02 · the solution

Privacy first. Intelligence second. Always in that order.

Five deterministic stages. PII detection runs locally before any text reaches the LLM, and a second safety gate verifies the masked payload before the model ever sees it.

  1. 01

    Input

    Single fan message ingested via API or form.

  2. 02

    Detect

    Presidio + regex find PII locally — names, emails, IDs.

  3. 03

    Mask

    Replace each entity with a stable placeholder token.

  4. 04

    Verify

    Second safety scan rejects anything still leaking.

  5. 05

    Analyze

    Only masked text reaches the LLM for insight.

Before / after

Anonymization preserves meaning, not identity.

Placeholders like [NAME_1] and [BOOKING_ID_1] keep referential structure intact, so downstream analysis stays accurate without ever seeing a real value.

Raw input · contains PII
01 / RECEIVED

Hi, I'm Lukas WeberNAME from BerlinCITY. My email is lukas.weber@gmail.comEMAIL. I waited 45 minutes at Gate C and want a refund for booking BK-92811BOOKING_ID.

NAME detectedCITY detectedEMAIL detectedBOOKING_ID detected
Anonymized · safe for LLM
02 / MASKED

Hi, I'm [NAME_1] from [CITY_1]. My email is [EMAIL_1]. I waited 45 minutes at Gate C and want a refund for booking [BOOKING_ID_1].

4 entities masked · 0 raw values forwardedcleared

What runs locally vs. what reaches the LLM

runs locally
  • • Presidio entity recognition (NAME, EMAIL, PHONE_NUMBER, LOCATION)
  • • Regex patterns for booking, member, and order IDs
  • • Stable placeholder mapping ([NAME_1], [NAME_2], …)
  • • Second safety scan over the masked payload
  • • Final PII scan over the LLM response
reaches the LLM
  • • Masked text only — no raw values, ever
  • • Task prompt for sentiment, topic, intent, urgency
  • • Summary and recommended-action generation
  • • Output then re-scanned before storage and display