PII Tokenization
Replace PII in requests with reversible tokens before forwarding to the LLM, enabling restoration in the response.
PII Tokenization detects PII in request messages and replaces each unique value with a reversible token in the format [PII_<ID>]. The original values are temporarily stored in Redis and can be recovered by pairing this module with PII Restoration in the POST stage.
Unlike PII Redaction, tokenization is reversible — the LLM processes anonymized tokens, and the original values are seamlessly restored in the response before it reaches your client.
Use with PII Restoration
PII Tokenization must be paired with PII Restoration in the POST stage of the same deployment. Without it, your client will receive token placeholders instead of real values.
Stage
| Stage | Behavior |
|---|---|
| PRE only | Replaces PII in request messages with reversible tokens before forwarding to the LLM |
How It Works
1. Client sends: "Book a flight for John Smith (john@example.com)"
2. PRE Stage (PII Tokenization):
- Detects PERSON: "John Smith" → stores → [PII_1]: "John Smith"
- Detects EMAIL: "john@..." → stores → [PII_2]: "john@example.com"
- Sends to LLM: "Book a flight for [PII_1] ([PII_2])"
3. LLM responds: "I've booked a flight for [PII_1]. Confirmation sent to [PII_2]."
4. POST Stage (PII Restoration):
- Restores [PII_1] → "John Smith"
- Restores [PII_2] → "john@example.com"
5. Client receives: "I've booked a flight for John Smith. Confirmation sent to john@example.com."Configuration
PII Entities to Detect
Select which PII entity types to scan for. If left empty, all supported entity types are detected. See PII Redaction — Entity Reference for the full list of supported entities.
Detection Confidence Threshold
Minimum confidence score (0.0–1.0) required to treat a detection as PII. Default is 0.5. Lower values detect more potential PII but may increase false positives.
Token Map TTL (seconds)
How long (in seconds) the token → original value mapping is retained in Redis. This window must be long enough to cover the full round-trip time of the LLM request — from the PRE stage executing to the POST stage completing restoration.
| Setting | Value |
|---|---|
| Minimum | 30 seconds |
| Maximum | 3600 seconds (1 hour) |
| Default | 300 seconds (5 minutes) |
TTL expiry means data loss
If the Redis TTL expires before PII Restoration runs, the token map is gone and restoration will fail — your client will receive [PII_<ID>] placeholders instead of real values. Set the TTL to comfortably exceed the slowest possible LLM response time for your deployment.
Token Map Storage
Each unique PII value detected in a single request is assigned a unique integer ID. The mapping is stored in Redis under a key scoped to the request, and automatically deleted after:
- Successful restoration — the PII Restoration module deletes the map immediately after restoring.
- TTL expiry — the Redis key expires after the configured TTL even if restoration never ran.
Example Use Cases
- Privacy-preserving LLM calls: Send anonymized requests to external providers without exposing real user data, while still receiving meaningful, personalized responses.
- GDPR / HIPAA compliance: Ensure personal data leaves your infrastructure only as opaque tokens.
- Audit logging: Logs captured at the gateway level contain only tokens, not real PII.