We Open-Sourced Our AI Privacy Layer. Here's Why Every Financial Advisor Should Care.
Nick Rygiel, CFP® | Managing Partner, CTO & CISO | Protocol Wealth LLC
Last week we published the source code for our PII redaction engine. The entire thing — every regex pattern, every NLP model configuration, every test case. Apache 2.0 license. Free for any RIA, fintech, or developer to use.
The repo is here: https://github.com/Protocol-Wealth/pw-redact
This isn't a marketing stunt. It's a statement about how we think the advisory industry should handle the intersection of artificial intelligence and client data. The short version: if you're sending raw meeting transcripts to an AI model, you're doing it wrong. And the fix shouldn't be a proprietary black box that nobody can audit.
Let me explain what we built, why, and what it means for the broader conversation about AI in financial advisory.
The Problem Nobody Wants to Talk About
Financial advisors are adopting AI meeting note tools at an accelerating rate. Transcription, summarization, action items, follow-up email drafts — the productivity gains are real. The Kitces AdvisorTech Map now has 14+ providers in the Client Meeting Support category alone.
Here's what most of them do: they take your meeting recording — which contains client names, Social Security numbers, account balances, addresses, health information, family details — and send it to a cloud AI model for processing.
The AI model provider's terms of service say they won't use your data for training. Maybe. But "won't use for training" and "never touches our servers with identifiable client information" are materially different statements. And the latter is what fiduciary duty actually requires you to think about.
We decided to build a different architecture.
The Architecture: Redact First, Analyze Second
pw-redact is a four-layer PII detection and redaction engine built specifically for financial services text:
Layer 1 — Deterministic regex. SSNs, credit card numbers, EINs, account numbers. These are structured patterns; regex catches them with zero false positives.
Layer 2 — NLP-based detection. Microsoft Presidio with spaCy language models. This catches names, addresses, phone numbers — the unstructured PII that regex can't handle. "John and Colleen discussed their mortgage" becomes " and discussed their mortgage."
Layer 3 — Financial recognizers. Custom patterns for CUSIPs, routing numbers, policy numbers — the industry-specific identifiers that generic PII tools miss.
Layer 4 — The allow-list. This is the part that makes it actually useful for financial advisory. Dollar amounts, percentages, tax brackets, financial acronyms — these are NOT PII, and they MUST survive redaction for the AI model to do its job. "$425,000 AGI in the 32% bracket" passes through intact. "John Smith at 42 Oak Lane" does not.
The output is sanitized text plus a manifest — a mapping of what was replaced with what placeholder. After the AI model processes the sanitized text and returns structured results, the manifest restores the original values for the advisor's view.
Client PII never touches the AI model. The AI model only sees financial data and placeholder identifiers. The manifest stays in memory on our infrastructure and is never persisted to any database.
Why Open Source?
Three reasons, in order of importance.
Auditability. We're an SEC-registered investment adviser. When an examiner asks "how do you handle client data in your AI systems?" we can point them to a public repository with every pattern, every test case, every line of code. This isn't a PDF describing our policy. It's the actual implementation, continuously verifiable.
Industry standard. PII redaction before AI processing should be table stakes for every advisory firm using AI tools. It shouldn't be a competitive advantage; it should be infrastructure. By open-sourcing it, we're saying: here's how to do it. Use it. Modify it. Make it better. The industry's clients benefit when the bar rises for everyone.
Honest engineering. Our competitive advantage isn't in regex patterns. It's in how we integrate regime classification, quality scoring, and portfolio intelligence into an advisor workflow. The plumbing that keeps client data safe is exactly the wrong place to build a moat.
AI as Narrator, Not Storyteller
This project is part of a broader philosophy we're developing at Protocol Wealth about where AI belongs in the advisory relationship.
AI is exceptional at narration: summarizing what happened, extracting structured data from unstructured text, explaining what was done and why, presenting information in customized formats, identifying patterns across large datasets.
AI is not a storyteller. The original insight — the creative connection between a client's values, their financial situation, and a strategy that serves both — that's the advisor. The framework for how to think about risk isn't a multiple-choice questionnaire that spits out "moderate growth." It's understanding that different people approach uncertainty differently, and that those approaches aren't right or wrong; they're structural.
We built a diagnostic tool (https://protocolwealthllc.com/diagnostic/) that illustrates this. Inspired by the Vertisiam framework, it maps how someone actually approaches financial decisions across multiple dimensions — not to label them, but to understand the lens through which they see risk. AI helps us deliver that assessment at scale. The interpretation of what it means for this specific person's life? That's irreducibly human.
The meeting transcript pipeline we built follows this same principle. AI extracts the financial data, identifies action items, drafts a follow-up email. The advisor reviews, edits, and decides what actually gets sent. AI narrates; the advisor authors.
Smart Contracts as Safety Corridors
The privacy architecture we built for AI processing mirrors a pattern we see emerging in a completely different domain: on-chain vault custody.
Veda Tech Labs recently submitted a letter to the SEC and CFTC proposing that certain non-custodial smart-contract vault architectures should satisfy qualified custody requirements when specific structural guardrails are present. Their argument is compelling: if a smart contract eliminates unilateral withdrawal authority, prevents balance-sheet intermediation, and enables continuous on-chain verification — it achieves the protective objectives of the Custody Rule through architecture rather than through institutional trust.
This resonates with what we're building in our own vault infrastructure (Safe + Zodiac on Base L2). The principle is the same whether you're protecting client data from AI models or protecting client assets from misappropriation: the safety boundary should be structural, not behavioral. Don't rely on a policy that says "we won't misuse your data." Build a system where misuse is architecturally impossible.
In our AI pipeline: client PII is stripped before it reaches the model. The model literally cannot see it.
In our vault architecture: withdrawal authority is constrained by smart contract logic. The advisor literally cannot redirect assets outside policy-approved destinations.
Both are examples of what we call safety corridors — boundaries that are enforced by code, not by discipline. As tokenization of real-world assets accelerates and AI becomes more deeply embedded in advisory workflows, the firms that build these corridors early will have a structural advantage in trust, compliance, and scalability.
What This Means for Advisors
If you're running an advisory practice and using AI tools, here's what I'd encourage you to think about:
Know your data flow. When you paste a transcript into an AI tool, where does that text go? Which servers process it? What are the retention terms? "We don't train on your data" is a necessary condition, not a sufficient one.
Separate extraction from analysis. The task of pulling structured data from unstructured text is different from the task of generating recommendations. They have different privacy requirements and different model quality requirements. A lightweight, private model can handle extraction; a frontier model can handle analysis on sanitized data. You don't need to send everything to the same place.
Demand transparency from your vendors. If your meeting note tool can't explain exactly how client data is handled at each stage of their pipeline, that's a red flag. The fact that we can publish our entire implementation publicly — and that doing so doesn't compromise any competitive advantage — should tell you something about what the right level of transparency looks like.
Think about your approach, not just your answers. The most important thing an advisor brings to a client relationship isn't a portfolio allocation. It's a framework for thinking about uncertainty, opportunity, and trade-offs that's calibrated to how that specific person sees the world. AI can help you deliver that framework at scale. It can't replace the framework itself.
What We're Building
Protocol Wealth is an SEC-registered investment adviser building a fiduciary operating system for digital-native wealth. Our technology stack includes six production repositories, 215+ analytical tools accessible via MCP (Model Context Protocol), a systematic investment process grounded in established academic research (Piotroski, Mandelbrot, Hamilton, Perez, Mauboussin, Smil), and now — an open-source AI privacy layer that any firm can use.
We built the integration layer. Not the underlying ideas. And increasingly, we're building it in public.
pw-redact: https://github.com/Protocol-Wealth/pw-redact
Investor Diagnostic: https://protocolwealthllc.com/diagnostic/
Protocol Wealth: https://protocolwealthllc.com
Protocol Wealth LLC is an SEC-registered investment adviser (CRD #335298). This article is for informational purposes only and does not constitute investment advice. Past performance does not guarantee future results.