Is it safe to put company code into Cursor or Copilot?

Not by default. Whatever you paste or open gets sent to the AI provider's servers, including secrets and customer data. Emil sits between your tools and the model and catches API keys, credentials, customer data, and source code before they ever leave.

Can AI coding tools see my API keys and .env files?

Yes, whenever they end up in the files or prompts you send, which is the most common way secrets leak. Emil detects keys, tokens, passwords, and .env values and redacts them before the prompt reaches the model.

Does Emil slow down my AI?

No. Emil screens in the moment and hands the model a clean prompt, so you get the same responses at the same speed.

Does Emil store my prompts or my code?

No. Emil processes your text in memory and keeps only a short screening record (the decision, risk score, and a redacted preview), never the full content. Classification runs on Emil's own infrastructure, is never sent to a third-party model, and is never used for training.

Which tools does Emil work with?

Anything OpenAI-compatible: Cursor, Claude Code, Copilot, Lovable, v0, ChatGPT, Gemini, DeepSeek, Ollama, and self-hosted models. Point your tool at Emil instead of the provider, or use the browser extension if you don't write code.

Do I need to be technical to use it?

No. Developers change one line of config (the base URL). Everyone else uses the one-click browser extension that screens prompts before they reach the AI.

SOC 2 & AI

An AI control your SOC 2 auditor can see

Emil screens what flows into and out of AI tools for sensitive data and records every decision — a demonstrable control and audit trail that supports SOC 2 confidentiality and privacy criteria.

Protect your team For developers

The SOC 2 problem with AI

Auditors ask how you control sensitive data in AI tools — and most teams have no answer.
Shadow AI usage is an unmonitored path for confidential data to leave.
You need evidence the control exists and operates, not just a policy.

How Emil helps with SOC 2

Screens prompts and responses for PII, secrets, and confidential content
Records every decision as an audit trail for evidence
Reports AI tool usage and what was caught across the org
Maps to confidentiality and privacy trust-services criteria

What Emil can't do alone

It doesn't replace your policies, training, or vendor contracts
It can't grant data-subject rights or run risk assessments for you
It's one control within a broader compliance program

Emil is a technical control, not a compliance program. It reduces risk and produces evidence, but duties like consent, recordkeeping, risk assessments, and contracts (e.g. BAAs, DPAs) sit outside any screening layer. Review with counsel.

Questions

How does Emil help with SOC 2?

Emil gives you a concrete, evidenced control over sensitive data in AI workflows — screening, an audit trail, and usage reporting — that supports the confidentiality and privacy criteria your auditor evaluates.

Is it itself part of our SOC 2 scope?

Emil is a control you operate; how it fits your scope depends on your system boundary. It provides the evidence (logs, decisions) auditors look for over AI data handling.

Does it store our data?

No. Emil screens in memory and retains only finding metadata, never the content — which is itself helpful for a confidentiality posture.

Other regulations

GDPR GLBA EU AI Act