# PII Redaction Service

#### Overview

To comply with PCI and HIPAA requirements, our platform incorporates a Redaction Service designed to prevent the storage of sensitive information such as Payment Card Data (PAN), Social Security Numbers, and other Personally Identifiable Information (PII) in raw form within our databases.

#### Key Features:

* Automatic Redaction: By default, all logs from conversation flows undergo redaction to mask, tokenize, or remove sensitive entities according to predefined policies. Future updates will allow configurable redaction settings propagated through all necessary services during flow execution.
* PII Detection and Redaction: The service is capable of detecting and redacting various types of PII, including but not limited to:
  * CREDIT\_CARD
  * CRYPTO
  * EMAIL\_ADDRESS
  * IBAN\_CODE
  * IP\_ADDRESS
  * LOCATION
  * PERSON
  * PHONE\_NUMBER
  * URL
  * US\_BANK\_NUMBER
  * US\_DRIVER\_LICENSE
  * US\_ITIN
  * US\_PASSPORT
  * US\_SSN
* Secure Storage: Only redacted versions of data are stored. The system ensures that raw data is never saved to databases or search indexes.
* Global Configuration: Currently, the service is configured globally, always enabled for all organizations. Future phases will allow configuration for individual organizations or specific use cases.
* Reliability: In instances where the Redaction Service is unavailable or times out, the system prevents the storage of any raw data. Audit logs and metrics are designed never to expose original sensitive values.

#### Update on PII Redaction Configuration

Previously, PII redaction was enabled globally for all flows by default. With the recent update, this behavior has changed; PII redaction is now configurable at the individual flow level. Although this appears as a simple toggle on the frontend, implementing this change required us to update multiple backend components to handle the new configuration flag. This update ensures that each system component can accurately read, store, and apply the redaction setting.

As a result:

* Each flow now features a new checkbox in its settings.
* Existing flows, as of this update, will have the checkbox **enabled by default** to maintain current behavior.
* Newly created flows will default to this setting unless the user specifies otherwise.

<figure><img src="https://4187494610-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FFe4cpY1jy0FJ4kgC7wSx%2Fuploads%2FcBYs1wXpTLB5UiDKeDYx%2Fimage.png?alt=media&#x26;token=a938da45-8d4a-4cba-b854-ae3170e648aa" alt="" width="375"><figcaption></figcaption></figure>

**Redact sensitive data**

Open an existing app or create a new flow. For instance, I have a "Demo Test Flow" open, with the "Redact Sensitive Data" option enabled. Let's explore what happens next.

First, open **Live Sessions** in a new tab. Then, navigate to the **Preview** of your flow and wait for a session to appear.

<figure><img src="https://4187494610-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FFe4cpY1jy0FJ4kgC7wSx%2Fuploads%2F6UT9AzPVCLb2FoMnlQM2%2Fimage.png?alt=media&#x26;token=4d40dbb3-15be-453b-936b-b30410464c0e" alt=""><figcaption></figcaption></figure>

When interacting with the flow as an end user, I enter my first and last name when prompted. The flow proceeds smoothly and provides the expected response.

<figure><img src="https://4187494610-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FFe4cpY1jy0FJ4kgC7wSx%2Fuploads%2FlH2xf8K1wB2k5ZL02hvC%2Fimage.png?alt=media&#x26;token=deedd1ee-cebf-456e-88f3-e0d164e2b705" alt="" width="357"><figcaption></figcaption></figure>

In the Live Session logs, I noticed that both my first and last name were fully redacted as expected. The LLM’s response also shows the redacted values.

<figure><img src="https://4187494610-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FFe4cpY1jy0FJ4kgC7wSx%2Fuploads%2FaNQMWDDuLjiUiCZIgIVJ%2Fimage.png?alt=media&#x26;token=ff9b78d4-c4e3-4675-b75a-05cee9f3975d" alt=""><figcaption></figcaption></figure>

I return to the **Demo Test Flow** settings and **disable** the redaction checkbox to demonstrate the complete functionality.

<figure><img src="https://4187494610-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FFe4cpY1jy0FJ4kgC7wSx%2Fuploads%2Fkzg5mP1hClsdExLNk1qL%2Fimage.png?alt=media&#x26;token=2fa76ea5-18a7-4fa0-b339-e1c587098fa4" alt="" width="375"><figcaption></figcaption></figure>

I initiate a **new chat session** and enter the first name and last name once again.

<figure><img src="https://4187494610-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FFe4cpY1jy0FJ4kgC7wSx%2Fuploads%2FUvjNbONLvjHURkOVHtDv%2Fimage.png?alt=media&#x26;token=433ad5b8-9c42-487d-883a-4c613dcdca4d" alt="" width="360"><figcaption></figcaption></figure>

Upon returning to the Live Sessions, the new session appears with the first and last name visible, confirming that unchecking the box disables the PII masking in the backend logs.

<figure><img src="https://4187494610-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FFe4cpY1jy0FJ4kgC7wSx%2Fuploads%2FKVltaUaUFwDuQXk6UT4a%2Fimage.png?alt=media&#x26;token=e1d063fd-66f6-4ad1-901f-b9b77ad9bb43" alt=""><figcaption></figcaption></figure>

#### Example of redaction:

Sample user data captured in chat window:

<figure><img src="https://4187494610-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FFe4cpY1jy0FJ4kgC7wSx%2Fuploads%2Fa5OZfHyn6fGDIkhXUpLY%2Fimage.png?alt=media&#x26;token=38dfc858-3f6b-4e1a-a607-d41171f8eeb2" alt="" width="429"><figcaption></figcaption></figure>

#### Redacted log sample:

<figure><img src="https://4187494610-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FFe4cpY1jy0FJ4kgC7wSx%2Fuploads%2FTcR0Qo05IAsqpOjSBo8p%2Fimage.png?alt=media&#x26;token=c5a5a665-a334-47d8-9748-9803fc6f7981" alt=""><figcaption></figcaption></figure>

* Redacted information is updated with “field name” and highlighted in RED.