The Problem: 80% of Enterprise Data is Unstructured — and Invisible to Text-Only Tools
Most PII anonymization tools stop at text. But enterprise workflows routinely pass images to AI models:
- Scanned contracts, invoices, and NDAs with client names and signatures
- Identity documents — passports, driver's licenses, employee IDs
- Medical forms and lab reports with patient data
- Screenshots of CRM dashboards, email threads, and financial tables
- Whiteboard photos from client meetings
When you ask Claude to summarize a scanned contract, the entire image — including names, addresses, account numbers, and signatures — travels to Anthropic's servers. The AI never strips it. The user never notices.
How cloak.business Handles Images
cloak.business provides two dedicated MCP tools for visual data:
1. cloak_analyze_image — OCR + PII Detection
Pass any image (JPEG, PNG, PDF page, TIFF) to cloak_analyze_image. The tool:
- Runs OCR across 38 languages (Latin, Cyrillic, Arabic, CJK, Devanagari, Hebrew, and more)
- Detects 320+ PII entity types across 70+ countries in the extracted text
- Returns detected entities with their bounding box coordinates in the image
- Supports both scanned documents (print OCR) and digital screenshots (screen OCR)
{
"tool": "cloak_analyze_image",
"image_url": "https://example.com/contract-scan.jpg",
"language": "auto"
}
// Response:
{
"entities": [
{
"type": "PERSON",
"value": "Maria Hoffmann",
"bbox": { "x": 142, "y": 88, "w": 210, "h": 24 }
},
{
"type": "IBAN",
"value": "DE89370400440532013000",
"bbox": { "x": 80, "y": 312, "w": 380, "h": 22 }
}
]
}2. cloak_redact_image — Visual Redaction
cloak_redact_image takes an image and returns a new version with black redaction boxes drawn over every detected PII region. No coordinate math required — you pass the image, you get back a clean version.
- Draws filled rectangles over detected entity bounding boxes
- Returns the redacted image as base64 or a download URL
- Preserves all non-PII regions of the original image
- Suitable for compliance archives, legal discovery, and GDPR data access requests
{
"tool": "cloak_redact_image",
"image_url": "https://example.com/id-scan.png",
"entities": ["PERSON", "BIRTH_DATE", "ID_NUMBER"]
}
// Response:
{
"redacted_image_url": "https://cdn.cloak.business/redacted/abc123.png",
"entities_redacted": 4,
"ttl_seconds": 300
}Real-World Use Cases
Legal: Scanned Document Review
Law firms use Claude to review and summarize large document sets during discovery. With cloak_redact_image, scanned exhibits are automatically redacted before the AI sees them — satisfying attorney-client privilege and court confidentiality orders without slowing down the workflow.
HR: ID Verification and Onboarding
HR teams increasingly use AI to extract data from ID documents for onboarding. Passing passport or driver's license scans to an AI without redaction violates GDPR Article 9 (special categories). cloak.business intercepts the image before it reaches any AI model, strips identity fields, and stores only non-PII metadata.
Finance: Invoice Processing Pipelines
Automated invoice processing pipelines often route scanned PDFs directly to AI models for data extraction. Each invoice contains VAT numbers, IBAN details, company names, and addresses. cloak.business intercepts and redacts before extraction — the AI gets the layout, not the PII.
Healthcare: Lab Report Summarization
Medical teams ask AI assistants to summarize lab results and clinical notes. When those documents are scans or photographs, standard text-layer anonymization fails entirely. cloak.business's OCR-first approach detects patient names, dates of birth, and national health numbers in the image layer before the AI touches the document.
MCP Setup for Image Workflows
Add cloak.business to Claude Desktop or Cursor in one step:
{
"mcpServers": {
"cloak": {
"command": "npx",
"args": ["-y", "cloak-business-mcp-server"],
"env": {
"CLOAK_API_KEY": "your-api-key"
}
}
}
}Image tools are available on all paid plans. The free tier includes 50 image API credits per month to test the workflow end-to-end before upgrading.
cloak.business vs anonym.legal — Image Capability
| Feature | cloak.business | anonym.legal |
|---|---|---|
| Image OCR | 38 languages | Not available |
| Visual redaction | Yes — bounding box redact | Not available |
| Entity types | 320+ (70+ countries) | 285+ (48 languages) |
| Batch processing | 1–100 texts per call | Single text per call |
| Chrome Extension | Yes | Not available |
| Best for | Enterprise, visual workflows | Developers, text pipelines |
GDPR and the Image Problem
Under GDPR Art. 4, a photograph of a person's face is personal data. Under Art. 9, it may be special-category data. Sending unredacted ID document scans to any third-party AI provider without explicit consent or a lawful basis is a data protection violation — regardless of whether the AI model is told "not to remember" it.
cloak.business's redact-before-send architecture ensures that only the redacted image leaves your infrastructure. The original never touches external servers. This is not a policy control — it is a technical control, which is what GDPR Art. 25 (Privacy by Design) and ISO 27001:2022 Annex A 8.11 require.
Infrastructure: All cloak.business image processing runs on Hetzner servers in Germany (Frankfurt). Images are processed transiently and not stored after redaction. The system is ISO 27001:2022 certified. See cloak.business privacy policy for data handling details.