Fundamentals
PII vs PHI vs NPPI: An Engineer's Guide
Three acronyms used interchangeably that shouldn't be. A reference for engineers and compliance leads, with the regulatory and architectural take on each.
Reference and how-to
Guides
Guides to PII and PHI redaction with the Philterd toolkit: fundamentals, writing policies, techniques, AI privacy, self-hosting, integrations, and compliance.
Fundamentals
Fundamentals
What is Data Redaction? A Practical Guide
Data redaction removes sensitive information from documents and datasets, but covers more techniques than most realize. A guide to strategies and trade-offs.
Fundamentals
What is NPPI? Nonpublic Personal Information, Defined
NPPI is Nonpublic Personal Information, the financial data GLBA protects. What counts, what's excluded, and how it differs from PII and PHI.
Fundamentals
What is PII? A Practical Guide for Engineers and Compliance Teams
PII is the term everyone uses and few define the same way. A practitioner's guide to what counts as PII, how to find it in real data, and how to handle it.
Writing redaction policies
Authoring Redaction Policies with PhiSQL
PhiSQL is a readable query language that compiles to a Phileas redaction policy. An introduction to the syntax and how it maps to the policy JSON.
Redacting National and Financial ID Numbers
A how-to for redacting national and financial IDs (SIN, CPF, DNI, IBAN, BIC, and more) with checksum-validated patterns that reject look-alikes.
The Phileas redaction policy schema
What a redaction policy is, how the JSON schema is structured, and how to use it to control exactly which PII is detected and how each type is redacted.
Writing your first redaction policy
A hands-on walkthrough from empty file to working redaction policy: detect an entity, apply it with Philter, change how it redacts, and handle false positives.
Techniques
Privacy engineering
Modern Privacy Techniques, and When to Use Each
A practical map of privacy techniques: redaction, pseudonymization, encryption, generalization, differential privacy, and synthetic data, and when each fits.
File formats
The Hidden Difficulties of Redacting PDF Documents
PDFs leak redacted text in unexpected ways: invisible text layers, embedded files, and metadata. Why PDF redaction is harder than it looks, with Philter's fix.
Detection
Using an LLM or Pattern-based Rules for PII/PHI Redaction
Comparing the two main approaches to redacting PII and PHI: an LLM versus pattern-based rules. How each handles accuracy, cost, and GDPR or HIPAA compliance.
Encryption
What is format-preserving encryption?
Format-preserving encryption (FPE) encrypts a value so the ciphertext keeps its shape and won't break downstream systems. A guide with credit-card examples.
AI and LLM privacy
AI privacy
PII in Vector Embeddings: A Defense Guide
Embeddings look like just numbers, but research shows they are partially invertible. A practical defense guide for vector stores against PII recovery attacks.
AI privacy
Prompt Engineering for Privacy: Practical Patterns for Not Leaking PII
Every prompt sent to an LLM is a data egress point. Six concrete patterns for structuring prompts, redacting inputs, and scanning outputs so PII doesn't leak.
Compliance
SOC 2 and HIPAA Control Mapping for Philter AI Proxy
Map Philter AI Proxy features to SOC 2 Trust Services Criteria and HIPAA Security Rule safeguards, with guidance for your own attestations.
Detection
Using an LLM or Pattern-based Rules for PII/PHI Redaction
Comparing the two main approaches to redacting PII and PHI: an LLM versus pattern-based rules. How each handles accuracy, cost, and GDPR or HIPAA compliance.
Self-hosting and on-device
Self-hosting
Self-Hosted PII Detection on Your Own Hardware
Run PII detection entirely inside your own boundary: serve the models with PhEye, embed Phileas, or run local ONNX inference, with no data egress.
Integrations
Integrations
Apache NiFi and Philter
How to use Philter to redact PII and PHI inside an Apache NiFi data flow, either through Philter's API or with an embedded NiFi processor.
Integrations
Redacting PII in Logs with log4j2 and logback
How to redact PII from Java logs before they are written, with a Phileas-backed log4j2 rewrite policy and a logback converter, recursion guard included.
Integrations
Redacting PII in Spark and Databricks
Redact PII column by column in Apache Spark and Databricks with a Phileas UDF: a verified PySpark example, plus the performance tradeoffs to plan for.
Integrations
Redacting PII in Trino with the Phileas Connector
How to install the open source Phileas connector for Trino, configure a redaction policy, and mask PII column by column in SQL, with a runnable demo.
Integrations
Redacting Text in Amazon Kinesis Data Firehose
Amazon Kinesis Firehose is a managed streaming service that moves data from sources to destinations like S3 and Redshift. This post redacts PII in that stream.
Integrations
Using Philter with Microsoft Power Automate
How to call Philter from a Microsoft Power Automate (Flow) automation to redact PII and PHI from text, using a simple HTTP action.
Deployment and operations
Operations
Deploying Philter in AWS via a CloudFormation Template
How to deploy Philter in AWS with a CloudFormation template: finding the Philter AMI, editing the template, and launching the stack.
Operations
How to Use a Signed SSL Certificate with Philter
How to replace Philter's default self-signed SSL certificate with a signed certificate from a trusted authority, using a Java keystore.
Operations
How to Use an Apache Reverse Proxy with Philter
How to run an Apache reverse proxy in front of Philter for SSL termination, access control, and access logging.
Operations
Monitoring Philter in AWS
How to monitor a Philter deployment in AWS: CloudWatch Logs for application logs, load balancer health checks for availability, and CloudWatch Metrics.
Operations
Referential Integrity with Valkey
How to configure a Valkey cache so Philter maintains referential integrity (consistent replacement values) across documents and contexts in a cluster.
Compliance
Compliance
Deploying Philter in a HIPAA Environment
How to configure a Philter deployment for HIPAA: encryption of data at rest and in motion across AWS, Azure, and Google Cloud.
Compliance
PIPEDA and Law 25: PII Redaction for Canadian Privacy Compliance
How Philter addresses PIPEDA and Quebec's Law 25: self-hosted deployment for data residency, bilingual redaction, and Canadian identifier handling.
Redacting National and Financial ID Numbers
A how-to for redacting national and financial IDs (SIN, CPF, DNI, IBAN, BIC, and more) with checksum-validated patterns that reject look-alikes.
Compliance
SOC 2 and HIPAA Control Mapping for Philter AI Proxy
Map Philter AI Proxy features to SOC 2 Trust Services Criteria and HIPAA Security Rule safeguards, with guidance for your own attestations.
Compliance
Why Philterd Doesn't Sign a BAA (and Why You Don't Need Us To)
A self-hosted PII redaction vendor never touches your data, so there is no business-associate or processor relationship to govern. With definitions.