PII Detection

The Semantic Privacy Guard™ scans every incoming memory for personally identifiable information (PII) and redacts it before storage.

How It Works

When a memory is submitted for storage, the Semantic Privacy Guard scans the raw content against a registry of regex patterns. Each pattern targets a specific PII category. When a match is found:

  1. The matched text is replaced with a typed placeholder
  2. A SHA-256 hash of the original value is recorded for forensic audit
  3. The match metadata (type, position, sensitivity level) is logged
  4. The PII count and risk score are updated

Detection Categories

The standard detection registry includes 12+ pattern categories:

Email addresses

Phone numbers

Credit card numbers

Social security numbers

API keys & tokens

IP addresses

URLs

Dates of birth

Physical addresses

Driver's license numbers

Passport numbers

Bank account numbers

Note

Enterprise licenses extend coverage to 40+ patterns with region-specific PII categories.

Redaction Format

Detected PII is replaced with typed placeholders that preserve the semantic structure of the content:

text
Input:  "Contact me at [email protected] or 555-0123"
Output: "Contact me at [EMAIL_REDACTED] or [PHONE_REDACTED]"

Placeholders follow the format [TYPE_REDACTED], where TYPE matches the detection category (EMAIL, PHONE, SSN, CARD, etc.).

Forensic Hashing

Each redacted value is hashed with SHA-256. This enables:

  • Audit — Verify that a specific value was redacted without retaining it
  • Deduplication — Detect if the same PII appears across multiple memories
  • Compliance — Provide evidence of data minimization practices

The original value is never stored. Only the hash is retained.

Aggressive Mode

When aggressive_sanitize=Trueis set, the sanitizer applies additional protections:

  • Strips proper nouns (names that don’t match known entities)
  • Provides anti-inference protection against entity linking attacks
  • Trades content fidelity for stronger privacy

Warning

Aggressive mode can significantly alter the stored content. Use only when the privacy requirement outweighs the need for content accuracy.

Audit Output

Every sanitization operation produces a structured result:

json
{
  "sanitization_details": {
    "pii_count": 2,
    "risk_score": 0.45,
    "is_safe": true,
    "items_removed": 2
  }
}

The risk_score (0.0–1.0) reflects the density and sensitivity of detected PII. Higher scores indicate more sensitive content was processed.

Limitations

Honest Limitations

  • Detection is regex-based, not NLP/ML-based
  • Context-dependent PII (e.g., "my doctor is Dr. Smith") may not be caught without aggressive mode
  • Non-English PII patterns may have lower coverage
  • Custom patterns require Enterprise license
  • The sanitizer processes content before encryption — it operates on plaintext