Privian
Get Started

Product

PII masking for LLMs

Mask sensitive data before prompts reach an LLM.

Privian detects personal identifiers and developer secrets in inbound prompts and replaces them with deterministic placeholders before any provider call. The original values are restored in the response.

Get StartedRead the docs

Why it matters

Why PII masking matters

Most production prompts contain something you would rather not send to a third-party LLM: a customer email, an internal ticket id, a name, an IP address, an API key copied into a debugging prompt. Once that text leaves your network, you lose control of it. PII masking shrinks that exposure surface before the provider call ever happens.

How it works

How Privian masks PII

  1. Step 1

    Detect

    The inbound prompt is scanned for the supported entity set on every request.

  2. Step 2

    Map

    Each detected value is mapped to a deterministic placeholder for that request, e.g. PERSON_1, EMAIL_2.

  3. Step 3

    Forward

    Only the masked prompt is forwarded to the provider using your BYOK credentials.

  4. Step 4

    Receive

    The provider response may reference the same placeholders.

  5. Step 5

    Rehydrate

    The gateway restores the original values from the in-memory mapping.

  6. Step 6

    Discard

    The mapping is dropped after the response is returned. Nothing is persisted.

Coverage

Supported entities (beta)

The current beta detects the following entity types. The catalog is evolving — additional locales and identifiers are tracked as future work.

Personal identifiers

  • PERSONNames
  • EMAILEmail addresses
  • PHONEPhone numbers
  • IP_ADDRESSIPv4 / IPv6

Financial & national IDs

  • CREDIT_CARDCard numbers (Luhn-validated)
  • IBANInternational bank accounts
  • SSN_USUS Social Security numbers
  • SIN_CACanadian Social Insurance numbers

Developer secrets

  • JWTJSON Web Tokens
  • OPENAI_API_KEYOpenAI API keys
  • GITHUB_TOKENGitHub tokens
  • AWS_ACCESS_KEY_IDAWS access key IDs
  • AWS_SECRET_ACCESS_KEYAWS secret keys
  • GENERIC_API_KEYGeneric API keys
  • ENV_SECRETEnv-style secret assignments
  • SECRET_TOKENPrefixed secret tokens

Not yet supported: Norwegian fødselsnummer (tracked as future work).

Example

Example transformation

Inbound prompt

Reply to Michael Olsen
at michael@example.com
about ticket #4821.

Forwarded to provider

Reply to PERSON_1
at EMAIL_1
about ticket #4821.

Rehydrated response

Hi Michael Olsen,
about ticket #4821 — ...
(sent to michael@example.com)

Technical

Technical implementation

  • Placeholders follow a stable {TYPE}_{N} shape
  • Detection runs per-request; no cross-request state
  • Mapping is held in memory only, then discarded
  • Unknown placeholders in responses pass through untouched

Transparency

Beta limitations

  • Norwegian fødselsnummer not yet supported
  • No claim of regulated-data compliance (HIPAA / SOC 2 / PCI)
  • Detection is best-effort; review for your own data types
  • Placeholders are not stable across separate requests

Use cases

When teams reach for it

  • Stop customer data leaving your stack

    Mask names, emails and phone numbers before they hit OpenAI or Anthropic.

  • Protect support transcripts

    Run AI summarization over tickets without forwarding raw PII.

  • Safe developer experimentation

    Iterate on prompts without re-running data-protection reviews.

  • Keep secrets out of prompts

    Catch API keys and tokens accidentally pasted into prompts.

FAQ

Frequently asked questions

What is PII masking?
PII masking is the practice of detecting personal or sensitive identifiers in text and replacing them with placeholders before sending the text to a third-party system. In Privian's case, masking runs at the gateway before any provider call and is reversed on the way back via rehydration.
Does the model ever see the original values?
No. Only the masked prompt — with placeholders like PERSON_1, EMAIL_2 — is forwarded to the provider.
What sensitive data types are supported in the beta?
Common personal identifiers (names, emails, phone numbers, IP addresses), financial identifiers (credit card numbers, IBANs), national IDs (US SSN, Canadian SIN), and developer secrets (JWTs, OpenAI keys, GitHub tokens, AWS keys, generic API keys, env-style secrets). See the supported entities section for the full current list.
Are placeholders stable across requests?
No. Placeholders are stable within a single request only. The mapping is held in memory for the duration of the request and discarded after the response is rehydrated.
Does Privian store raw prompts?
No. Raw prompts and responses are never persisted. Only structural counters are kept for observability.
Is Norwegian fødselsnummer supported?
Not yet. Norwegian national ID detection is tracked as future work for the beta and is not currently part of the supported entity set.

Related

Related documentation

Start building

Mask your first prompt

Get StartedRead the docs

Plans & pricing

Pricing for PII masking and prompt-level privacy

Privian's pricing is published transparently. Beta plans may change as the product matures.

View pricingRead the docs