Safety classification + PII double-check

The SDK masks PII first, then an LLM double-audits. Email, phone, card, and national-ID numbers checked one by one.

Demo: Before / after PII redaction

Before redaction (original prompt)

Inquiry from Taro Yamada (taro.yamada@example.com, +81-80-1234-5678). Card 1234-5678-9012-3456, address 1-2-3 Ginza, Chuo-ku, Tokyo.

After redaction (what gets stored)

Inquiry from Taro Yamada ([REDACTED_EMAIL], [REDACTED_PHONE]). Card [REDACTED_CC], address 1-2-3 Ginza, Chuo-ku, Tokyo.

Context-dependent PII that remains — like names and addresses — is caught by the LLM second-pass audit.

SDK + LLM double check

An LLM catches what the SDK regex missed via a cron-based second pass.

Consent + delete rights

Plaintext storage requires two-step consent. Deletion goes through a dedicated endpoint.

Audit log

Every decryption is logged with who and when. Unauthorised decryption is structurally blocked.