Open-source · Self-hosted · Privacy by architecture

MORETTA

The self-hosted proxy for Claude, GPT, Gemini, OpenRouter, and local Ollama. Moretta automatically anonymises your files locally before they reach the cloud, then restores your real data into the result. Your data never leaves.

Download .zip View on GitHub

How it works

Four steps.
Zero leaks.

Confidential data never crosses the network boundary. The AI sees only anonymous tokens — never the names, PESELs, or contracts beneath them.

01
Upload
Employee drops a DOCX, XLSX or email into the local web UI
02
Mask
Microsoft Presidio & local Ollama (Phi-4) detect sensitive data, replacing it with UUID tokens.
03
AI Task
Masked text sent to external AI (Claude 4.6 / GPT-5 / Gemini 3 / OpenRouter) or local models
04
Restore
Real data re-injected from encrypted vault. Securely served via OIDC/Keycloak SSO.
0%
of confidential data crosses the network boundary
architectural guarantee
100%
Choice — Claude, GPT-5, Gemini, OpenRouter, or local Ollama
no model lock-in
1
command to deploy the full stack
docker-compose up

The problem

Your employees are
already using AI.

Banning it doesn't work. 82% of workplace AI usage happens through private accounts — invisible to IT, unauditable, and a GDPR liability with every paste.

Without Moretta
Data leaves. Silently.
Employee pastes a contract into ChatGPT. 34.8% of what reaches OpenAI servers is sensitive — PII, salaries, client names. IT has no log. GDPR clock starts. You won't know for 241 days on average.
With Moretta
AI works. Data stays.
Same contract. Moretta masks it locally, sends [PERSON_a3f2] and [SALARY_b8c1] to the AI, gets the result, restores the real data. Audit trail confirms zero data crossed the boundary.
77%
of employees paste confidential data into AI chatbots
LayerX Security, 2025
€20M
maximum GDPR fine for unlawful cross-border data transfers
Art. 83(5) GDPR
241
days average to detect a breach — Moretta eliminates it at source
IBM Cost of a Data Breach, 2025

Installation

One command.
Fully running.

Runs entirely on your own infrastructure. No cloud. No SaaS. No data leaving your network. Requires Docker and 8 GB RAM minimum.

# clone the repository
git clone https://github.com/Kvmyk/moretta.git
cd moretta
cp .env.example .env

# add your AI provider API keys to .env, then:
docker-compose up

✓ ollama ready on :11434
✓ keycloak ready on :8080
✓ backend ready on :8000
✓ frontend ready on :3000
✓ Moretta is ready — open http://localhost:3000

Local anonymisation model — runs on your server, data never leaves

Model RAM GPU PII quality Context Notes
phi4-mini 4 GB CPU only Good 128k Microsoft 3.8B (Jan 2026). Ideal for 8GB RAM systems.
mistral:7b-small-3 8 GB Optional Better 32k Latest Mistral Small. Optimized for speed/throughput.
qwen3:7b 8 GB Required Best 262k Alibaba Qwen3 (Feb 2026). Native multimodal & 200+ languages.
llama3.3:8b 8 GB Optional Best 128k Meta Llama 3.3. Strong all-rounder for Nerv/extraction.
deepseek-v3.2:speciale 12 GB Required Elite 128k State-of-the-art reasoning on par with GPT-5.1.
gpt-oss-120b 80 GB+ Multi-GPU Elite 128k OpenAI's top open-weight MoE model. Near frontier reasoning.

External AI providers — receive only masked tokens, never real data

Provider Model Input /1M tok Output /1M tok Context
Anthropic claude-sonnet-4-6 $3.00 $15.00 1M tokens
Anthropic claude-opus-4-6 $15.00 $75.00 1M tokens
OpenAI gpt-5.4 $2.50 $10.00 272k tokens
Google gemini-3.1-pro $1.25 $10.00 1M+ tokens
OpenAI gpt-5.4-pro $30.00 $180.00 272k tokens
OpenAI gpt-5-mini $0.15 $0.60 128k tokens
Xiaomi mimo-v2-flash $0.40 $1.60 256k tokens

Pricing as of March 2026 · Sources: docs.anthropic.com · platform.openai.com · ai.google.dev · openrouter.ai

Get started

Download Moretta

Open-source. AGPLv3 licence. Self-hosted.
Your data stays yours.

Download .zip Star on GitHub