Keep Financial Data Out of Unprotected AI Channels
Analysts, advisors, and compliance teams use AI tools to work faster. Locke detects financial account data, transaction identifiers, and blockchain wallet patterns locally, blocking unprotected transmission before it becomes a regulatory event.
Start Protecting Financial DataWhat Locke Detects
Sensitive data patterns relevant to financial services that Locke identifies in real time.
Credit Card Numbers (PAN)
Primary Account Numbers validated using the Luhn algorithm with issuer-prefix identification (Visa, Mastercard, Amex, Discover).
Structural validation (Luhn)Bank Account & Routing Numbers
ABA routing numbers with check-digit validation. Account numbers detected via contextual proximity to banking keywords.
Structural + contextual matchingBlockchain Wallet Addresses
Bitcoin (Base58Check with version-byte validation), Ethereum (0x-prefixed with EIP-55 checksum), and other major chain address formats.
Structural validationTransaction Hashes & Identifiers
Patterns consistent with blockchain transaction IDs, wire transfer references, and SWIFT/BIC codes.
Contextual pattern matchingGovernment-Issued Identifiers (SSNs, EINs)
Social Security Numbers and Employer Identification Numbers with structural validation.
Structural validationCustomer Account Identifiers
Brokerage account numbers, loan identifiers, and policy numbers detected via contextual proximity to financial-services keywords.
Contextual pattern matchingRegulatory Relevance
Locke identifies pattern matches, not compliance status. The following frameworks may be relevant when detected data types are transmitted unprotected.
GLBA (Gramm-Leach-Bliley Act)
When financial-category data is transmitted unprotected to a third-party AI tool, Locke flags a GLBA relevance signal.
PCI-DSS
When payment card data is transmitted unprotected to a third-party AI tool, Locke flags a PCI-DSS relevance signal.
FinCEN / Travel Rule
When blockchain wallet or transaction data is transmitted unprotected to a third-party AI tool, Locke flags a FinCEN/Travel Rule relevance signal.
CCPA
When personal or government-issued identifiers are transmitted to a third-party AI tool, Locke flags a CCPA relevance signal.
Signal requirements: A relevance signal requires that (1) data in a specific category was flagged, (2) that data was transmitted unprotected, and (3) the destination matches a relevant classification. Blocked or remediated transmissions do not trigger signals.
Locke does not determine whether any regulation has been violated, whether a data processing agreement is in place, or whether the data subject is a customer of a covered institution. Users can configure known DPA-covered destinations in their compliance profile.
How It Works
Detect
Locke scans content locally for credit card numbers, bank routing numbers, wallet addresses, transaction IDs, and customer identifiers. No data leaves your device.
Alert
Locke flags detected data with color-coded confidence indicators. Red for Luhn-validated card numbers and checksum-verified wallet addresses. Yellow for contextual matches requiring review.
Block or Mask
Outbound transmissions to AI tools, external services, or unrecognized endpoints can be intercepted. Card numbers and wallet addresses can be masked or redacted before they reach the AI.
Report
All events are logged locally to your dashboard. Export PDF reports for compliance officers, auditors, or regulatory filings.
Why Local-Only Matters for Financial Services
Financial regulators expect firms to maintain control over customer data at every point in the processing chain. A privacy tool that routes financial data through external servers for analysis introduces a new data processor, a new attack surface, and potentially a new regulatory obligation. Locke processes everything on your device. No financial data reaches Sonomos servers. No new vendor risk. No new data-sharing agreement required.
Your clients' financial data has enough exposure already. Don't add another vector.
Get Locke for Your Firm