Skip to content

PII and Sensitive Data Anonymization

Personally identifiable information (PII), or sensitive personal information (SPI), refers to information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Some examples of PII include Social Security Number, email address, credit card numbers, passport number, home address, and so forth.

Kore.ai allows you to redact any sensitive information that users share with your bots. When you enable redaction for an information type, you can transform its value into a pattern that doesn’t contain comprehensible data. Any end-user input that matches the PII pattern gets redacted by the platform in the context object, chat logs, and all other places. Learn More.

Protecting Sensitive Data in LLM Interactions

In LLM interactions, the platform maintains the conversation context by anonymizing data instead of redacting it. Sensitive data is replaced with descriptive placeholders in LLM calls. For example, if the Phone Number is configured for redaction in the global PII Settings, it will be replaced with "[Phone Number]". This enhances privacy and security, reducing the risk of exposing personal information to external LLM services.

Note

Data anonymization is automatically applied to all the runtime features.

De-identification of PII Data

The XO platform now supports the detection and protection of Personally Identifiable Information (PII) at the Agent Node level. Users can choose whether to send redacted or original values to the language model, giving them more control over data exposure.

  • Do not de-identify PII data when making LLM calls: If selected, the platform sends the original PII values to the LLM without redaction or masking.

  • Use original values of PII data in service calls (Coming Soon): The platform sends original PII values to the service nodes or SearchAI nodes, as configured at the Agent Node level or globally in PII Settings.