Do I still need to trust the AI provider after encrypting the data?

Encryption protects the content, but you still rely on the provider for availability, correct handling of the ciphertext, and compliance with their data‑retention promises. Choose providers with transparent privacy policies and, if possible, third‑party audits.

Can I use asymmetric encryption instead of symmetric?

Yes, you can encrypt the document with the provider’s public key so only they can decrypt it. However, most managed AI services do not expose a decryption endpoint, making symmetric encryption with a short‑lived key more practical for a request‑response flow.

What if the document is larger than the model’s token limit?

Chunk the document on the client, encrypt each chunk separately, and send them sequentially. Keep the same short‑lived token for the whole session and re‑assemble the summary client‑side.

How do I prove to auditors that I never stored plaintext?

Maintain immutable logs that record only request IDs, timestamps, and user identifiers. Include a statement that plaintext buffers are cleared in‑memory and never written to disk. An independent code‑review or third‑party attestation can strengthen the evidence.

Is client‑side encryption compatible with no‑code platforms like Zapier Agents?

Zapier Agents can run JavaScript steps, so you can embed a lightweight AES‑GCM library to encrypt before the API call. Ensure the decryption key lives only in that step’s runtime and is not stored in Zapier’s variables.

AI Security

Encrypting Customer Documents for Secure AI Summarization

Published 2026-06-17 by AISecAll Editorial

TL;DR: Encrypt documents on the client side before sending them to any AI summarization service, use short‑lived tokens for API calls, keep the plaintext only in an isolated sandbox, and delete all artifacts immediately after the summary is generated. Verify the provider’s data‑retention policy and add audit logging to prove compliance.

Why encrypt before the AI model sees the data?

Large language models (LLMs) are trained on massive public datasets, but the inference endpoints you call are operated by third‑party clouds. Even if the provider promises “no data storage,” logs, caching layers, or debugging sessions can unintentionally capture raw content. Encrypting the document on the client ensures the provider only ever sees ciphertext, which it cannot interpret without the decryption key that never leaves your environment.

Choosing the right encryption scheme

For document‑level protection, symmetric encryption (AES‑256‑GCM) provides strong confidentiality and integrity with a single shared key. Generate a fresh key per request, store it only in memory, and never write it to disk.

import os, base64, json
from cryptography.hazmat.primitives.ciphers.aead import AESGCM

def encrypt_document(plaintext: bytes) -> dict:
    key = AESGCM.generate_key(bit_length=256)
    aesgcm = AESGCM(key)
    nonce = os.urandom(12)
    ciphertext = aesgcm.encrypt(nonce, plaintext, None)
    return {
        "key": base64.b64encode(key).decode(),
        "nonce": base64.b64encode(nonce).decode(),
        "ciphertext": base64.b64encode(ciphertext).decode()
    }

Send only the ciphertext and nonce to the AI endpoint. The decryption key stays in your process until the summary is returned.

Securely calling an AI summarization API

Use a short‑lived API token (OAuth 2.0 client credentials with a 5‑minute expiry) for each summarization request. Cloudflare Workers AI, for example, supports token‑based authentication that can be generated on demand.

Generate the token in a server‑side function that checks the requester’s role.
Attach the token in the Authorization: Bearer header.
Reject any request that does not include a valid token.

Running the summarization in an isolated sandbox

Deploy the decryption and summarization logic inside a sandboxed runtime (e.g., Cloudflare Workers, AWS Lambda, or a Docker container with limited filesystem access). This prevents accidental leakage to the host system.

Example flow using Cloudflare Workers AI:

Client uploads encrypted document to your worker via HTTPS.
Worker decrypts the payload in memory.
Worker calls POST /v1/ai/summarize with the plaintext, using the short‑lived token.
Worker receives the summary, re‑encrypts it (optional), and returns it to the client.
All in‑memory variables are cleared, and the worker process ends.

Data‑retention and cleanup checklist

After the summary is delivered, run the following steps before the sandbox shuts down:

Overwrite the plaintext buffer with random bytes.
Delete any temporary files (use shred‑like semantics if on a POSIX system).
Log the request ID, timestamp, and user ID, but never log raw content or decryption keys.
Verify the AI provider’s policy – ensure they do not store request bodies. If they do, request a data‑deletion confirmation.

Compliance considerations for small businesses

Regulations such as GDPR, CCPA, or industry‑specific standards (HIPAA, PCI‑DSS) require you to demonstrate control over personal data. Your encryption‑first approach satisfies the “data‑in‑transit” and “data‑at‑rest” safeguards. Keep the following records for auditors:

Encryption algorithm and key‑size details.
Token‑lifetime policy.
Provider’s data‑retention statement (link to their privacy policy).
Log‑retention period (e.g., 90 days for access logs).

Putting it all together – a minimal code snippet

async function handleSummarize(request) {
  // 1️⃣ Verify short‑lived token
  const auth = request.headers.get('Authorization') || '';
  if (!await validateToken(auth)) return new Response('Unauthorized', {status: 401});

  // 2️⃣ Parse encrypted payload
  const {ciphertext, nonce, key} = await request.json();
  const plain = decrypt(ciphertext, nonce, key); // in‑memory only

  // 3️⃣ Call Cloudflare Workers AI
  const summary = await fetch('https://api.cloudflare.com/client/v4/accounts/.../ai/summarize', {
    method: 'POST',
    headers: { 'Authorization': auth, 'Content-Type': 'application/json' },
    body: JSON.stringify({text: plain})
  }).then(r => r.json());

  // 4️⃣ Cleanup
  secureErase(plain);
  return new Response(JSON.stringify({summary: summary.result}), {status: 200});
}

Replace validateToken, decrypt, and secureErase with the implementations shown earlier.

When to involve AISecAll

If you need a security review of your custom worker, help drafting a data‑processing agreement with the AI provider, or a managed encryption‑as‑a‑service layer, AISecAll can provide a quick assessment and implementation support.

Need a practical AI security review?

AISecAll reviews prompts, tool permissions, document flows, and agent behavior so small teams can use AI without guessing where the risk sits.

Book a call Discuss a project