> ## Documentation Index
> Fetch the complete documentation index at: https://docs.getmcp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# PII Redaction

> Automatically strip personally identifiable information from tool responses and call logs before they reach the AI or your database.

## Overview

PII redaction runs automatically on every tool call when enabled. It scans the API response for sensitive patterns and replaces matches with labelled placeholders — for example `john@example.com` becomes `[REDACTED:EMAIL]` — before the data is sent to the AI client and/or stored in the call log.

Redaction is configured **per server** and applies to all tools on that server.

***

## Where to Configure It

Open **GetMCP → Servers → \{Your Server} → Settings tab → PII Redaction** section.

1. **Enable PII Redaction** — toggle on.
2. **Scope** — choose where redaction is applied.
3. **Presets** — check the built-in patterns to activate.
4. **Custom Rules** — add your own regex patterns (optional).

<img src="https://mintlify.s3.us-west-1.amazonaws.com/infiwebs/images/pii-redaction-settings.png" alt="Server Settings — PII Redaction section with scope selector and preset checkboxes" />

***

## Redaction Scope

| Scope              | What gets redacted                           |
| ------------------ | -------------------------------------------- |
| **Both** (default) | AI response **and** call log storage         |
| **Response only**  | AI response only — raw values stored in logs |
| **Log only**       | Logs only — AI receives unredacted response  |

<Note>
  **Log only** is useful when you need the AI to see full data (e.g. an email tool that must read addresses) but don't want raw PII in your audit trail.
</Note>

***

## Built-in Presets

| Preset                         | Detects                          | Placeholder          |
| ------------------------------ | -------------------------------- | -------------------- |
| **Email addresses**            | Standard email format            | `[REDACTED:EMAIL]`   |
| **US Social Security Numbers** | `XXX-XX-XXXX` format             | `[REDACTED:SSN]`     |
| **Credit card numbers**        | 13–19 digit sequences            | `[REDACTED:CARD]`    |
| **Phone numbers**              | International and US formats     | `[REDACTED:PHONE]`   |
| **IPv4 addresses**             | Standard dotted-quad             | `[REDACTED:IP]`      |
| **AWS access keys**            | `AKIA`-prefixed 20-char strings  | `[REDACTED:AWS_KEY]` |
| **JWT tokens**                 | `eyJ`-prefixed three-part tokens | `[REDACTED:JWT]`     |

Enable only the presets you need — each active preset adds a small regex cost per field in the response.

***

## Custom Rules

Add your own patterns for data that doesn't match any built-in preset. Each custom rule has:

| Field           | Description                                                  |
| --------------- | ------------------------------------------------------------ |
| **Label**       | Human-readable name shown in the admin UI                    |
| **Pattern**     | PCRE regex (no delimiters — they are added automatically)    |
| **Replacement** | Text that replaces every match, e.g. `[REDACTED:ACCOUNT_ID]` |

**Example — UK National Insurance numbers:**

| Field       | Value                                |
| ----------- | ------------------------------------ |
| Label       | `UK National Insurance`              |
| Pattern     | `\b[A-CEGHJ-PR-TW-Z]{2}\d{6}[A-D]\b` |
| Replacement | `[REDACTED:NIN]`                     |

<Warning>
  Test custom patterns carefully before enabling them in production. Over-broad patterns can redact legitimate data the AI needs, silently degrading tool quality.
</Warning>

***

## How It Works

Redaction happens **after** JMESPath/JSONPath extraction but **before** the data is sent to the AI client or written to the database:

```
API Response
    → JMESPath / JSONPath extraction
    → PII Redaction   ← here
    → Template substitution
    → MCP content blocks → AI client
                        → Call log (if scope includes log)
```

Redaction walks the entire extracted data structure recursively. For each string value:

1. Each active preset and custom rule is applied in order.
2. All matches within the string are replaced with the configured placeholder.
3. Strings longer than **1 MB** are skipped (to avoid PCRE timeouts on huge payloads).

Numeric and boolean values are never modified — only strings are scanned.

***

## Placeholder Labels in AI Responses

Matches are replaced with named labels (e.g. `[REDACTED:EMAIL]`) rather than blanked entirely. This lets the AI:

* Know that a field existed but was redacted
* Ask the user to provide the value if needed
* Reason about the response without silently missing data

Example AI response with redaction:

> "I found 3 orders for customer `[REDACTED:EMAIL]`. Would you like me to look up more details?"

***

## Log Storage

When scope includes logs, redaction is applied to both:

* **Arguments** — the input the AI sent to the tool
* **Response data** — the upstream API response stored in the log

The HMAC signature in the [Immutable Audit Log](/docs/guides/audit-log) covers the **redacted** content. This is intentional: the signature verifies what was actually stored on disk, not the original unredacted values.

***

## What PII Redaction Does Not Cover

* **Headers** — auth headers are masked by a separate allowlist; other headers are not scanned for PII
* **Tool configuration** — API keys and credentials in tool settings are encrypted at rest, not redacted
* **Existing logs** — redaction is applied at write time; past logs are not retroactively scanned
