Use PII Masking with LLMs
Use this guide to reduce sensitive data exposure before content reaches an LLM.
The safest pattern is to call Guardian Layer from your backend, then send only the de-identified output to the model.
Recommended Flow
User message
-> Your backend
-> Guardian Layer
-> De-identified message
-> LLM
-> Response
Step 1: De-identify the User Message
curl -X POST "$CUSTODIAN_API_BASE_URL/api/v1/deidentify/text/proprietary/outputs" \
-H "X-API-Key: $CUSTODIAN_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"text": "My name is Jane Smith and my email is jane.smith@example.com. Can you summarize my case?",
"domain": "General",
"masking_type": "transform",
"pii_entities": ["ALL"]
}'
Use the first item in outputs as the safer message for the LLM.
Step 2: Send the Safer Message to the LLM
Pseudo-code:
deidentified_text = response["outputs"][0]["text"]
llm_response = llm.chat(
messages=[
{"role": "system", "content": "You are a helpful assistant."},
{"role": "user", "content": deidentified_text},
]
)
Keep the original message out of the LLM request unless your product explicitly requires it.
Choose Transform or Redact
| Mode | Use when |
|---|---|
transform | The LLM needs a readable sentence with safer replacement values. |
redact | The LLM does not need the sensitive values or natural replacements. |
With the Python SDK
The Python SDK supports assistant workflows. Some backend deployments may support privacy-aware masking before LLM calls when privacy settings are enabled.
Confirm your environment's SDK and backend configuration before documenting or relying on automatic masking behavior.
For the SDK assistant flow, see Create Your First Assistant.
Safety Tips
- Call Guardian Layer from the backend, not from browser code.
- Log de-identified content instead of raw sensitive input when possible.
- Do not include raw sensitive values in prompts unless required.
- Test with fictional data before production data.
- Review outputs before using them in high-stakes workflows.