Let AI Use Internal Documents Without Touching the Raw Data

For those who want to bring AI into operations but are stalled by the worry that internal documents or personal data leak to the model or outside. "Want it, but scared" is the shared language. No deep AI literacy required.

• Enterprises handling confidential docs / PII whose AI adoption is blocked by leakage fears
• Teams evaluating generative AI / RAG / agents but stuck on data governance
• Roles accountable for explaining "what the AI referenced," after the fact

Three things at once: pass needed facts without exposing the raw data; let a third party / AI verify independently; keep a tamper-proof record of what was used.

Access control decides "who can enter," not "what the AI used" provably after the fact. Only a ZK proof does all three. Only work requiring all three at once is Lemma's territory.

Keep documents encrypted while passing the AI only the needed facts/attributes — with proof. The model never touches raw PII or originals. And because the AI can record that it "used only this fact," what it referenced stays explainable later.

When the AI's judgment is made, the docHash and attribution of the referenced facts are ZK-committed. Even after model updates, past references remain traceable.

All figures are directional.

The adopting enterprise (business unit, IT) Move AI adoption forward by removing "fear of leakage." No raw data goes to the model. e.g. the adoption blocker shifts from shelving over leakage fear to running proof-backed references.

Governance / audit Independently verify "what the AI referenced" after the fact; meet accountability with a cryptographic trail. e.g. explaining references shifts from log reconciliation to presenting one proof.

Individuals / data subjects Raw PII never reaches the model or outside; only the needed facts are used as proof.

An enterprise wants a support AI that references internal policy and customer data, but is stalled fearing "customer PII leaks to the model or outside." Even with access control, it can't prove "what the AI actually used," so it can't explain itself in an audit.

Had Lemma been in place, documents stay encrypted while the AI receives only needed facts with proof — e.g. "this customer is contract tier A." It never touches raw PII. At judgment time, "which fact, from which version" is ZK-fixed, explainable later without disclosing originals.

We don't replace your document platform or AI/RAG pipeline. We insert one fact-extraction-and-proof step ahead of inference.

• Selective disclosure: BBS+ over BLS12-381 — present needed attributes/facts to the AI, not the original.
• Decision-time attestation: commit referenced facts' docHash and attribution with Poseidon over BN254; prove via Groth16 (Circom).
• Provenance: fix the source document version with docHash and issuer signature.

The original stays encrypted in-house; only the reference's cryptographic facts travel.

• The docHash of facts/attributes the AI referenced, and their source version
• Proof that it "used only this fact, not the raw data"
• The reference's cryptographic identity, unchanged after model updates
• A trail that governance, audit, and third parties verify independently — without disclosing data

Not a standalone SaaS purchase. We enter through AI-adoption / data-governance consulting and a PoC, landing on an existing monthly plan.

1. A 30-minute review — identify document sets / workflows stalled by leakage fear.
2. Narrow to 1–2 decisions (results) to prove — e.g. "contract tier A," "credit tier at or above" — the facts passed to the AI. Not the originals.
3. Design connection and versioning — connection to your document platform / AI-RAG pipeline, and source-version fixing.
4. Prove one path via a (quote-based) PoC.
5. Land on an existing monthly plan (indicative) — Lemma Critical / Compliance; pricing confirmed in conversation.

Tell us one workflow where "want AI but scared of leakage" applies, in the first 30 minutes. No disclosure of sensitive data required.