Privacy first. Intelligence second. Always in that order.
Five deterministic stages. PII detection runs locally before any text reaches the LLM, and a second safety gate verifies the masked payload before the model ever sees it.
- 01
Input
Single fan message ingested via API or form.
- 02
Detect
Presidio + regex find PII locally — names, emails, IDs.
- 03
Mask
Replace each entity with a stable placeholder token.
- 04
Verify
Second safety scan rejects anything still leaking.
- 05
Analyze
Only masked text reaches the LLM for insight.
Anonymization preserves meaning, not identity.
Placeholders like [NAME_1] and [BOOKING_ID_1] keep referential structure intact, so downstream analysis stays accurate without ever seeing a real value.
Hi, I'm Lukas WeberNAME from BerlinCITY. My email is lukas.weber@gmail.comEMAIL. I waited 45 minutes at Gate C and want a refund for booking BK-92811BOOKING_ID.
Hi, I'm [NAME_1] from [CITY_1]. My email is [EMAIL_1]. I waited 45 minutes at Gate C and want a refund for booking [BOOKING_ID_1].
What runs locally vs. what reaches the LLM
- • Presidio entity recognition (NAME, EMAIL, PHONE_NUMBER, LOCATION)
- • Regex patterns for booking, member, and order IDs
- • Stable placeholder mapping ([NAME_1], [NAME_2], …)
- • Second safety scan over the masked payload
- • Final PII scan over the LLM response
- • Masked text only — no raw values, ever
- • Task prompt for sentiment, topic, intent, urgency
- • Summary and recommended-action generation
- • Output then re-scanned before storage and display