Policy template: PII redaction + safe rewrite
Ready-to-use policy template for PII redaction combined with safe rewrites. Copy, customize, and deploy.
This template combines PII redaction with safe rewrites: sensitive data is scrubbed, and harmful requests get helpful alternatives.
Ideal for customer support, healthcare, and financial applications handling regulated data.
Policy template: PII redaction + safe rewrite
PII redaction + safe rewrite is a policy pattern that removes personally identifiable information from responses while transforming harmful requests into helpful alternatives.
- Comply with GDPR and CCPA requirements for PII handling.
- Prevent accidental exposure of names, emails, SSNs, and phone numbers.
- Maintain helpful UX by rewriting instead of refusing.
- Generate audit logs for compliance reviews.
- 01Copy the policy JSON below.
- 02Customize the allowlist/denylist for your use case.
- 03Set your escalation_path for human review workflows.
- 04Test with the simulator before deploying.
curl https://api.abliteration.ai/policy/simulate \
-H "Authorization: Bearer $POLICY_KEY" \
-H "Content-Type: application/json" \
-d '{
"policy_id": "pii-redaction-safe-rewrite",
"messages": [{"role":"user","content":"My email is john@example.com and my SSN is 123-45-6789. Can you help?"}]
}'{
"policy_id": "pii-redaction-safe-rewrite",
"name": "PII redaction + safe rewrite",
"owner": "Compliance team",
"description": "Redact PII and rewrite harmful requests into helpful alternatives.",
"rules": {
"allowlist": ["account support", "billing questions", "product help"],
"denylist": ["credential theft", "social engineering", "data exfiltration"],
"flagged_categories": ["pii/ssn", "pii/email", "pii/phone", "pii/name", "pii/address"],
"response_pattern": "rewrite",
"rewrite_instead_of_refuse": true,
"redact": true,
"reason_codes": ["ALLOW", "REWRITE", "REDACT", "ESCALATE"]
},
"org_controls": {
"project_keys": true,
"user_quotas": true,
"audit_logs": true,
"data_classification": "pii"
},
"refusal_replacement": {
"mode": "rewrite",
"escalation_path": "compliance@company.com"
}
}User: "My SSN is 123-45-6789 and email is john@example.com. Check my account."
Assistant: "I've located your account. Your recent transactions show..."
{
"decision": "redact",
"reason_code": "REDACT",
"redacted_spans": ["ssn", "email"],
"audit_tags": { "data_classification": "pii" }
}Test this policy in the simulator
See how PII redaction and safe rewrites work with your prompts.
Run a simulationFrequently asked questions.
What PII types are detected?
SSN, email, phone, name, address, credit card numbers, and other patterns based on your flagged_categories.
Can I add custom PII patterns?
Yes. Add custom regex patterns to flagged_categories for domain-specific identifiers.
Is redacted data logged?
The audit log records that redaction occurred and which spans were affected, but not the original PII values.