PL. 01 · № 01
Clinical intake
ملف عيادة
Patient نورة بنت عبدالله السبيعي, NID 1052338941, admitted at King Saud Medical City.
KINDI — A bureau for handling sensitive language.
In-Kingdom PII masking for frontier LLMsRiyadh · Kingdom of Saudi Arabia
04 Jun 2026 · 1447-12-18 HAPI live · --:-- AST
SUBJECT№ 01
For Saudi organizations routing regulated text through frontier LLMs.
TITLE
KINDI lets Saudi organizations use ChatGPT, Claude, and Gemini without exporting personal data.
SPECIMENLIVE
Patient Khalid Al-Otaibi, NID 1052338941, admitted 07 Shawwal 1446H, reachable at +966 50 221 8403.
SUMMARY
PDPL and NCA controls require Saudi personal data to be processed inside the Kingdom. ChatGPT, Claude, and Gemini sit outside it. KINDI substitutes regulated identifiers with deterministic placeholders before the request crosses the border. The mapping is encrypted under your API key and unmasked in your client. The server stores nothing.
ACTIONS
Inside the Kingdomداخل المملكة01 Raw text
your application
Patient نورة … NID 1052338941 …
02 Mask
kindi.me
Patient PERSON_NAME_01 … NID NATIONAL_ID_01 …
04 Unmask
your client
Reply restored locally under your API key.
03 Frontier model
hosted abroad
Same masked text. No citizen data crosses the border.
Interoperates with
Outside the Kingdomخارج المملكة
- 01
Raw
your application
Patient نورة … NID 1052338941 … - 02
Mask
kindi.me
Patient PERSON_NAME_01 … NID NATIONAL_ID_01 … - 03
Frontier model
hosted abroad
Same masked text. No citizen data crosses the border.Interoperates with - 04
Unmask
your client
Reply restored locally under your API key.
PL. 02 · № 02
Reimbursement memo
مذكّرة سداد
Transfer to PERSON_NAME_01, IBAN SA44 2000 0001 2345 6789 1234; confirm to +966 50 221 8403.
PL. 03 · № 03
Court correspondence
مكاتبة قضائية
Re: claimant PERSON_NAME_01, iqama 2391847562, filed 07 Shawwal 1446H.
§ I.
How it worksآلية العمل
Three steps. Detection runs on our side, masking is a deterministic substitution, and unmasking happens in your client.
01detection
Detect
Detection locates PII spans in the input: Saudi National IDs, Iqama, names in both scripts, IBANs, MRNs, dates, addresses, phones. You can scope a request to a subset of entity classes.
02deterministic
Mask
Each span is replaced by a stable placeholder. The mapping is encrypted client-side under a key derived from your API key and returned alongside the masked text. The server keeps no copy.
03client-side
Unmask
Your client decrypts the mapping with the same API key and substitutes the placeholders in the model’s response. The originals never leave your perimeter.
§ II.
KINDI at workكندي أثناء العمل
A single submission, marked, masked, and sealed. The same procedure described above, performed once on a sample case note. No request leaves your browser.
Case note · intake
ملف الحالة · الاستلام
PL. 02 · § 02
Submission
Patient أحمد بن سالم القحطاني, NID 1098234567, presented on 14 Ramadan 1446H. MRN KFMC-4429012. Reimbursement to IBAN SA03 8000 0000 6080 1016 7519.
Ledger
- PERSON00
- NATIONAL_ID00
- DATE_TIME00
- MRN00
- IBAN00
- Total spans00
Envelope · sealed
cipheraes-256-gcm
nonce96-bit, per-request
keyHKDF(api_key) · derived client-side
payload9f2c4a:b81e07:c4d3aa:1e9f02:7b3c81:a04e91:62d8f3
§ III.
What it detectsالتغطية
Six entity classes detected by default. Pass classes on the request to scope detection to a subset.
| Class | AR | Examples | Placeholder form |
|---|---|---|---|
| PII | تعريف | Names in Latin or Arabic script, addresses on the Saudi national addressing system, telephones in E.164, email. | [P-…] · [A-…] · [T-…] |
| Identifiers | هوية | Saudi National ID (10-digit, leading 1), Iqama (leading 2), MRN, passport, CR (commercial registration). | [N-…] · [Iq-…] · [Pp-…] |
| PHI | صحي | Clinical content. Diagnoses, Hijri & Gregorian dates of service, facilities (KFMC, KFSH, NGHA, KAMC, JHAH). | [D-…] · [F-…] · [Dx-…] |
| Legal | قانوني | Parties to a matter (شركة, مؤسسة), jurisdictions, sums under dispute, dates of filing, CR numbers. | [Pty-…] · [J-…] · [§-…] |
| Financial | مالي | Saudi IBAN (SA-prefix, 24 chars), Tadawul tickers, account and policy numbers, sums in SAR. | [Acc-…] · [Pol-…] · [Sum-…] |
| Custodial | حفظ | Audit and chain-of-custody metadata. Who saw, when, under which key. | [Kh-…] · [Aud-…] |
§ IV.
The APIالواجهة
Two endpoints over HTTPS, with a TypeScript SDK on top. Unmasking runs client-side; there is no /unmask endpoint by design.
A. Command line
PL. 13 · § 01
>npm install kindi
+ kindi@0.4.2
>kindi mask --in note.txt --classes NAME,NAT_ID,DOB_H,MRN
masked 214 spans · envelope.json written · 47 ms
>kindi unmask --envelope envelope.json --in reply.txt
unmasked 214 / 214 placeholders
B. TypeScript SDK
intake.tstypescript
1
import { Kindi } from "kindi";
2
3
const kindi = new Kindi({ apiKey: process.env.KINDI_KEY });
4
5
const { text, envelope } = await kindi.mask(input, {
6
classes: ["NAME", "NAT_ID", "RESIDENCE_PERMIT", "MRN"],
7
});
8
9
const reply = await model(text);
10
const whole = envelope.unmask(reply);
C. HTTP
POSTapi.kindi.me/api/v1/mask200 masked
POSTapi.kindi.me/api/v1/redact200 redacted
- 1
- /mask returns the masked text plus an encrypted envelope containing the original mapping. The key wrapping the envelope is derived from your API key client-side.
- 2
- /redact returns enumerated placeholders without an envelope for cases where the original is not needed back.
- 3
- Revoking the API key makes any outstanding envelopes undecryptable. This is by design.
§ V.
Pricingالأسعار
One flat rate per thousand tokens, with a free daily quota. Pay only for what you mask. Prices in SAR, exclusive of VAT.
Freeتجريبي
Evaluation
0 SARper month
- 1,000 tokens per day
- Resets at 00:00, Asia/Riyadh
- One API key
- All entity classes
- Community support
Standard.
Pay as you goإنتاج
Production
1 SARper 1,000 tokens
- Top up any amount; no monthly fee
- Unlimited API keys
- Auto top-up, optional
- Itemised ledger, A5 PDF receipts
- Email support
Enterpriseحجم
Volume
By arrangementcontact for a quote
- Volume pricing
- On-premise deployment, optional
- Custom entity classes
- Signed quarterly attestation
- Dedicated technical contact
Worked exampleex-VAT, pay-as-you-go
- 1,000tokens
- ≈ one clinical note
- 1.00SAR
- 10,000tokens
- ≈ ten notes, a short shift
- 10.00SAR
- 100,000tokens
- ≈ a small clinic, one month
- 100.00SAR
- 1
- A token is one whitespace-separated word. Minimum one token per call. The 1,000-token free quota resets at 00:00 Asia/Riyadh.
- 2
- VAT at the prevailing KSA rate (15 %) is itemised on each receipt. Top-ups are non-refundable; unused balance does not expire.
- 3
- Auto top-up is optional and disables itself on a charge failure. Revoking an API key invalidates any outstanding envelopes by design.
ContinuedThe full pricing schedule
§ VI.
Contactللتواصل
Get in touch.
Email
hello@kindi.me
support@kindi.me
Location
Riyadh, Kingdom of Saudi Arabia
Hours
Replies within one business day, Sunday through Thursday.