Skip to Content

How should you handle PII end-to-end through an LLM app?

Category: Security & Compliance

Answer

Redact on ingest (Presidio). Never store raw in the audit log; store the redacted version. Hash any PII you must keep for joins; never log it. Users who want to see “what we stored” see the redacted form so they can’t infer anything sensitive.

Concrete examples from the fca project context

Example 1

Pre-LLM: Presidio anonymize scrubbed user_msg.

Example 2

Audit log: store scrubbed_msg plus hash(user_id) for traceability.

Example 3

Retrieval: store metadata with redacted/redacted-hash PII fields.

Data flow / flow chart

user_input -> Presidio -> scrub -> audit(hashed_id, scrub)
  LLM gets scrubbed only

Takeaway

Redact at the boundary, never raw. The audit trail is your defense when regulators ask.