The data path is the architectural decision
Comprehend’s PII detection is a managed API. To use it, you send the raw text — pre-redaction, by definition — to AWS’s Comprehend endpoint, which runs it through their detection models and returns the entities (or de-identified text, if you use the redaction transform). The data leaves your VPC, traverses AWS’s internal network, hits a multi-tenant service, and comes back.
For many AWS workloads, that’s fine — the data was going to AWS anyway. For HIPAA-regulated PHI, PCI cardholder data, GLBA NPPI, or anything covered by a contractual data-residency clause, “the data was going to AWS anyway” is not the same as “the data was going to Comprehend’s multi-tenant endpoint anyway.” Your BAA covers AWS services individually; check whether Comprehend is on the in-scope list for your account, and check whether your contractual obligations care about service-internal data movement, not just account-level residency.
Philter inverts this: it deploys as a container in your VPC (or on-prem, or air-gapped), and the data never crosses your perimeter. The runtime is yours, the models are yours, the logs are yours. For privacy-engineering teams that have already done the work to keep PII in-account, that’s the natural shape — no exception, no new BAA, no architecture diagram footnote.
The pricing math flips around 1M documents/month
Comprehend bills per 100-character “unit.” At list price, that’s $0.0001/unit, with a first-tier discount on the first 10M units/month. For low-volume workloads this is genuinely cheap. The shape of the cost curve, though, is linear in volume — every additional document costs the same per character as the first.
Philter on the AWS Marketplace bills per instance-hour. A mid-tier instance runs around $2/hr at standard list, regardless of how many documents you push through it. Throughput is bounded by CPU and RAM, not by the bill. That’s a flat-cost step function: below the step, Comprehend wins on cost; above the step, Philter does — by a lot.
The break-even point in our worked TCO example lands around 100M units/month — roughly 5M documents/day at typical document sizes. At a steady-state enterprise volume of that scale, Comprehend’s monthly bill runs ~$300,000; an HA Philter deployment on the same workload is ~$2,900. The closer you get to that volume, the more carefully the pricing model deserves to be evaluated up-front, because migrating production redaction is harder than picking the right model on day one.
Customization is where Philter pulls ahead
Comprehend exposes a fixed set of PII entities with some confidence-score tuning. Philter exposes a full policy engine: regex patterns, dictionaries, custom identifier rules, format-preserving encryption, per-entity replacement strategies (mask, redact, anonymize, encrypt), conditional rules, and severity scoring. If your domain has identifiers that aren’t in Comprehend’s built-in set — internal account numbers, medical record numbers, customer IDs — you’d be building those on top of Comprehend anyway. With Philter, the policy engine is the platform.
Domain coverage matters too. Philter ships purpose-built models for healthcare and (separately) COVID-19 clinical text in addition to general PII; Comprehend’s PII detection is general. Healthcare entities like specific medical terminology, dose units, and clinical abbreviations aren’t in Comprehend’s entity list. If you’re doing PHI work, that gap shows up in your recall numbers.
Operational footprint
Comprehend wins on operational simplicity for low-volume use. There’s no service to run, no instance to right-size, no scaling decision. You make an API call.
Philter trades a small operational footprint (a container, a load balancer, an autoscaling group) for full control over throughput, cost, and the data path. For teams who already operate services at AWS — which is most teams that evaluate Comprehend — the marginal cost of one more service is small relative to the structural wins from per-instance pricing and in-VPC processing.
What to do next
If you’re early in the evaluation and your volumes are modest, both tools work. If your roadmap has any of the following — a non-AWS cloud, a regulated data path, customization beyond Comprehend’s built-ins, or a volume trajectory that crosses 1M+ documents/day — start the evaluation on Philter directly. The migration cost from Comprehend to Philter grows with whatever you’ve built on top of it.