, min, average, percentile, compare, sort, filter. Anything outside that closed set, the engine refuses.
  8. 08
    You see the answer. Real values restored. Each result shows its formula and inputs. You can audit every number back to the source row. When you end the session, the mapping is destroyed.

What The Cloud Sees

Side by side. Same prompt. Different worlds.

Below is the exact text Decoy sent to the cloud during the demo on the home page, alongside what you originally pasted. The cloud has no way to recover the left side from the right side.

What you pasted
─────────────────────────────────
Acme Corp bought 4,200 units in Q3
at $89 per unit. Their account
manager Sarah Chen reports they're
considering doubling their order
in Q4.
What the cloud saw
─────────────────────────────────
[C_8847] bought [N_2201] units
in [P_03] at [N_2202] per unit.
Their account manager [P_4419]
reports they're considering
doubling their order in [P_04].

The right column is a complete record of what crossed your network. There is nothing else.

What We Don't Do

Some things we want to be clear about.

We don't run a server in the data path. Decoy is a static web app. There is no Decoy backend that sees your prompts, your API key, or your data. We literally couldn't read your data if we wanted to, there's no place we'd read it from.

We don't store anything between sessions by default. The token-to-value mapping is held in your browser's memory and destroyed when you close the tab or end the session. Optional opt-in session resume uses your browser's IndexedDB only, never our servers, because we don't have any.

We don't intermediate your LLM provider. You bring your own API key. Your prompts go directly to Anthropic, OpenAI, or Google. Their privacy policy applies, not ours.

We don't see your usage. No analytics, no telemetry, no tracking pixels. We don't know what tasks you reach for Decoy on, who you are, or how often you use it. If you tell us, we'll know. If you don't, we won't.

We don't claim to solve every privacy problem. If your industry requires data residency, formal certification, audit logging, or specific frameworks like IRAP, the v1 web app is not the right shape for that yet. Talk to us. We're building toward it, and you might be the first one we build it with.

Open Questions

Things we're still working on.

Magnitude leakage. A very large number can be identifying even when tokenised. "$400M revenue from a Sydney audio company" maps to one company. We have an opt-in bucketing mode in development for high-sensitivity tasks. Right now you should know it exists as a consideration.

Free-text generation. The planning + execution split fits analytical tasks. It doesn't fit "write me an email about [C_8847]." We're not solving that with Decoy in v1. There may be a different shape of product for it later.

Schema robustness. The cloud model occasionally returns a malformed JSON plan. Decoy retries with a tighter prompt and falls back to a human-readable plan if that fails. This is rare but it happens. We log it locally and we're improving it.

Operation coverage. The closed set (multiply, add, max, percentile, filter, etc.) covers most spreadsheet-like work. It doesn't cover advanced statistics, ML-style operations, or anything requiring custom code. We add primitives as new patterns emerge from real use.

Regulated Industries

We're building toward enterprise. We're not there yet.

Decoy v1 is a single-user web app. It is not currently SOC 2, ISO 27001, IRAP, or HIPAA assessed. It does not yet offer the audit logging, admin controls, or data residency guarantees that procurement teams in finance, healthcare, defence, and government need.

We're building toward all of that. The architecture supports it; the certifications take time and money. If you work somewhere where those things are required and you'd like to be a design partner for that version, we'd genuinely like to hear from you.

Tell us about your team ›

If Something's Off

Write to us.

If you've read this page and you've spotted a hole in our reasoning, an architecture concern, a privacy claim that doesn't quite hold, or just a question we should be answering and aren't, tell us. We'd rather have the conversation than have you wonder.

hello@decoy.tools