How it works
When PII redaction is enabled for your organization, every incoming trace is scanned during ingestion. Detected sensitive values are replaced with category-specific placeholders before the data is written to storage. The redaction runs on all text fields across your traces:- Runs - user prompts, full prompts, responses, status messages, attributes, and metadata
- Steps - prompts, responses, status messages, and attributes
- Tool calls - arguments, results, status messages, and attributes
What gets redacted
| Data type | Placeholder | Example |
|---|---|---|
| Email addresses | [EMAIL] | jane@example.com → [EMAIL] |
| Social Security numbers | [SSN] | 123-45-6789 → [SSN] |
| Credit card numbers | [CREDIT_CARD] | 4111 1111 1111 1111 → [CREDIT_CARD] |
| IP addresses (IPv4) | [IP_ADDRESS] | 203.0.113.42 → [IP_ADDRESS] |
| Phone numbers | [PHONE] | +1 (415) 555-2671 → [PHONE] |
| API keys and secrets | [API_KEY] | sk-test1234abcd5678efgh → [API_KEY] |
Credit card detection uses the Luhn algorithm to avoid false positives on arbitrary number sequences. Phone number detection requires formatting characters (parentheses, plus sign, or dash) and a valid digit count to reduce false matches.
Availability
PII redaction is available on the Enterprise plan. Contact us at support@thecontext.company to enable it for your organization.Things to keep in mind
- Redaction is irreversible - original values are never stored and cannot be recovered.
- Redaction is idempotent - applying it multiple times produces the same result, so placeholder tokens like
[EMAIL]are not double-redacted. - Redaction happens before data reaches storage, search indexes, and pattern detection. Downstream features like insight search and monitoring operate on the redacted text.