Set up protection of personally identifiable information in Creatio AI Studio
This article explains how to create and configure a PII (Personally Identifiable Information) protection policy in AI Studio to control how sensitive data is detected and handled before and after LLM execution.
his article explains how to create and configure a PII (Personally Identifiable Information) protection policy in Creatio AI Studio to control how PII or other sensitive data is detected and handled before and after LLM execution in your organization.
Your PII protection customizations shall always be consistent with your organization’s guidelines and applicable data processing laws and regulations.
Create a global PII protection policy that tokenizes email addresses and phone numbers in all LLM requests.
-
Go to the Trust & Governance section → Policies.
-
Click Create policy in the top right. This opens a window.
-
Select PII protection as the policy type.
-
Go to the General settings & Runtime block and fill out the general settings.
Field
Field value
Policy name
A human-readable name for the policy. For example, "PII redaction."
Scope
To whom this policy applies. Available values:
- "Global" — applies to all agents and LLM calls across the entire organization.
- "Agent" — applies only to a specific agent.
Enforcement
What happens when a PII match is detected. Available values:
- "Disabled" — the policy is configured but takes no action.
- "Observe" — detects PII and logs matches without blocking or altering requests.
- "Enforce" — actively redacts or tokenizes detected values in the payload.
Severity
The severity level assigned to this policy. Available values:
- "Low"
- "Medium"
- "High"
- "Critical"
We recommend starting with the "Observe enforcement" mode before switching to "Enforce." Observe mode lets you review detection results in the decision log without affecting live LLM requests, allowing you to validate entity coverage and tune your configuration safely.
-
Go to Select which sensitive values this policy should detect before model execution block and check the boxes for each entity type for which the policy must scan.
Entity type
Description
Email
Standard email address patterns, for example,
john.doe@creatio.com.Phone
Phone numbers in national and international formats, for example,
+1 312 555 0187.Full name
First and last name combinations.
Address
Physical mailing or street addresses.
National ID
Government-issued ID numbers, social security numbers, and similar.
Bank account
Bank account and IBAN-formatted numbers.
Select all entity types relevant to your compliance requirements. Unselected types will not be detected or redacted, even if present in the payload.
-
Add tenant-specific IDs (optional). If your organization uses internal data IDs that are not covered by the standard entity detectors, add them to the Add tenant-specific identifiers block.
Input
Description
Regex patterns
One regex pattern per line for structured IDs such as internal keys or case numbers. For example,
client_[0-9]{6}orlead_[A-Z]{3}-[0-9]{4}.Dictionary entries
One entry per line for tenant-specific labels, reserved names, or record aliases. For example:
vip_customer_idorcase_reference. -
Configure the action on match. Go to the Define how matched values are rewritten and what evidence is retained in the decision log block and select how the policy handles detected PII.
-
Select one of the following in the Action on match field:
Mode
Behavior
Mask
Replaces detected values inline using a static placeholder label before the request is sent to the LLM. The original value is not preserved or recoverable from the payload. You can specify whether to store the original values in the audit log.
Tokenize
Replaces detected values using reversible placeholders, effectively hiding them from the LLM. The original values are restored in the outbound response after model execution is complete.
Mask mode is irreversible. Once a value is masked in the inbound payload, the LLM never receives the original data, and it cannot be restored from the request. Use Tokenize mode if the original value must be available in the model response or downstream processing. Do not switch from Mask mode to Tokenize mode on a live policy without reviewing audit log entries first.
-
Specify how matched values must appear in the payload sent to the LLM in the Placeholder style field, available when the "Mask" mode is selected. Out of the box, "Entity label."
-
For example, you set up tokenizing of emails and phone numbers:
Mode | Text |
Before | Customer John Doe can be reached at |
After (Mask) | Customer John Doe can be reached at |
After (Tokenize) | Customer John Doe can be reached at |
-
Configure runtime scan options at the bottom of the Define how matched values are rewritten and what evidence is retained in the decision log area.
Toggle
Description
Pre-flight request scan
Runs the PII detector on the inbound payload before the LLM call. Required for inbound payload protection. Toggled on out of the box and non-editable.
Post-flight response scan
Runs a second detection pass on the LLM-generated response before it is returned to the user. Useful for catching PII re-generated or inferred by the model.
Hide original values from audit log
Stores only the masked version of detected PII in the decision log, keeping original values out of audit storage.
Turning on Hide original values from audit log affects your ability to review original data during policy audits or compliance reviews. Once this setting is active and a decision is logged, the original value cannot be retrieved from the audit log.
-
Review all settings across the page and save the policy.
-
Activate the policy. To do this, return to the Policies list, locate your policy, and change the Enforcement mode from "Observe" to "Enforce" once you validate detection results in the decision log.
As a result, Creatio AI Studio will apply the PII protection policy to all governed LLM requests that fall within the configured scope. You will be able to monitor the policy execution live in the Governance section.