PII Sanitisation Before Reaching the Model
Before a national ID or an IBAN leaves for OpenAI, it is redacted — in the critical path, not as an option.
Framework / standard: GDPR Art. 5(1)(c) + Ch. V · ISO/IEC 38507
Every time a team pastes a data sample into an AI chatbot, a national ID, an IBAN or a card number may be leaving for a provider outside their control. This is not hypothetical: it is the daily risk for any team using LLMs on real data.
In Linedat, sanitisation is not an optional best practice: it is in the critical path. Before anything is sent to the model, personal identifiers are redacted and the detected categories are logged.
In the critical path, not as an option
The sanitiser acts in the same call that goes to the provider: it redacts email, phone, SSN, card numbers, DNI/NIF, IBAN and other multi-jurisdiction identifiers (including CPF/CNPJ from Brazil, Italian codice fiscale and UK NI) before the sample reaches OpenAI or Groq. PII leakage no longer depends on user discipline.
Category logging for audit
Each redaction is logged: the detected PII categories are stored indexed in the AI usage log, so you can audit that the sanitiser ran, on which categories and when — without storing the raw content. It is forensics without retaining the sensitive data.
The limits (what we do not claim)
Sanitisation is multi-jurisdiction pattern detection, not a perfect semantic validation: it drastically reduces risk, but does not replace human review of the use case. The "PII redacted" mark indicates that the sanitiser ran, not an absolute guarantee of coverage over unstructured nested data.
How Linedat helps
Linedat puts PII control on by default and in the critical path, with an auditable log of categories. It is the layer that prevents a personal data item from travelling to a third party by accident — and lets you prove it.
Related capabilities
Other catalogues store logs. Linedat stores proof — verify it with a button.
AI System Inventory by Risk ClassThe AI Act audits systems, not API calls. Every AI system inventoried with its risk class.
Data Subject Rights (DSR) with Legal ClockCitizen rights are not managed by email: with the Art. 12 clock and data location via the RoPA.
