DEV Community: Michal Vich The latest articles on DEV Community by Michal Vich (@mnagas). https://dev.to/mnagas https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3804616%2Fa6fcbe68-3b20-4da1-8dc7-b4e1bd61897a.jpg DEV Community: Michal Vich https://dev.to/mnagas en Stop Leaking Customer Data to LLMs — A 60-Second Fix Michal Vich Tue, 03 Mar 2026 21:23:32 +0000 https://dev.to/mnagas/stop-leaking-customer-data-to-llms-a-60-second-fix-3k6l https://dev.to/mnagas/stop-leaking-customer-data-to-llms-a-60-second-fix-3k6l <p>Every time we call OpenAI, Anthropic, or any LLM API, the input gets logged on their servers. If that input contains a customer's name, email, SSN, or credit card number — congratulations, we just sent PII to a third party.</p> <h2> The Numbers Nobody Wants to See </h2> <ul> <li>GDPR fines in 2024: <strong>€2.1 billion</strong> </li> <li>Average data breach lawsuit settlement: <strong>$3.8 million</strong> </li> <li>HIPAA violation penalty range: <strong>$100 to $50,000 per record</strong> </li> </ul> <p>And it's not just fines. One customer complaint to a data protection authority triggers an investigation. If they find we've been piping raw personal data to OpenAI's API — with no safeguards, no data processing agreement, no anonymization — that's not a good day.</p> <p>Most AI apps handle exactly this kind of data: support tickets, medical intake, financial queries, HR documents. The LLM needs context to be useful, but that context is full of PII.</p> <h2> The Simple Fix </h2> <p>Replace PII with tokens before it hits the model. Restore the originals in the output. The model never sees real data, the response is still complete.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Input: "John Doe (john@acme.com) needs a refund" ↓ tokenize Safe: "&lt;Person_1&gt; (&lt;Email Address_1&gt;) needs a refund" ↓ LLM processes it Output: "I've processed &lt;Person_1&gt;'s refund request" ↓ detokenize Final: "I've processed John Doe's refund request" </code></pre> </div> <p>That's it. Three steps. The model works with placeholders, the output reads naturally, and customer data stays on our side.</p> <h2> Implementation (60 Seconds) </h2> <p>Install:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>blindfold-sdk </code></pre> </div> <p>Run — no API key needed, works offline:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">blindfold</span> <span class="kn">import</span> <span class="n">Blindfold</span> <span class="n">bf</span> <span class="o">=</span> <span class="nc">Blindfold</span><span class="p">()</span> <span class="n">text</span> <span class="o">=</span> <span class="sh">"</span><span class="s">Contact us at sarah@example.com or 555-867-5309. SSN: 123-45-6789</span><span class="sh">"</span> <span class="c1"># Detect PII </span><span class="n">detected</span> <span class="o">=</span> <span class="n">bf</span><span class="p">.</span><span class="nf">detect</span><span class="p">(</span><span class="n">text</span><span class="p">)</span> <span class="k">for</span> <span class="n">entity</span> <span class="ow">in</span> <span class="n">detected</span><span class="p">.</span><span class="n">detected_entities</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">entity</span><span class="p">.</span><span class="nb">type</span><span class="si">}</span><span class="s">: </span><span class="sh">'</span><span class="si">{</span><span class="n">entity</span><span class="p">.</span><span class="n">text</span><span class="si">}</span><span class="sh">'</span><span class="s"> (score: </span><span class="si">{</span><span class="n">entity</span><span class="p">.</span><span class="n">score</span><span class="si">:</span><span class="p">.</span><span class="mi">2</span><span class="n">f</span><span class="si">}</span><span class="s">)</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Email Address: 'sarah@example.com' (score: 0.95) # Phone Number: '555-867-5309' (score: 0.90) # Social Security Number: '123-45-6789' (score: 1.00) </span> <span class="c1"># Tokenize </span><span class="n">result</span> <span class="o">=</span> <span class="n">bf</span><span class="p">.</span><span class="nf">tokenize</span><span class="p">(</span><span class="n">text</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">result</span><span class="p">.</span><span class="n">text</span><span class="p">)</span> <span class="c1"># "Contact us at &lt;Email Address_1&gt; or &lt;Phone Number_1&gt;. SSN: &lt;Social Security Number_1&gt;" </span> <span class="c1"># Detokenize — restore originals </span><span class="n">original</span> <span class="o">=</span> <span class="n">bf</span><span class="p">.</span><span class="nf">detokenize</span><span class="p">(</span><span class="n">result</span><span class="p">.</span><span class="n">text</span><span class="p">,</span> <span class="n">result</span><span class="p">.</span><span class="n">mapping</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">original</span><span class="p">.</span><span class="n">text</span><span class="p">)</span> <span class="c1"># "Contact us at sarah@example.com or 555-867-5309. SSN: 123-45-6789" </span></code></pre> </div> <p>That's local mode. No API key, no network calls, nothing leaves the machine. 86 regex detectors, 80+ entity types, 30+ countries.</p> <h2> Plug It Into Any LLM </h2> <p>Here's the full pattern with OpenAI. Set your API keys:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">export </span><span class="nv">BLINDFOLD_API_KEY</span><span class="o">=</span><span class="s2">"your-blindfold-api-key"</span> <span class="nb">export </span><span class="nv">OPENAI_API_KEY</span><span class="o">=</span><span class="s2">"your-openai-api-key"</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">blindfold</span> <span class="kn">import</span> <span class="n">Blindfold</span> <span class="kn">from</span> <span class="n">openai</span> <span class="kn">import</span> <span class="n">OpenAI</span> <span class="n">bf</span> <span class="o">=</span> <span class="nc">Blindfold</span><span class="p">()</span> <span class="n">llm</span> <span class="o">=</span> <span class="nc">OpenAI</span><span class="p">()</span> <span class="n">user_input</span> <span class="o">=</span> <span class="p">(</span> <span class="sh">"</span><span class="s">Write a follow-up email to John Doe at john@example.com </span><span class="sh">"</span> <span class="sh">"</span><span class="s">about his refund for order #1234.</span><span class="sh">"</span> <span class="p">)</span> <span class="c1"># 1. Tokenize </span><span class="n">tokenized</span> <span class="o">=</span> <span class="n">bf</span><span class="p">.</span><span class="nf">tokenize</span><span class="p">(</span><span class="n">user_input</span><span class="p">,</span> <span class="n">policy</span><span class="o">=</span><span class="sh">"</span><span class="s">basic</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># "&lt;Person_1&gt; at &lt;Email Address_1&gt;..." — no real data </span> <span class="c1"># 2. Send safe text to LLM </span><span class="n">response</span> <span class="o">=</span> <span class="n">llm</span><span class="p">.</span><span class="n">chat</span><span class="p">.</span><span class="n">completions</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span> <span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">gpt-4o-mini</span><span class="sh">"</span><span class="p">,</span> <span class="n">messages</span><span class="o">=</span><span class="p">[</span> <span class="p">{</span><span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">system</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">You are a customer support assistant.</span><span class="sh">"</span><span class="p">},</span> <span class="p">{</span><span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">user</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="n">tokenized</span><span class="p">.</span><span class="n">text</span><span class="p">},</span> <span class="p">],</span> <span class="p">)</span> <span class="n">llm_output</span> <span class="o">=</span> <span class="n">response</span><span class="p">.</span><span class="n">choices</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="n">message</span><span class="p">.</span><span class="n">content</span> <span class="c1"># 3. Restore originals </span><span class="n">result</span> <span class="o">=</span> <span class="n">bf</span><span class="p">.</span><span class="nf">detokenize</span><span class="p">(</span><span class="n">llm_output</span><span class="p">,</span> <span class="n">tokenized</span><span class="p">.</span><span class="n">mapping</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">result</span><span class="p">.</span><span class="n">text</span><span class="p">)</span> <span class="c1"># The email now reads "John Doe" and "john@example.com" — not tokens </span></code></pre> </div> <p>Swap <code>openai</code> for <code>anthropic</code>, <code>mistralai</code>, <code>cohere</code>, or a local model on Ollama. Blindfold doesn't care what's in the middle.</p> <h2> What Gets Detected </h2> <p><strong>Local mode (regex, no API key):</strong></p> <ul> <li>Email addresses</li> <li>Phone numbers (international formats)</li> <li>Social Security Numbers</li> <li>Credit card numbers (with Luhn validation)</li> <li>IBANs (30+ countries)</li> <li>IP addresses (v4 and v6)</li> <li>Dates of birth</li> <li>Passport numbers, driver's licenses</li> <li>Tax IDs, VAT numbers</li> <li>URLs, cryptocurrency addresses</li> <li>80+ entity types total</li> </ul> <p><strong>Cloud API (AI + regex):</strong></p> <ul> <li>Everything above, plus:</li> <li>Person names (any language)</li> <li>Company names</li> <li>Physical addresses</li> <li>Medical terms and conditions</li> <li>Context-dependent entities</li> </ul> <p>Local mode handles structured patterns. The cloud API adds AI-based detection for things regex can't catch — like knowing "Springfield" is an address in one sentence and a company name in another.</p> <h2> Not Just Redaction </h2> <p>Most tools only redact. Blindfold gives us six options:</p> <ul> <li> <strong>tokenize</strong> → <code>&lt;Person_1&gt;</code> — Send to LLM, restore later. Reversible.</li> <li> <strong>redact</strong> → <code>[REDACTED]</code> — Gone forever. For logs, indexes, storage.</li> <li> <strong>mask</strong> → <code>J*** D**</code> — Show partial data to end users.</li> <li> <strong>hash</strong> → <code>a1b2c3d4...</code> — Analytics and dedup without exposing data.</li> <li> <strong>synthesize</strong> → <code>Jane Smith</code> — Realistic fake data for testing.</li> <li> <strong>encrypt</strong> → <code>enc:x8f2k...</code> — Reversible with a key. For compliance archives.</li> </ul> <p>Redaction is fine for logs. But for LLM pipelines, we need <strong>tokenize</strong> — the model works with placeholders, and we restore the originals after. One-way redaction breaks the workflow.</p> <h2> Built-In Compliance Policies </h2> <p>Instead of manually listing which entity types to detect, we pick a policy:</p> <ul> <li> <strong>basic</strong> — Names, emails, phones, locations. General apps.</li> <li> <strong>gdpr_eu</strong> — Adds IBANs, dates of birth, EU-specific identifiers.</li> <li> <strong>hipaa_us</strong> — Adds SSNs, medical record numbers, health data.</li> <li> <strong>pci_dss</strong> — Adds card numbers, CVVs, expiry dates.</li> <li> <strong>strict</strong> — Everything, lower confidence threshold.</li> </ul> <p>One parameter. Done.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">result</span> <span class="o">=</span> <span class="n">bf</span><span class="p">.</span><span class="nf">tokenize</span><span class="p">(</span><span class="n">text</span><span class="p">,</span> <span class="n">policy</span><span class="o">=</span><span class="sh">"</span><span class="s">hipaa_us</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <h2> Why Not Build It Yourself? </h2> <p>I tried. Here's what happens:</p> <ol> <li>We start with a regex for emails. Easy.</li> <li>Add phone numbers. Now we need 20+ international formats.</li> <li>Credit cards need Luhn validation. SSNs need range checks.</li> <li>IBANs are different for every country. 30+ formats.</li> <li>Person names? Regex can't do that. Now we need NLP.</li> <li>Six months later, we have a fragile pile of regexes that misses half the edge cases and we're maintaining it instead of building our product.</li> </ol> <p>Blindfold ships 86 regex detectors covering 80+ entity types out of the box. The cloud API adds AI detection for names and context-dependent entities. It's tested, it's maintained, and it's not our problem.</p> <h2> Data Residency </h2> <p>For regulated industries, where data is processed matters:</p> <ul> <li> <code>region="eu"</code> → Frankfurt, Germany</li> <li> <code>region="us"</code> → Virginia, US </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">bf</span> <span class="o">=</span> <span class="nc">Blindfold</span><span class="p">(</span><span class="n">region</span><span class="o">=</span><span class="sh">"</span><span class="s">eu</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p>Data stays in the region. No transatlantic transfers. GDPR auditors stop asking questions.</p> <h2> It's Not Just Python </h2> <ul> <li> <strong>JavaScript/TypeScript</strong>: <code>npm install @blindfold/sdk</code> </li> <li> <strong>Go</strong>: <code>go get github.com/blindfold-dev/blindfold-go</code> </li> <li> <strong>Java</strong>: Maven Central <code>dev.blindfold:blindfold-sdk</code> </li> <li> <strong>.NET</strong>: NuGet <code>Blindfold.Sdk</code> </li> <li> <strong>CLI</strong>: <code>npm install -g @blindfold/cli</code> </li> <li> <strong>MCP Server</strong>: <code>npm install @blindfold/mcp-server</code> (for AI agents)</li> <li> <strong>LangChain</strong>: <code>pip install langchain-blindfold</code> </li> </ul> <p>Same API, same policies, same token format across all of them.</p> <h2> Pricing Reality </h2> <ul> <li> <strong>Local mode</strong>: Free. Forever. No API key. No limits.</li> <li> <strong>Cloud API free tier</strong>: 500K characters/month. No credit card.</li> <li> <strong>Paid plans</strong>: Usage-based. Pay for what we use.</li> </ul> <p>No $200/month minimums. No enterprise-only tiers to get basic features. Local mode alone covers most use cases — the cloud API is there when we need AI-powered name and address detection.</p> <h2> Get Started </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>blindfold-sdk </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">blindfold</span> <span class="kn">import</span> <span class="n">Blindfold</span> <span class="n">bf</span> <span class="o">=</span> <span class="nc">Blindfold</span><span class="p">()</span> <span class="n">result</span> <span class="o">=</span> <span class="n">bf</span><span class="p">.</span><span class="nf">tokenize</span><span class="p">(</span><span class="sh">"</span><span class="s">Call me at 555-0123, my SSN is 123-45-6789</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">result</span><span class="p">.</span><span class="n">text</span><span class="p">)</span> <span class="c1"># "Call me at &lt;Phone Number_1&gt;, my SSN is &lt;Social Security Number_1&gt;" </span></code></pre> </div> <p>Three lines. No API key. Run it right now.</p> <ul> <li><a href="https://docs.blindfold.dev" rel="noopener noreferrer">Documentation</a></li> <li><a href="https://github.com/blindfold-dev" rel="noopener noreferrer">GitHub</a></li> <li><a href="https://app.blindfold.dev" rel="noopener noreferrer">Dashboard</a></li> </ul> <p><em>Stop trusting LLM providers with customer data. Tokenize first.</em></p> How to Protect PII in LLM Pipelines with Python Michal Vich Tue, 03 Mar 2026 21:02:31 +0000 https://dev.to/mnagas/how-to-protect-pii-in-llm-pipelines-with-python-pek https://dev.to/mnagas/how-to-protect-pii-in-llm-pipelines-with-python-pek <p><em>Tokenize personal data before it reaches the model, restore it in the output.</em></p> <p>If we're building AI features that handle customer data — support tickets, medical intake, financial queries — we have a problem. Every prompt we send to an LLM API is logged, cached, and potentially used for training. Names, emails, SSNs, medical records: all of it lands on someone else's servers.</p> <p>GDPR says we can't send EU personal data to third-party processors without safeguards. HIPAA says protected health information must be de-identified. And even outside regulated industries, sending raw customer data to OpenAI or Anthropic is a liability we shouldn't accept.</p> <p>Here's what a naive implementation looks like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">openai</span> <span class="kn">import</span> <span class="n">OpenAI</span> <span class="n">client</span> <span class="o">=</span> <span class="nc">OpenAI</span><span class="p">()</span> <span class="c1"># Every name, email, and SSN in this text hits OpenAI's servers </span><span class="n">response</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="n">chat</span><span class="p">.</span><span class="n">completions</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span> <span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">gpt-4o-mini</span><span class="sh">"</span><span class="p">,</span> <span class="n">messages</span><span class="o">=</span><span class="p">[{</span> <span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">user</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="p">(</span> <span class="sh">"</span><span class="s">Summarize this support ticket: Customer John Doe (john@acme.com) </span><span class="sh">"</span> <span class="sh">"</span><span class="s">called about order #4521. His SSN 123-45-6789 was used for verification.</span><span class="sh">"</span> <span class="p">),</span> <span class="p">}],</span> <span class="p">)</span> </code></pre> </div> <p>John Doe's name, email, and SSN are now in OpenAI's logs. We can do better.</p> <h2> The Approach: Tokenize, Process, Detokenize </h2> <p>The fix is straightforward: replace PII with deterministic tokens <em>before</em> it reaches the model, then restore the originals in the output.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>"John Doe (john@acme.com)" ↓ tokenize "&lt;Person_1&gt; (&lt;Email Address_1&gt;)" ↓ send to LLM "I've noted &lt;Person_1&gt;'s issue..." ↓ detokenize "I've noted John Doe's issue..." </code></pre> </div> <p>The model never sees real data. It works with placeholders that preserve sentence structure, so the output quality stays the same. When we detokenize, the final response reads naturally with all the original values restored.</p> <p><a href="https://blindfold.dev" rel="noopener noreferrer">Blindfold</a> handles both sides of this — the PII detection and the token mapping — and it works with any LLM provider (OpenAI, Anthropic, Mistral, local models, etc.).</p> <h2> Setup </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>blindfold-sdk </code></pre> </div> <p>That's all we need to start. Blindfold works locally out of the box — no API key, no account, no network calls.</p> <h2> Example 1: Try It Locally (No API Key, No Network Calls) </h2> <p>Let's start with something we can run right now. Without an API key, Blindfold runs entirely on our machine using regex-based detection. Nothing leaves the process:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">blindfold</span> <span class="kn">import</span> <span class="n">Blindfold</span> <span class="c1"># No API key = local mode (regex-only, runs entirely on your machine) </span><span class="n">bf</span> <span class="o">=</span> <span class="nc">Blindfold</span><span class="p">()</span> <span class="n">text</span> <span class="o">=</span> <span class="sh">"</span><span class="s">Contact us at sarah@example.com or 555-867-5309. SSN: 123-45-6789</span><span class="sh">"</span> <span class="c1"># Detect — find PII without modifying the text </span><span class="n">detected</span> <span class="o">=</span> <span class="n">bf</span><span class="p">.</span><span class="nf">detect</span><span class="p">(</span><span class="n">text</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Found </span><span class="si">{</span><span class="n">detected</span><span class="p">.</span><span class="n">entities_count</span><span class="si">}</span><span class="s"> entities:</span><span class="sh">"</span><span class="p">)</span> <span class="k">for</span> <span class="n">entity</span> <span class="ow">in</span> <span class="n">detected</span><span class="p">.</span><span class="n">detected_entities</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s"> </span><span class="si">{</span><span class="n">entity</span><span class="p">.</span><span class="nb">type</span><span class="si">}</span><span class="s">: </span><span class="sh">'</span><span class="si">{</span><span class="n">entity</span><span class="p">.</span><span class="n">text</span><span class="si">}</span><span class="sh">'</span><span class="s"> (score: </span><span class="si">{</span><span class="n">entity</span><span class="p">.</span><span class="n">score</span><span class="si">:</span><span class="p">.</span><span class="mi">2</span><span class="n">f</span><span class="si">}</span><span class="s">)</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Found 3 entities: # Email Address: 'sarah@example.com' (score: 0.95) # Phone Number: '555-867-5309' (score: 0.90) # Social Security Number: '123-45-6789' (score: 1.00) </span> <span class="c1"># Tokenize — replace PII with reversible tokens </span><span class="n">result</span> <span class="o">=</span> <span class="n">bf</span><span class="p">.</span><span class="nf">tokenize</span><span class="p">(</span><span class="n">text</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="se">\n</span><span class="s">Tokenized: </span><span class="si">{</span><span class="n">result</span><span class="p">.</span><span class="n">text</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Tokenized: Contact us at &lt;Email Address_1&gt; or &lt;Phone Number_1&gt;. SSN: &lt;Social Security Number_1&gt; </span> <span class="c1"># Detokenize — restore originals </span><span class="n">original</span> <span class="o">=</span> <span class="n">bf</span><span class="p">.</span><span class="nf">detokenize</span><span class="p">(</span><span class="n">result</span><span class="p">.</span><span class="n">text</span><span class="p">,</span> <span class="n">result</span><span class="p">.</span><span class="n">mapping</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Restored: </span><span class="si">{</span><span class="n">original</span><span class="p">.</span><span class="n">text</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Restored: Contact us at sarah@example.com or 555-867-5309. SSN: 123-45-6789 </span> <span class="c1"># Redact — permanently remove PII </span><span class="n">redacted</span> <span class="o">=</span> <span class="n">bf</span><span class="p">.</span><span class="nf">redact</span><span class="p">(</span><span class="n">text</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="se">\n</span><span class="s">Redacted: </span><span class="si">{</span><span class="n">redacted</span><span class="p">.</span><span class="n">text</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Redacted: Contact us at [REDACTED] or [REDACTED]. SSN: [REDACTED] </span></code></pre> </div> <p>Local mode covers 80+ pattern-based entity types (emails, phone numbers, SSNs, credit cards, IBANs, and more) across 30+ countries using 86 built-in regex detectors. It's fast, deterministic, and has zero external dependencies. For detecting names, addresses, and other context-dependent entities, we switch to the cloud API (Example 4), which adds AI-based detection on top of the regex layer.</p> <h2> Example 2: Detect-Only Mode </h2> <p>Sometimes we don't want to modify text — just know what PII is in it. The <code>detect()</code> method returns every entity with its type, position, and confidence score:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">blindfold</span> <span class="kn">import</span> <span class="n">Blindfold</span> <span class="n">bf</span> <span class="o">=</span> <span class="nc">Blindfold</span><span class="p">()</span> <span class="n">result</span> <span class="o">=</span> <span class="n">bf</span><span class="p">.</span><span class="nf">detect</span><span class="p">(</span> <span class="sh">"</span><span class="s">Email john@acme.com or call 555-0123. SSN: 123-45-6789</span><span class="sh">"</span><span class="p">,</span> <span class="n">policy</span><span class="o">=</span><span class="sh">"</span><span class="s">strict</span><span class="sh">"</span><span class="p">,</span> <span class="p">)</span> <span class="k">for</span> <span class="n">entity</span> <span class="ow">in</span> <span class="n">result</span><span class="p">.</span><span class="n">detected_entities</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">entity</span><span class="p">.</span><span class="nb">type</span><span class="si">}</span><span class="s">: </span><span class="sh">'</span><span class="si">{</span><span class="n">entity</span><span class="p">.</span><span class="n">text</span><span class="si">}</span><span class="sh">'</span><span class="s"> (score: </span><span class="si">{</span><span class="n">entity</span><span class="p">.</span><span class="n">score</span><span class="si">:</span><span class="p">.</span><span class="mi">2</span><span class="n">f</span><span class="si">}</span><span class="s">)</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Email Address: 'john@acme.com' (score: 0.95) # Phone Number: '555-0123' (score: 0.90) # Social Security Number: '123-45-6789' (score: 1.00) </span></code></pre> </div> <p>Use this to build guardrails: block messages containing PII before they reach the model, generate audit trails for compliance, or flag content for human review.</p> <h2> Going Further: Cloud API </h2> <p>When we need to detect names, addresses, and other context-dependent entities — not just structured patterns — we switch to the Blindfold cloud API, which adds AI-based detection on top of the regex layer.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">export </span><span class="nv">BLINDFOLD_API_KEY</span><span class="o">=</span><span class="s2">"your-blindfold-api-key"</span> </code></pre> </div> <p>Sign up at <a href="https://blindfold.dev" rel="noopener noreferrer">blindfold.dev</a> to get an API key. The free tier covers 500K characters per month.</p> <h2> Example 3: Redact PII from Documents </h2> <p>When storing or indexing text (RAG pipelines, search indexes, logs), we often want PII permanently removed rather than tokenized:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">blindfold</span> <span class="kn">import</span> <span class="n">Blindfold</span> <span class="n">bf</span> <span class="o">=</span> <span class="nc">Blindfold</span><span class="p">()</span> <span class="c1"># uses BLINDFOLD_API_KEY env var </span> <span class="n">medical_note</span> <span class="o">=</span> <span class="p">(</span> <span class="sh">"</span><span class="s">Patient Sarah Johnson (DOB 03/15/1985) was diagnosed with </span><span class="sh">"</span> <span class="sh">"</span><span class="s">Type 2 diabetes. Contact: sarah.j@email.com, SSN 234-56-7890.</span><span class="sh">"</span> <span class="p">)</span> <span class="n">redacted</span> <span class="o">=</span> <span class="n">bf</span><span class="p">.</span><span class="nf">redact</span><span class="p">(</span><span class="n">medical_note</span><span class="p">,</span> <span class="n">policy</span><span class="o">=</span><span class="sh">"</span><span class="s">hipaa_us</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">redacted</span><span class="p">.</span><span class="n">text</span><span class="p">)</span> <span class="c1"># "Patient [REDACTED] (DOB [REDACTED]) was diagnosed with # Type 2 diabetes. Contact: [REDACTED], SSN [REDACTED]." </span></code></pre> </div> <p>With <code>redact()</code>, PII is permanently removed — there's no mapping to reverse. Notice that "Sarah Johnson" is detected as a person name — this requires the cloud API's AI model; local regex mode can't detect arbitrary names. This is the right choice for indexing, logging, or any case where we want the data gone, not just hidden.</p> <h2> Example 4: Protect Any LLM Call (Cloud API) </h2> <p>The full pattern: tokenize the input (including names), send safe text to the model, detokenize the output.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>openai <span class="nb">export </span><span class="nv">OPENAI_API_KEY</span><span class="o">=</span><span class="s2">"your-openai-api-key"</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">blindfold</span> <span class="kn">import</span> <span class="n">Blindfold</span> <span class="kn">from</span> <span class="n">openai</span> <span class="kn">import</span> <span class="n">OpenAI</span> <span class="n">bf</span> <span class="o">=</span> <span class="nc">Blindfold</span><span class="p">()</span> <span class="n">openai</span> <span class="o">=</span> <span class="nc">OpenAI</span><span class="p">()</span> <span class="n">user_message</span> <span class="o">=</span> <span class="p">(</span> <span class="sh">"</span><span class="s">Write a follow-up email to John Doe at john@example.com </span><span class="sh">"</span> <span class="sh">"</span><span class="s">about his refund for order #1234.</span><span class="sh">"</span> <span class="p">)</span> <span class="c1"># Step 1: Tokenize — PII is replaced with tokens </span><span class="n">tokenized</span> <span class="o">=</span> <span class="n">bf</span><span class="p">.</span><span class="nf">tokenize</span><span class="p">(</span><span class="n">user_message</span><span class="p">,</span> <span class="n">policy</span><span class="o">=</span><span class="sh">"</span><span class="s">basic</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">tokenized</span><span class="p">.</span><span class="n">text</span><span class="p">)</span> <span class="c1"># "Write a follow-up email to &lt;Person_1&gt; at &lt;Email Address_1&gt; # about his refund for order #1234." </span> <span class="c1"># Step 2: Send safe text to the LLM </span><span class="n">response</span> <span class="o">=</span> <span class="n">openai</span><span class="p">.</span><span class="n">chat</span><span class="p">.</span><span class="n">completions</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span> <span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">gpt-4o-mini</span><span class="sh">"</span><span class="p">,</span> <span class="n">messages</span><span class="o">=</span><span class="p">[</span> <span class="p">{</span><span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">system</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">You are a helpful customer support assistant.</span><span class="sh">"</span><span class="p">},</span> <span class="p">{</span><span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">user</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="n">tokenized</span><span class="p">.</span><span class="n">text</span><span class="p">},</span> <span class="p">],</span> <span class="p">)</span> <span class="n">llm_output</span> <span class="o">=</span> <span class="n">response</span><span class="p">.</span><span class="n">choices</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="n">message</span><span class="p">.</span><span class="n">content</span> <span class="c1"># The model drafts an email to &lt;Person_1&gt; at &lt;Email Address_1&gt; </span> <span class="c1"># Step 3: Detokenize — restore original values </span><span class="n">result</span> <span class="o">=</span> <span class="n">bf</span><span class="p">.</span><span class="nf">detokenize</span><span class="p">(</span><span class="n">llm_output</span><span class="p">,</span> <span class="n">tokenized</span><span class="p">.</span><span class="n">mapping</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">result</span><span class="p">.</span><span class="n">text</span><span class="p">)</span> <span class="c1"># The model's email now reads "John Doe" and "john@example.com" </span></code></pre> </div> <p>The <code>policy</code> parameter controls which entity types are detected. <code>"basic"</code> covers names, emails, phone numbers, and locations. For regulated workloads, use <code>"gdpr_eu"</code>, <code>"hipaa_us"</code>, or <code>"pci_dss"</code>.</p> <p>This pattern works with any LLM provider — swap <code>openai</code> for <code>anthropic</code>, <code>mistralai</code>, or even a local model running on Ollama. Blindfold doesn't care what's in the middle.</p> <h2> Protection Methods </h2> <p>Blindfold supports six ways to handle detected PII, depending on the use case:</p> <ul> <li> <strong>tokenize</strong> → <code>&lt;Person_1&gt;</code> — LLM pipelines, reversible round-trips</li> <li> <strong>redact</strong> → <code>[REDACTED]</code> — Permanent removal, indexing, storage</li> <li> <strong>mask</strong> → <code>J*** D**</code> — Display to end users, partial visibility</li> <li> <strong>hash</strong> → <code>a1b2c3d4...</code> — Analytics, deduplication without exposing data</li> <li> <strong>synthesize</strong> → <code>Jane Smith</code> — Realistic fake data for testing</li> <li> <strong>encrypt</strong> → <code>enc:x8f2k...</code> — Reversible with encryption key</li> </ul> <h2> Compliance Policies </h2> <p>Each policy defines which entity types to detect and at what sensitivity:</p> <ul> <li> <strong>basic</strong> — Names, emails, phones, locations. Best for general apps.</li> <li> <strong>gdpr_eu</strong> — Adds IBANs, addresses, dates of birth. Best for EU compliance.</li> <li> <strong>hipaa_us</strong> — Adds SSNs, MRNs, medical terms. Best for healthcare.</li> <li> <strong>pci_dss</strong> — Adds card numbers, CVVs, expiry dates. Best for payment processing.</li> <li> <strong>strict</strong> — All entity types with a lower confidence threshold. Maximum coverage.</li> </ul> <p>Data residency is controlled via the <code>region</code> parameter: <code>"eu"</code> routes to Frankfurt, <code>"us"</code> routes to Virginia. Both the API and all SDKs support this.</p> <h2> Wrapping Up </h2> <p>Three steps — tokenize, call the LLM, detokenize — and customer data never leaves our control. It works with any model provider, any framework, and takes minutes to add to an existing codebase. Start locally with zero setup, switch to the cloud API when we need AI-powered accuracy.</p> <p><strong>Resources:</strong></p> <ul> <li><a href="https://docs.blindfold.dev" rel="noopener noreferrer">Documentation</a></li> <li><a href="https://github.com/blindfold-dev" rel="noopener noreferrer">GitHub</a></li> <li><a href="https://app.blindfold.dev" rel="noopener noreferrer">Dashboard &amp; API key</a></li> </ul> <p>Beyond Python, there are SDKs for <a href="https://www.npmjs.com/package/@blindfold/sdk" rel="noopener noreferrer">JavaScript</a>, <a href="https://pkg.go.dev/github.com/blindfold-dev/blindfold-go" rel="noopener noreferrer">Go</a>, <a href="https://central.sonatype.com/artifact/dev.blindfold/blindfold-sdk" rel="noopener noreferrer">Java</a>, <a href="https://www.nuget.org/packages/Blindfold.Sdk" rel="noopener noreferrer">.NET</a>, a <a href="https://www.npmjs.com/package/@blindfold/cli" rel="noopener noreferrer">CLI</a>, and an <a href="https://www.npmjs.com/package/@blindfold/mcp-server" rel="noopener noreferrer">MCP server</a> for AI agent workflows. There's also a <a href="https://github.com/blindfold-dev/langchain-blindfold" rel="noopener noreferrer">LangChain integration</a> if we want deeper framework support.</p> llm privacy python security