Is it safe to put company code into Cursor or Copilot?

Not by default. Whatever you paste or open gets sent to the AI provider's servers, including secrets and customer data. Emil sits between your tools and the model and catches API keys, credentials, customer data, and source code before they ever leave.

Can AI coding tools see my API keys and .env files?

Yes, whenever they end up in the files or prompts you send, which is the most common way secrets leak. Emil detects keys, tokens, passwords, and .env values and redacts them before the prompt reaches the model.

Does Emil slow down my AI?

No. Emil screens in the moment and hands the model a clean prompt, so you get the same responses at the same speed.

Does Emil store my prompts or my code?

No. Emil processes your text in memory and keeps only a short screening record (the decision, risk score, and a redacted preview), never the full content. Classification runs on Emil's own infrastructure, is never sent to a third-party model, and is never used for training.

Which tools does Emil work with?

Anything OpenAI-compatible: Cursor, Claude Code, Copilot, Lovable, v0, ChatGPT, Gemini, DeepSeek, Ollama, and self-hosted models. Point your tool at Emil instead of the provider, or use the browser extension if you don't write code.

Do I need to be technical to use it?

No. Developers change one line of config (the base URL). Everyone else uses the one-click browser extension that screens prompts before they reach the AI.

HIPAA & AI

Use AI without putting PHI where HIPAA can't follow

Emil detects protected health information — names tied to conditions, MRNs, the 18 Safe Harbor identifiers — and blocks or redacts it before a prompt reaches an AI tool that has no BAA.

Protect your team For developers

The HIPAA problem with AI

Staff paste patient details into ChatGPT — a disclosure of PHI to a vendor with no BAA.
PHI in an AI provider's logs is a reportable breach with per-record penalties.
Most AI tools offer no way to keep PHI out of prompts.

How Emil helps with HIPAA

Detects PHI: names linked to conditions, MRNs, the 18 Safe Harbor identifiers
Blocks or redacts before the prompt leaves the browser or reaches your model
Fails closed — if a classifier is down, PHI is blocked, not let through
Keeps an audit trail of every decision; content is never retained

What Emil can't do alone

It doesn't replace your policies, training, or vendor contracts
It can't grant data-subject rights or run risk assessments for you
It's one control within a broader compliance program

Emil is a technical control, not a compliance program. It reduces risk and produces evidence, but duties like consent, recordkeeping, risk assessments, and contracts (e.g. BAAs, DPAs) sit outside any screening layer. Review with counsel.

Questions

Does Emil make us HIPAA compliant?

Emil is a strong technical safeguard for keeping PHI out of ungoverned AI tools, and it maps to HIPAA's Privacy and Security rules. But compliance is a program — pair Emil with your policies, training, and BAAs.

What PHI does Emil detect?

Patient names tied to conditions or treatment, medical record and account numbers, and the 18 HIPAA Safe Harbor identifiers, plus PII like SSNs and contact details.

What happens if a classifier is unavailable?

Emil fails closed for PHI — the request is blocked rather than allowed through, so sensitive health data is never released on a best-effort basis.

Other regulations

GLBA FERPA GDPR