Documentation
PII redaction
Proxide automatically detects and redacts personally identifiable information from prompts before they are forwarded to any LLM provider. The model never sees the original sensitive data.
Enabling PII redaction
PII redaction is configured in your Proxide dashboard — no code changes required. Navigate to Settings → PII Redaction and toggle it on for your workspace. You can also enable or disable specific PII categories individually.
Once enabled, every request through your Proxide gateway is automatically scanned. There are no SDK changes, no middleware to add, and no regex to maintain.
What gets redacted
Proxide uses high-precision regex patterns to detect structured PII before forwarding any request to an LLM provider.
| PII type | Example | Replaced with | Method |
|---|---|---|---|
| [email protected] | [REDACTED:EMAIL] | Regex (RFC 5322) | |
| CARD | 4111 1111 1111 1111 | [REDACTED:CARD] | Regex (13–16 digit pattern) |
| SSN | 123-45-6789 | [REDACTED:SSN] | Regex (US format) |
| NINO | QQ 12 34 56 C | [REDACTED:NINO] | Regex (UK NI format) |
| PHONE | +44 7700 900123 / (555) 123-4567 | [REDACTED:PHONE] | Regex (UK and US formats) |
How redaction works
Redaction happens at the gateway before any data is forwarded to the upstream LLM provider. The process:
- 1Request arrives at Proxide gateway with the original prompt
- 2PII scanner runs over all message content (system, user, and assistant messages)
- 3Detected PII is replaced with typed placeholder tokens (e.g.
[REDACTED:EMAIL]) - 4The redacted prompt is forwarded to the LLM — the original PII never leaves your infrastructure
- 5The redaction map is returned in the response headers so your app can restore values locally if needed
// Original prompt (never reaches the model):
"My email is [email protected] and my card is 4111111111111111"
// Redacted prompt (forwarded to LLM):
"My email is [REDACTED:EMAIL] and my card is [REDACTED:CARD]"Response headers
When PII is detected and redacted, Proxide adds headers to the response:
x-proxide-pii-detected: true
x-proxide-pii-types: EMAIL,CARD
x-proxide-redaction-count: 2
x-proxide-redactions: [
{"token":"[REDACTED:EMAIL]","original":"[email protected]","position":12},
{"token":"[REDACTED:CARD]","original":"4111111111111111","position":47}
]The x-proxide-redactions header gives your application the information needed to restore original values in the response text if required — without needing to send PII to any external service.
Testing PII redaction
Send a test request containing known PII and inspect the response headers:
curl https://gateway.proxide.ai/openai/v1/chat/completions \
-H "Authorization: Bearer prox-your-key-here" \
-H "Content-Type: application/json" \
-d '{
"model": "gpt-4o",
"messages": [{
"role": "user",
"content": "My card is 4111111111111111, help me"
}]
}' -v 2>&1 | grep -i "x-proxide-pii"
# Expected output:
# x-proxide-pii-detected: true
# x-proxide-pii-types: CARD
# x-proxide-redaction-count: 1Compliance coverage
GDPR / UK GDPR
Supports data minimisation (Article 5) and technical security measures (Article 32). Reduces scope of LLM vendor processing obligations.
HIPAA
Prevents PHI from being included in prompts forwarded to LLM APIs that don't hold your BAA.
SOC 2 Type II
Demonstrates a technical control for the Confidentiality and Privacy criteria — prevents PII exposure to third-party processors.
ISO 27001
Supports Annex A controls around information classification and external party access management.