Privacy & Security
PII Firewall is built on a single principle: your data never leaves your control.
Privacy by Design
We do not store, log, or transmit your original personal information. Here is exactly what happens:
- Detection happens locally — PII scanning runs before data is sent anywhere
- Only masked data travels — your original text is never sent to AI providers
- Restoration is local — masked tokens are restored on your device after the AI responds
- No retention — we do not store conversation history on our servers
What We Detect
PII Firewall detects 24 types of personal information:
| Category | Examples |
|---|---|
| Identity | Full name, date of birth |
| Contact | Email, phone number, address |
| Financial | Credit card number, bank account, IBAN |
| Government ID | Passport, driver's license, My Number (Japan) |
| Medical | Health insurance number, medical record ID |
| Digital | IP address, device ID, cookie ID |
| Credentials | API keys, passwords, tokens |
Injection Detection
Beyond PII, we detect 10 categories of AI attack patterns:
- Prompt injection
- Jailbreak attempts
- Role-playing manipulation
- System prompt extraction
- Data exfiltration via AI
- And more
Incoming emails (Gmail, Outlook) are also scanned for injected instructions.
Secret Sharing (Starter and above)
For maximum security, the Starter plan and above uses Shamir's Secret Sharing to split masked tokens into multiple shares. No single share reveals the original data, and reconstruction requires a threshold number of shares.
Data We Do Collect
To operate the service, we collect:
| Data | Purpose | Retention |
|---|---|---|
| Email address | Authentication | Until account deletion |
| Credit usage | Billing | 12 months |
| Error logs (anonymized) | Service reliability | 30 days |
We do not sell, share, or use your data for AI training.
Compliance
PII Firewall is designed to support compliance with:
- GDPR (EU General Data Protection Regulation)
- APPI (Japan Act on the Protection of Personal Information)
- CCPA (California Consumer Privacy Act)
- AI Act (EU) — governance-ready by design
Questions
If you have privacy concerns, contact us at privacy@piifirewall.com.