What is prompt privacy?

Every LLM call is a data egress event. Prompts routinely carry names, emails, identifiers, ticket bodies, source code and internal documents — content that would not normally be sent to a third-party API without review. Prompt privacy is the technical layer that intercepts this before egress.

1. Step 1

   Detect

   Identify supported sensitive entities in the prompt body before any provider call.

2. Step 2

   Mask

   Replace originals with deterministic placeholders so the provider only ever sees masked content.

3. Step 3

   Rehydrate

   Restore originals inside the gateway on the way back, then discard the per-request mapping.

• Pillar: Prompt Privacy
• Glossary: Prompt security
• Glossary: PII masking
• Glossary: Prompt injection
• Glossary: LLM security
• Glossary: AI Security Layer

• Pillar

  Prompt Privacy

• Product

  Prompt Security

• Product

  PII Masking

• Data path

  What reaches the model

• Security

  Privian security model

Is prompt privacy the same as data privacy?

No. Data privacy is a broad legal and operational discipline covering how personal data is collected, stored and used. Prompt privacy is a narrow technical control focused on one specific surface — the prompt body — in the moment it leaves the application.

Is prompt privacy the same as AI security?

No. AI security is the broader program (model abuse, infrastructure, output handling, governance). Prompt privacy is one discipline inside it, scoped to what the model receives.

Is prompt privacy a compliance certification?

No. Prompt privacy is a technical control. It complements compliance work but does not certify HIPAA, SOC 2, PCI or any other framework on its own.

What does prompt privacy not address?

Prompt injection, content moderation, model hallucination, downstream misuse and governance decisions. Each is a separate problem with its own controls.