Skip to main content

Guardian Layer

This page explains how to place Guardian Layer inside an application workflow.

For a high-level product introduction, start with Guardian Layer Overview. Use this page when you are ready to decide where Guardian Layer should sit in your stack.

Integration Role

Guardian Layer usually sits between sensitive user data and the systems that use that data.

In practice, you call Guardian Layer before text or documents are sent to an AI model, stored in a database, shared with another service, or displayed in a downstream workflow.

Where It Fits

A common integration flow looks like this:

  1. Your application receives user input.
  2. Your backend sends the input to Guardian Layer.
  3. Guardian Layer returns de-identified output.
  4. Your application sends the safer output to an AI model, database, review queue, or customer-facing workflow.
User input
-> Your application
-> Guardian Layer
-> De-identified output
-> AI model / storage / workflow

This keeps sensitive values from moving deeper into your stack unless they are required.

Choosing a Guardian Layer Workflow

Use the workflow that matches your input type and output goal.

InputGoalUse
TextUnderstand what may be sensitive before changing it.Detection
TextKeep the text readable with safer replacements.Transform
TextHide sensitive values visibly.Redact
FileDe-identify document or tabular content.File De-identification
Assistant workflowReduce sensitive exposure before or during AI interactions.Guardian Layer with the application or SDK flow

Text Workflow

For text, the typical path is:

  1. Start with a sample request in the Dashboard or API.
  2. Choose whether you need transform or redact.
  3. Optionally set pii_entities to control which categories are processed.
  4. Send the request from your backend.
  5. Use the returned output in the next step of your application.

For readable replacement output, see Transform (Proprietary).

For visible masking output, see Redact / Masking / Placeholder.

File Workflow

For files, Guardian Layer uses file-specific endpoints instead of the plain text endpoint.

Use file de-identification when users upload:

  • CSV or spreadsheet-style files.
  • DOCX documents.
  • PDF files with extractable text.
  • TXT files.

The same high-level choices still apply: you choose whether the file should be transformed or redacted, and you can limit processing to selected entity categories.

For the full file flow, see File De-identification.

Application-Level Pattern

For production applications, avoid calling Guardian Layer directly from client-side code.

Use this pattern instead:

  1. Store the Custodian API key securely on your backend.
  2. Accept user text or files from your frontend.
  3. Send the content from your backend to Guardian Layer.
  4. Return only the de-identified result to the frontend or next system.

This keeps your API key out of the browser and gives your backend control over logging, retries, user permissions, and usage limits.

Dashboard vs API vs SDK

You can interact with Guardian Layer in a few different ways.

MethodBest for
DashboardQuick manual testing and product exploration.
APIBackend integration, automation, and production workflows.
Python SDKAssistant and application workflows that use Custodian from Python.

The Dashboard is useful for confirming behavior. The API is the main integration path for product code.

Implementation Checklist

Before using Guardian Layer in an application, confirm that you have:

  • A Custodian account.
  • An active plan with available credits.
  • A generated API key.
  • A backend place to store and use the API key.
  • A clear choice between transform and redact.
  • A decision about whether to process all entities or only selected categories.
  • A test request that confirms the output shape your application expects.

Notes

  • Guardian Layer should be treated as part of the privacy path in your product architecture.
  • Use transform when readability matters.
  • Use redact when hiding sensitive values matters more than natural-looking output.
  • Use file endpoints for uploaded files.
  • Use your backend for API calls that require your Custodian API key.

Next Steps