Skip to main content
Wardin scans the outbound request body for PII patterns and replaces them with placeholder tokens before forwarding to any LLM provider. The original values never leave your network.

Built-in patterns

PatternExampleRedacted to
Email addressalice@example.com[EMAIL]
Phone number+1 (555) 867-5309[PHONE]
US Social Security Number123-45-6789[SSN]
Credit card number4111 1111 1111 1111[CREDIT_CARD]
IPv4 address192.168.1.1[IP_ADDRESS]

Custom patterns

Add your own regex patterns in the policy config:
type: pii_redaction
config:
  patterns:
    - email
    - phone
  custom_patterns:
    - name: employee_id
      regex: 'EMP-\d{6}'
      replacement: '[EMPLOYEE_ID]'
    - name: internal_order
      regex: 'ORD-[A-Z]{2}\d{8}'
      replacement: '[ORDER_ID]'

Audit logging

Every redaction event is logged to ClickHouse:
{
  "event_type": "pii_redacted",
  "key_id": "key_01j...",
  "patterns_matched": ["email", "employee_id"],
  "match_count": 2,
  "timestamp": "2025-01-15T10:05:00Z"
}
The log records what was redacted (the pattern name and count), not the original value.

Scope

PII redaction runs on:
  • The content field of all user and assistant messages
  • system prompt content
  • Tool results
It does not run on:
  • Response bodies from the provider (your own model output)
  • Metadata fields (model, max_tokens, etc.)

Enabling redaction

Attach a pii_redaction policy to a key or to the tenant (for org-wide enforcement):
curl -X POST https://api.wardin.ai/v1/policies \
  -H "Authorization: Bearer wardin_sk_ADMIN_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "global-pii",
    "type": "pii_redaction",
    "config": {
      "patterns": ["email", "phone", "ssn", "credit_card"]
    }
  }'
Then attach the policy to a key:
curl -X PATCH https://api.wardin.ai/v1/keys/key_01j... \
  -H "Authorization: Bearer wardin_sk_ADMIN_KEY" \
  -H "Content-Type: application/json" \
  -d '{"policyIds": ["policy_01j..."]}'