Skip to main content

Use PII Masking with LLMs

Use this guide to reduce sensitive data exposure before content reaches an LLM.

The safest pattern is to call Guardian Layer from your backend, then send only the de-identified output to the model.

User message
-> Your backend
-> Guardian Layer
-> De-identified message
-> LLM
-> Response

Step 1: De-identify the User Message

curl -X POST "$CUSTODIAN_API_BASE_URL/api/v1/deidentify/text/proprietary/outputs" \
-H "X-API-Key: $CUSTODIAN_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"text": "My name is Jane Smith and my email is jane.smith@example.com. Can you summarize my case?",
"domain": "General",
"masking_type": "transform",
"pii_entities": ["ALL"]
}'

Use the first item in outputs as the safer message for the LLM.

Step 2: Send the Safer Message to the LLM

Pseudo-code:

deidentified_text = response["outputs"][0]["text"]

llm_response = llm.chat(
messages=[
{"role": "system", "content": "You are a helpful assistant."},
{"role": "user", "content": deidentified_text},
]
)

Keep the original message out of the LLM request unless your product explicitly requires it.

Choose Transform or Redact

ModeUse when
transformThe LLM needs a readable sentence with safer replacement values.
redactThe LLM does not need the sensitive values or natural replacements.

With the Python SDK

The Python SDK supports assistant workflows. Some backend deployments may support privacy-aware masking before LLM calls when privacy settings are enabled.

Confirm your environment's SDK and backend configuration before documenting or relying on automatic masking behavior.

For the SDK assistant flow, see Create Your First Assistant.

Safety Tips

  • Call Guardian Layer from the backend, not from browser code.
  • Log de-identified content instead of raw sensitive input when possible.
  • Do not include raw sensitive values in prompts unless required.
  • Test with fictional data before production data.
  • Review outputs before using them in high-stakes workflows.

Next Steps