Glossary

What is PII masking?

PII masking is the practice of detecting personal identifiers in text and replacing them with placeholders before sending the text to an external system.

Definition

PII masking is the practice of detecting personal identifiers in text and replacing them with placeholders before sending the text to an external system.

Definition

PII masking — short definition

Why it matters

Why this matters

LLM prompts routinely contain customer data. Without masking, that data is exposed to whichever third-party provider you call. Masking at the gateway shrinks that exposure surface to zero.

LLM prompts routinely contain customer data. Without masking, that data is exposed to whichever third-party provider you call. Masking at the gateway shrinks that exposure surface to zero.

How it works

How it works

A user produces a prompt. The gateway detects sensitive entities, masks them with deterministic placeholders, forwards the masked prompt to the LLM provider, and rehydrates placeholders in the response before returning it to the user.01User02Prompt03Detection04Masking05Provider06Rehydration
Prompt Privacy flowSensitive values are masked before egress and rehydrated on the return path.

Framework

PII masking process

  1. 01

    Detect

    Inbound prompts are scanned for known personal-data patterns.

  2. 02

    Map

    Each detected value is replaced with a stable placeholder for the request.

  3. 03

    Forward & rehydrate

    Only the masked prompt is sent; placeholders in the response are restored before reaching your app.

Implementation

Learn how this works in Privian

From definition to implementation, docs and architecture — the same idea at different layers.

FAQ

Frequently asked questions

Is PII masking the same as redaction?
Redaction usually removes data outright. Masking replaces it with a placeholder so structure is preserved and the original can be restored later if needed.
Does PII masking break the model output?
Not if placeholders are deterministic within a request. The gateway can rehydrate them on the way back so your app sees the original values.
What is masked by default?
Common identifiers — names, emails, phone numbers and similar. The detector set evolves over time.

Where to go next

From definition to implementation

This entry is part of the Privian content library. If you are evaluating how this concept is implemented in practice, the links below are the most direct paths.

Related product

PII Masking in Privian

Deterministic PII masking at the gateway, with rehydration on the response.

Open product page →