GPTfy Glossary
PII Masking
Detecting and redacting personally identifiable information (names, emails, SSNs) from text before sending to an external LLM, then restoring in the response.
PII masking solves a hard constraint: most enterprise data contains PII, and most LLMs are external APIs. Sending raw customer data risks compliance violations (GDPR, HIPAA), unintended training on your data, and audit failures.
The masking flow: (1) before sending to LLM, scan the prompt for PII patterns (regex + ML classifiers); (2) replace each instance with a token like `[PERSON_1]`, `[EMAIL_2]`; (3) store the mapping in a vault; (4) send the masked prompt to the LLM; (5) on response, restore the original values from the mapping.
Implementations vary in coverage: simple regex catches obvious patterns (SSN, credit cards) but misses names, addresses, custom identifiers. Modern systems use named-entity-recognition models to catch the harder cases. The Einstein Trust Layer and gptfy's Security Layer both implement PII masking with these techniques.
See PII Masking in GPTfy
Book a 30-minute demo with a GPTfy engineer to see how this works in a Salesforce org like yours.
Book a demo