Philterd

Talk to an Expert

Tell us about your stack and the privacy problems you're trying to solve. We typically respond within one business day.

Prefer to skip the form? Pick a time on our calendar →
or send a message

← All policies

General · Philterd

General-Purpose Starter Policy

A balanced starting policy covering common PII types — names, contact info, government IDs, payment data — with no vertical-specific tuning.

View policy → Download JSON → View source on GitHub
v1.0.0 Updated 2026-05-18 Philter >=3.0.0 By Philterd
startergeneraldefault

The policy

The full general-purpose.json file — the same content you’d get by downloading. Copy any part of it, or use the buttons in the hero to grab the whole file.

{
  "name": "general-purpose",
  "config": {
    "splitting": {
      "enabled": false,
      "threshold": 4000
    }
  },
  "ignored": [],
  "identifiers": {
    "personsName": {
      "personsFilterStrategies": [
        {"strategy": "REDACT", "redactionFormat": "{{{REDACTED-%t}}}", "conditions": "confidence > 70"}
      ]
    },
    "phoneNumber": {
      "phoneNumberFilterStrategies": [
        {"strategy": "REDACT", "redactionFormat": "{{{REDACTED-%t}}}"}
      ]
    },
    "emailAddress": {
      "emailAddressFilterStrategies": [
        {"strategy": "REDACT", "redactionFormat": "{{{REDACTED-%t}}}"}
      ]
    },
    "ssn": {
      "ssnFilterStrategies": [
        {"strategy": "REDACT", "redactionFormat": "{{{REDACTED-%t}}}"}
      ]
    },
    "creditCard": {
      "onlyValidCreditCards": true,
      "creditCardFilterStrategies": [
        {"strategy": "REDACT", "redactionFormat": "{{{REDACTED-%t}}}"}
      ]
    },
    "ipAddress": {
      "ipAddressFilterStrategies": [
        {"strategy": "REDACT", "redactionFormat": "{{{REDACTED-%t}}}"}
      ]
    },
    "url": {
      "urlFilterStrategies": [
        {"strategy": "REDACT", "redactionFormat": "{{{REDACTED-%t}}}"}
      ]
    },
    "iban": {
      "ibanFilterStrategies": [
        {"strategy": "REDACT", "redactionFormat": "{{{REDACTED-%t}}}"}
      ]
    },
    "passportNumber": {
      "passportNumberFilterStrategies": [
        {"strategy": "REDACT", "redactionFormat": "{{{REDACTED-%t}}}"}
      ]
    },
    "driversLicense": {
      "driversLicenseFilterStrategies": [
        {"strategy": "REDACT", "redactionFormat": "{{{REDACTED-%t}}}"}
      ]
    }
  }
}

Example

Input

Contact Jane Doe at jane@example.com or 555-867-5309. Card 4111111111111111 on file. License #D1234567.

Output

Contact {{{REDACTED-name}}} at {{{REDACTED-email-address}}} or {{{REDACTED-phone-number}}}. Card {{{REDACTED-credit-card}}} on file. License #{{{REDACTED-drivers-license}}}.

Entities this policy acts on

NAMEPHONEEMAILSSNCREDIT_CARDIPURLIBANPASSPORTDRIVERS_LICENSE

What this policy does

A reasonable default for “I just want to redact common PII without thinking about it too hard.” Catches:

  • Personal identity: names (confidence-gated to reduce false positives), passport numbers, driver’s license numbers
  • Contact info: phone numbers, email addresses, URLs, IP addresses
  • Government identifiers: SSNs
  • Financial: credit cards (Luhn-validated), IBANs

Does not cover:

  • Healthcare-specific identifiers (MRN, hospital names) — use a healthcare policy instead
  • PCI-specific masking (this policy fully redacts cards; for PCI scope reduction with last-4 visible, use pci-dss-scope-reduction.json)
  • Court-filing rules (use legal policies)
  • Custom identifiers (MRNs, account numbers, internal IDs) — add identifiers patterns for your domain

When to use this

  • Quick starts when you’re evaluating Philter against your data
  • Catch-all log scrubbing in non-regulated environments
  • Default-deny posture: redact aggressively, then loosen specific entity types as your use case clarifies

When NOT to use this

  • Regulated workloads. HIPAA, PCI, GDPR, FERPA, and similar regimes have specific requirements — use a policy designed for that framework.
  • Datasets where over-redaction breaks downstream value. This policy is biased toward over-redaction. For research, ML, or analytics use cases, see the date-shifted clinical-notes policy or build a domain-specific one.

When to customize

  • Name confidence. Default > 70 is moderately conservative. Lower to > 50 for higher recall (catches more rare/foreign names at the cost of false positives on capitalized common words). Raise to > 85 for higher precision.
  • URL and IP redaction. Some applications need to retain these for analytics. Remove the url or ipAddress entries if so.
  • Add custom identifiers for any deployment-specific patterns: internal customer IDs, ticket numbers, employee badges, etc.

Tuning workflow

  1. Run this policy against a representative sample of your data.
  2. Inspect the redactions. Note any over-redaction (legitimate text caught) or under-redaction (PII missed).
  3. Tighten thresholds, add ignored terms, or add custom identifiers patterns based on what you find.
  4. Re-evaluate. Repeat until precision and recall meet your bar.

Philter Scope automates step 3 — score policy changes against a gold-standard test set so you can measure regressions instead of guessing at them.

Use this policy

Download and load into your running Philter instance:

# Download the policy
curl -O https://raw.githubusercontent.com/philterd/pii-redaction-policies/main/policies/philterd/general/general-purpose.json

# Upload to your Philter instance
curl -X POST http://localhost:8080/api/policies \
     -H "Content-Type: application/json" \
     --data @general-purpose.json

# Redact text using the policy
curl http://localhost:8080/api/filter?p=general-purpose \
     --data "your text here" \
     -H "Content-Type: text/plain"

No Philter instance yet? Deploy one in 5 minutes → · Want to tune this policy against your data? Talk to the team.

← All policies