Safety classification + PII double-check
The SDK masks PII first, then an LLM double-audits. Email, phone, card, and national-ID numbers checked one by one.
Demo: Before / after PII redaction
Before redaction (original prompt)
Inquiry from Taro Yamada (taro.yamada@example.com, +81-80-1234-5678). Card 1234-5678-9012-3456, address 1-2-3 Ginza, Chuo-ku, Tokyo.
After redaction (what gets stored)
Inquiry from Taro Yamada ([REDACTED_EMAIL], [REDACTED_PHONE]). Card [REDACTED_CC], address 1-2-3 Ginza, Chuo-ku, Tokyo.
Context-dependent PII that remains — like names and addresses — is caught by the LLM second-pass audit.
SDK + LLM double check
An LLM catches what the SDK regex missed via a cron-based second pass.
Consent + delete rights
Plaintext storage requires two-step consent. Deletion goes through a dedicated endpoint.
Audit log
Every decryption is logged with who and when. Unauthorised decryption is structurally blocked.