Overview
Personal Information Guard (PII Guard) is a configuration block available on every AI workflow node. When turned on, it detects personal data and replaces it with placeholders before the payload reaches the model, then handles the redacted content throughout the node run. Detection and redaction run in the data-privacy AI Platform service; the workflow node calls it synchronously and fails closed — if the service errors, the node stops and no redacted artifact is produced. PII Guard applies to Custom Agent, Intent Classification, Extract Data from File, and all AI Text, Document, Image, and Data Operations nodes.PII Guard is the AI-node-level privacy control. It is distinct from process-level data anonymization (
FLOWX_DATA_ANONYMIZATION), which redacts process data by role.Configuration
The guard is configured per node in the Designer. Turning it on exposes the detection options below.| Field | Description |
|---|---|
| Enabled | Turn the guard on for the node. Default: OFF. |
| Detection Algorithm Sensitivity | One of Strict, Balanced (default), Relaxed, or Custom. Maps to a server-side detection threshold. Custom exposes a sensitivity slider (0.00–1.00). |
| Detection Target | Choose which payloads are scanned: Node Input, Node Output, or both. At least one must be selected. |
| Personal Info Types | Opens the Customize Entities modal — the picker for which entity types are detected. All are enabled by default. The catalog is served from GET /integration/api/workflows/personal-information-guard/entities. |
Supported entity types (24)
Supported entity types (24)
Universal (8)
EMAIL, PHONE, CREDIT_CARD, IBAN, MAC_ADDRESS, CRYPTO_WALLET, PERSON, ADDRESSRegional — EN (6)SSN, US_PASSPORT, US_BANK_ACCOUNT, US_ITIN, UK_NHS, EU_VAT_IDRegional — RO (10)CNP, CUI, RO_IBAN, RO_PHONE, RO_PASSPORT, RO_ID_CARD, LICENSE_PLATE, HEALTH_CARD, POSTAL_CODE, LANDLINEHow it works
- Input scan runs before the AI request is built, so placeholder substitution and user-message extraction both see redacted data. The system prompt is scanned alongside inputs, because operation-prompt templates may carry PII from earlier nodes.
- Source-file scan runs for document and image AI nodes. The data-privacy service uploads the redacted artifact back to the same storage as the source, so the file path used for the request is swapped without changing the data source binding.
- Output scan runs after the model completes, on a bounded-elastic scheduler so the data-privacy call does not pin the event loop.
- System-prompt appender — for Custom Agent nodes, the runner appends a non-editable segment teaching the model how to handle
<PII type=.../>placeholders. It runs after the prompt scan so its literal tags are not mistaken for PII. - Fail-closed — any error from the data-privacy service stops execution. The error surfaces on the node run log; redacted artifacts are not produced on failure.
Run-log and detections
Each enabled scan adds apersonalInformationGuard block on the node response:
| Field | Description |
|---|---|
scanStatus | COMPLETED, SKIPPED, or FAILED. |
totalDetections | Total number of entities detected across detections. |
detections | List of per-entity detection items (see below). Empty when nothing was detected. |
errorMessage | Populated when scanStatus = FAILED. |
sourceType | TEXT, DOCUMENT, or IMAGE. Identifies what the scan ran against. Null for text-only scans. |
originalStoragePath, redactedStoragePath | Set for DOCUMENT and IMAGE scans; both point at the data source bound to the node. |
detections carries:
| Field | Description |
|---|---|
entityKey | Entity type detected (for example EMAIL, PHONE, IBAN). |
confidence | Detector confidence score, 0.00–1.00. |
originalValue | The exact substring matched in the source. |
replacement | The placeholder string that replaced originalValue before the model call. |
direction | INPUT or OUTPUT — which scan direction produced this detection. |
sourceType | TEXT, DOCUMENT, or IMAGE — which payload was scanned. |
timestamp | When the detection was made. |
regions | Bounding boxes (x, y, width, height) for DOCUMENT and IMAGE detections. Null for TEXT. |
Setup
The data-privacy service connection is configured withFLOWX_DATAPRIVACY_BASEURL and FLOWX_DATAPRIVACY_TIMEOUTSECONDS — see the Integration Designer setup guide.
Related resources
Custom Agent node
Per-node configuration, including the PII Guard toggle
Extract Data from File
PII Guard on document and image extraction nodes
Intent Classification
PII Guard on intent classification nodes
Integration Designer
AI workflow nodes and their configuration