DEV Community: Trevor The latest articles on DEV Community by Trevor (@trevorthecreativeguy). https://dev.to/trevorthecreativeguy https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3989643%2F304acbd3-d17c-4106-9b8e-8e82352fbe3a.png DEV Community: Trevor https://dev.to/trevorthecreativeguy en How to Redact PII before sending prompts to OpenAI, Claude, or Gemini Trevor Wed, 17 Jun 2026 19:21:56 +0000 https://dev.to/trevorthecreativeguy/how-to-redact-pii-before-sending-prompts-to-openai-claude-or-gemini-25gg https://dev.to/trevorthecreativeguy/how-to-redact-pii-before-sending-prompts-to-openai-claude-or-gemini-25gg <p>If you send user text to an LLM, you are probably sending personal data with it without meaning to. A support message, a chat transcript, a pasted form. They carry names, emails, phone numbers, and sometimes card numbers, and all of it ends up in your prompt. Once that prompt leaves your server, the personal data is sitting in someone else's logs, which is a real problem under GDPR and HIPAA.</p> <p>The fix is simpler than most people expect, and it does not mean giving up the model. You redact the personal data before the prompt goes out, send the safe version to the model, then put the real values back into the answer. This post walks through that pattern with working code.</p> <h2> The pattern in three steps </h2> <ol> <li>Redact. Take your raw text and swap each piece of personal data for a placeholder like <code>[EMAIL_1]</code>. Keep a small map on your side that records which placeholder stands for which real value.</li> <li>Call the model with the redacted text. The model only ever sees placeholders, so the real data never lands in logs you do not control.</li> <li>Restore. Take the model's reply and your map, and put the real values back so the final output is useful to your user.</li> </ol> <p>That is the whole idea. The personal data takes a round trip through placeholders and never leaves your stack.</p> <h2> A real example </h2> <p>Say you run a support tool that uses GPT to summarize customer emails. A customer writes in with their email and phone number. You want the summary, but you do not want to ship their contact details to OpenAI.</p> <p>Here is the flow end to end. I am using a small API I built for the redact and restore steps, but the shape is the same no matter how you handle those two calls.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Real example: summarize a customer support email with GPT,</span> <span class="c1">// without sending any personal data to OpenAI.</span> <span class="kd">const</span> <span class="nx">SHIELD</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">https://llm-privacy-shield.p.rapidapi.com</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">shieldHeaders</span> <span class="o">=</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">content-type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">x-rapidapi-host</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">llm-privacy-shield.p.rapidapi.com</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">x-rapidapi-key</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">YOUR-RAPIDAPI-KEY</span><span class="dl">"</span> <span class="p">};</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">summarizeSafely</span><span class="p">(</span><span class="nx">customerEmail</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// 1. Redact PII before the text leaves your server.</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">redacted</span><span class="p">,</span> <span class="nx">token_map</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="nx">SHIELD</span> <span class="o">+</span> <span class="dl">"</span><span class="s2">/api/redact</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">POST</span><span class="dl">"</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="nx">shieldHeaders</span><span class="p">,</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">text</span><span class="p">:</span> <span class="nx">customerEmail</span> <span class="p">})</span> <span class="p">}).</span><span class="nf">then</span><span class="p">(</span><span class="nx">res</span> <span class="o">=&gt;</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">());</span> <span class="c1">// customerEmail:</span> <span class="c1">// "Hi, my confirmation went to john@acme.com but nothing arrived.</span> <span class="c1">// Please call me back on 415-555-0132."</span> <span class="c1">// redacted:</span> <span class="c1">// "Hi, my confirmation went to [EMAIL_1] but nothing arrived.</span> <span class="c1">// Please call me back on [PHONE_1]."</span> <span class="c1">// 2. Send only the safe version to your model. OpenAI is shown here.</span> <span class="c1">// Anthropic and Gemini work the same way, just swap this call.</span> <span class="kd">const</span> <span class="nx">completion</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">openai</span><span class="p">.</span><span class="nx">chat</span><span class="p">.</span><span class="nx">completions</span><span class="p">.</span><span class="nf">create</span><span class="p">({</span> <span class="na">model</span><span class="p">:</span> <span class="dl">"</span><span class="s2">gpt-4o-mini</span><span class="dl">"</span><span class="p">,</span> <span class="na">messages</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">role</span><span class="p">:</span> <span class="dl">"</span><span class="s2">system</span><span class="dl">"</span><span class="p">,</span> <span class="na">content</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Summarize this support email in one sentence.</span><span class="dl">"</span> <span class="p">},</span> <span class="p">{</span> <span class="na">role</span><span class="p">:</span> <span class="dl">"</span><span class="s2">user</span><span class="dl">"</span><span class="p">,</span> <span class="na">content</span><span class="p">:</span> <span class="nx">redacted</span> <span class="p">}</span> <span class="p">]</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">summary</span> <span class="o">=</span> <span class="nx">completion</span><span class="p">.</span><span class="nx">choices</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="nx">message</span><span class="p">.</span><span class="nx">content</span><span class="p">;</span> <span class="c1">// 3. Put the real contact details back for your support agent.</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">restored</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="nx">SHIELD</span> <span class="o">+</span> <span class="dl">"</span><span class="s2">/api/restore</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">POST</span><span class="dl">"</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="nx">shieldHeaders</span><span class="p">,</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">text</span><span class="p">:</span> <span class="nx">summary</span><span class="p">,</span> <span class="nx">token_map</span> <span class="p">})</span> <span class="p">}).</span><span class="nf">then</span><span class="p">(</span><span class="nx">res</span> <span class="o">=&gt;</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">());</span> <span class="k">return</span> <span class="nx">restored</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>The customer's email and phone number never reach OpenAI. The model summarizes placeholder text, and you swap the real values back in at the end for your support agent to read.</p> <h2> The two calls, side by side </h2> <p>If you just want to see the redact and restore calls on their own:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// The two calls, at a glance</span> <span class="kd">const</span> <span class="nx">HOST</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">https://llm-privacy-shield.p.rapidapi.com</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">headers</span> <span class="o">=</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">content-type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">x-rapidapi-host</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">llm-privacy-shield.p.rapidapi.com</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">x-rapidapi-key</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">YOUR-RAPIDAPI-KEY</span><span class="dl">"</span> <span class="c1">// from your RapidAPI dashboard</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">r</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="nx">HOST</span> <span class="o">+</span> <span class="dl">"</span><span class="s2">/api/redact</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">POST</span><span class="dl">"</span><span class="p">,</span> <span class="nx">headers</span><span class="p">,</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">text</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Email john@acme.com about invoice 4521</span><span class="dl">"</span> <span class="p">})</span> <span class="p">}).</span><span class="nf">then</span><span class="p">(</span><span class="nx">x</span> <span class="o">=&gt;</span> <span class="nx">x</span><span class="p">.</span><span class="nf">json</span><span class="p">());</span> <span class="c1">// r.redacted =&gt; "Email [EMAIL_1] about invoice 4521"</span> <span class="c1">// r.token_map =&gt; { "[EMAIL_1]": "john@acme.com" }</span> <span class="kd">const</span> <span class="nx">back</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="nx">HOST</span> <span class="o">+</span> <span class="dl">"</span><span class="s2">/api/restore</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">POST</span><span class="dl">"</span><span class="p">,</span> <span class="nx">headers</span><span class="p">,</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">text</span><span class="p">:</span> <span class="nx">modelReply</span><span class="p">,</span> <span class="na">token_map</span><span class="p">:</span> <span class="nx">r</span><span class="p">.</span><span class="nx">token_map</span> <span class="p">})</span> <span class="p">}).</span><span class="nf">then</span><span class="p">(</span><span class="nx">x</span> <span class="o">=&gt;</span> <span class="nx">x</span><span class="p">.</span><span class="nf">json</span><span class="p">());</span> <span class="c1">// back.restored =&gt; the model reply with the real values put back</span> </code></pre> </div> <p>The redact call hands you back the safe text and the <code>token_map</code>. You hold the map. The restore call takes that map and the model's reply and rebuilds the real answer.</p> <h2> The three modes </h2> <p>Redaction is not one size fits all. There are three modes worth knowing:</p> <ul> <li> <strong>Tokenize</strong> (reversible). Replaces each value with a placeholder you can reverse later. Use this when you need the real values back in the answer.</li> <li> <strong>Mask</strong>. Replaces a value with a generic label like <code>&lt;EMAIL&gt;</code>. Good when you never need it back.</li> <li> <strong>Remove</strong>. Deletes the value entirely.</li> </ul> <p>Tokenize is the default in the examples above, because the restore step depends on it.</p> <h2> Do you have to use a hosted API? </h2> <p>No. If you would rather self-host, Microsoft Presidio is a solid open source option for detecting and anonymizing PII. The redact then restore pattern is the part that matters, and it works the same whether you run it yourself or call a service.</p> <p>I built a hosted version because I wanted the redact and the restore in one place, running in-process so the protected data never goes to a third party, with a response time under a millisecond. It detects emails, phone numbers, SSNs, credit cards, IP addresses, and API keys, and there is a free tier if you want to try it without committing to anything paid:</p> <p><a href="https://rapidapi.com/like-father-like-son-investments-like-father-like-son-investments-default/api/llm-privacy-shield" rel="noopener noreferrer">LLM Privacy Shield on RapidAPI</a></p> <h2> Wrapping up </h2> <p>If your app sends user text to an LLM, run it through a redact step first. Keep the map, send placeholders to the model, restore at the end. Your users get the same useful output, and the personal data stays where it belongs.</p> <p>What new app or existing pipeline can you heighten privacy using this API?</p> ai privacy security webdev