Redact PII before egress

The PII Guardian is one of the four bundled starters.

curl https://api.trinitite.ai/v1/chat \
  -H "Authorization: Bearer $TRINITITE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "guardian": "pii-redactor",
    "input": [{
      "role": "assistant",
      "content": "Customer Jane Doe (SSN 123-45-6789, card 4242 4242 4242 4242) lives at 555 Main St."
    }]
  }'

Returns a corrected verdict with three replace operations — one each for SSN, card, and address span. Apply with any RFC-6902 library.

The Guardian works on spans, not whole strings — your downstream consumer sees the surrounding context with the offending tokens replaced by [SSN-REDACTED], [CARD-REDACTED], etc. The original tokens are recoverable only via the Glass Box Ledger receipt with the pii:reveal scope (held by your DPO, not the application).

Use it as a proxy

OPENAI_BASE_URL=https://api.trinitite.ai/v1/proxy
# Set tenant default Guardian to pii-redactor in the dashboard,
# or pin per-call:
#   X-Trinitite-Guardian: pii-redactor

Verify a single redaction

curl "$TRINITITE_BASE/v1/logs/lg_01HZ2N6T..." \
  -H "Authorization: Bearer $TRINITITE_API_KEY"

The receipt includes a correction_diff block with the embedding distance, severity, and category for each span — see Observability.

What's next

→ Compliance Matrix: HIPAA — how PII redaction maps to specific controls.

→ Trust Center — retention, key custody for the unredacted ledger entries.

Use it as a proxy​

Verify a single redaction​

What's next​

Use it as a proxy

Verify a single redaction

What's next