Guardrails & PII Protection
Free+Prevent sensitive data from reaching AI providers
Why this matters
Guardrails automatically scan every prompt for personally identifiable information (SSNs, credit cards, phone numbers) and blocked terms before anything leaves your browser. Your sensitive data never reaches an AI provider.
How it works
Guardrails run client-side as you type in the Compose editor. They use pattern matching to detect PII like Social Security numbers, credit card numbers, email addresses, and phone numbers. Blocked prompts cannot be sent to AI until the flagged content is removed.
Built-in protections
Every plan includes automatic scanning for:
- Social Security numbers
- Credit card numbers
- API keys and secrets
- Common credential patterns
These cannot be disabled -- they protect you and your organization at all times.
Custom guardrail rules (Pro+)
On Pro and Enterprise plans, admins can create organization-specific rules. Go to Admin > Guardrails to add:
- Blocked terms: Flag or block specific words, project names, or internal codenames.
- Custom patterns: Regex-based rules for industry-specific data formats (e.g., patient IDs, internal account numbers).
Each rule can be set to "warning" (user can proceed) or "error" (blocks submission).
Server-side double-check
Even if the client-side scan is bypassed, the server runs the same guardrail checks before forwarding prompts to any AI provider. This dual-layer approach ensures nothing slips through.
Ready to try guardrails & pii protection?
Start Free