PII Handling and Privacy Protection

This document explains how the platform protects Personally Identifiable Information (PII) and ensures customer privacy while maintaining full functionality for your business needs.

Overview

The platform uses practical security controls to protect customer PII throughout its lifecycle:

• Encryption at Rest: All PII is encrypted using AES-256-GCM
• Encryption in Transit: TLS 1.3 for all communications
• Automatic Redaction: PII is redacted from AI context (when configured)
• Access Logging: All PII access is logged and monitored
• Secure Logging: PII is hashed in system logs for privacy
• Automatic Anonymization: PII is anonymized after retention period
• Right to be Forgotten: Immediate data deletion on request

What is PII?

Personally Identifiable Information includes:

• Email addresses
• Phone numbers
• Physical addresses
• Date of birth
• Social Security Numbers (SSN)
• Credit card numbers
• Other sensitive personal information

PII Protection in AI Conversations

Automatic PII Redaction (Optional)

You can configure your AI assistant to automatically redact sensitive PII from AI model inputs:

What Can Be Redacted:

• Social Security Numbers → [SSN]
• Credit card numbers → [CREDIT_CARD]
• Phone numbers → (when configured)
• Email addresses → (when configured)

How It Works:

1. Customer message arrives
2. System detects PII using pattern matching
3. PII is replaced with placeholders (if redaction is enabled)
4. Message is sent to AI model
5. AI generates response using placeholders
6. Placeholders are replaced with actual values before sending to customer

Benefits:

• AI models don't see actual PII (when configured)
• Reduces risk of PII exposure
• Maintains conversation quality
• Complies with privacy regulations
• Your data still contains full PII - redaction only affects AI model inputs

Configuration:

• Configure PII redaction in your Assistant settings
• Choose which PII types to redact
• Redaction is optional - you control what gets redacted

PII Variable System

Your AI assistant can reference customer contact information using variables:

Available Variables:

• - Customer's phone number
• - Customer's email address

Usage in System Prompts:

When scheduling appointments, use {{PHONE_NUMBER}} to contact the customer.
Send confirmation emails to {{EMAIL_ADDRESS}}.

How It Works:

1. AI generates response with variables
2. System replaces variables with actual customer information
3. Response is sent to customer
4. PII is never exposed to AI models

Data Encryption

Encryption at Rest

All PII stored in the database is encrypted:

Encryption Method:

• Algorithm: AES-256-GCM (Advanced Encryption Standard)
• Key Management: Versioned keys with automatic rotation
• Key Rotation: Every 90 days automatically
• Zero Downtime: Key rotation doesn't interrupt service

What's Encrypted:

• Email addresses (email_encrypted field)
• Phone numbers (phone_encrypted field)
• Physical addresses (address_encrypted field)
• Date of birth (date_of_birth_encrypted field)

Searchable Encryption:

• One-way hashes (HMAC-SHA256) enable fast lookups
• Actual PII values are never stored in plaintext
• Hashes cannot be reversed to original values

Encryption in Transit

All data transmission is encrypted:

• TLS 1.3 for all API communications
• HTTPS enforced for all web traffic
• Secure WebSocket connections for real-time features
• Certificate Management: Automatic SSL certificate renewal

Access Control and Logging

PII Access Logging & Monitoring

Every access to PII is logged for compliance and security monitoring:

What's Logged:

• Who accessed the data (user ID, hashed email for audit)
• What data was accessed (fields: email, phone, address, DOB)
• When it was accessed (timestamp)
• Why it was accessed (action type: READ, UPDATE, DELETE)
• Which tenant and client

Access Log Features:

• Retention: Logs retained for 2 years
• Searchable: Full-text search across all access logs
• Auditable: Complete audit trail for compliance
• Exportable: Generate compliance reports on demand

Security Monitoring:

• Real-time Detection: Anomaly detection runs continuously
• Automated Alerts: Notifications for suspicious access patterns
• Automated Response: System automatically responds to threats
• Admin Dashboard: View all access logs and alerts in one place

Secure System Logging

The platform implements comprehensive PII protection in all system logs while preserving full functionality for your business:

What Gets Protected in Logs:

• Email addresses: Hashed format (e.g., ab[hash:abc123]) - still identifiable for debugging
• Phone numbers: Hashed format (e.g., ***7890[hash:def456]) - last 4 digits visible for reference
• SSN: Replaced with [SSN_REDACTED]
• Credit cards: Replaced with [CREDIT_CARD_REDACTED]
• Addresses: Replaced with [ADDRESS_REDACTED]
• Date of birth: Replaced with [DOB_REDACTED]

Your Data is Fully Accessible

Important: PII is only protected in system logs, not in your business data:

✅ Full PII Available In:

• Your conversation history
• Your CRM/client records
• Notifications sent to you (emails, SMS, webhooks)
• Admin dashboard displays
• API responses (except logging endpoints)
• All tenant-facing data and features

Protected in system logs:

• Console logs and error logs
• Debug logs and system logs
• Logging tables (error_logs, notification_logs)
• System-level audit trails

Benefits:

• Privacy Compliance: Customer PII is protected in system logs
• Full Functionality: You still have complete access to customer information
• Debugging Support: Hashed PII allows troubleshooting while maintaining privacy
• Regulatory Compliance: Meets GDPR, CCPA, and SOC 2 requirements

High-Risk Exception Logging

For high-risk scenarios (threats, legal issues, safety concerns), the system maintains a secure audit trail:

• Gated Access: Only authorized scenarios trigger exception logging
• Hashed Storage: PII is hashed even in exception logs
• Complete Audit Trail: Full record of who, when, and why
• Regular Review: Exception logs are reviewed and audited regularly

Anomaly Detection

The system monitors for suspicious PII access patterns:

Detected Patterns:

• Bulk access spikes (>50 records/hour)
• After-hours access from new locations
• Rapid sequential access (>10 records/minute)
• Mass export operations

Automated Response:

• User suspension for critical threats
• Rate limiting for suspicious activity
• Security alerts to administrators
• Incident response within 1 hour

Data Retention and Anonymization

Automatic Anonymization

PII is automatically anonymized after a configurable retention period:

Default Retention:

• Standard: 1 year (365 days) of inactivity
• Configurable: 30-2555 days
• Legal Hold: Can be set to "retain" indefinitely

Anonymization Process:

1. System identifies clients eligible for anonymization
2. PII fields are overwritten with placeholder values
3. Encrypted fields are set to NULL
4. Search hashes are deleted
5. Anonymization is logged for audit trail

What Gets Anonymized:

• Email → Removed
• Phone → Removed
• Address → Removed
• Date of Birth → Removed
• Name → "Anonymized User [ID]"
• Notes → Removed

What's Preserved:

• Conversation history (anonymized)
• Usage statistics
• Business metrics
• Non-PII data

Right to be Forgotten (GDPR)

Customers can request immediate data deletion:

How to Request:

• Contact support to request data deletion
• Provide verification of identity
• Specify which data to delete

Process:

1. Request is verified
2. Data is anonymized immediately
3. Confirmation is sent
4. Deletion is logged for audit

Timeline:

• Requests processed within 30 days
• Urgent requests processed within 72 hours
• Confirmation provided upon completion

Compliance

Standards Compliance

The platform complies with major privacy regulations:

GDPR (General Data Protection Regulation):

• Article 17: Right to be forgotten ✅
• Article 32: Security of processing ✅
• Data protection by design ✅
• Breach notification within 72 hours ✅

CCPA (California Consumer Privacy Act):

• Right to know what data is collected ✅
• Right to delete personal information ✅
• Right to opt-out of sale ✅
• Non-discrimination ✅

SOC 2 Type II:

• Security controls implemented ✅
• Availability controls ✅
• Processing integrity ✅
• Confidentiality ✅
• Privacy ✅

Audit Trails

Complete audit trails for compliance:

What's Audited:

• All PII access (read, update, delete)
• Anonymization events
• Data retention policy changes
• Security incidents
• Configuration changes

Audit Log Features:

• Immutable logs (cannot be modified)
• Timestamped entries
• User identification
• Action details
• Exportable for compliance reports

Best Practices

For Your Business

1. Minimize PII Collection: Only collect PII you actually need
2. Review Retention Policies: Set appropriate retention periods
3. Monitor Access Logs: Regularly review who accesses PII
4. Train Staff: Ensure team understands PII handling
5. Respond to Requests: Process deletion requests promptly

For Your Customers

1. Transparency: Inform customers about data collection
2. Consent: Obtain consent before collecting PII
3. Access: Provide customers access to their data
4. Deletion: Honor deletion requests promptly
5. Security: Use strong passwords (12+ characters with complexity) and enable MFA/2FA

Security Features Summary

Protection Layers

1. Encryption: AES-256-GCM at rest, TLS 1.3 in transit
2. Redaction: Automatic PII redaction from AI context
3. Access Control: Role-based access with tenant isolation
4. Logging: Complete audit trail of all PII access
5. Monitoring: Real-time anomaly detection
6. Anonymization: Automatic after retention period
7. Compliance: GDPR, CCPA, SOC 2 compliant

Security Measures

• Key Rotation: Automatic 90-day rotation
• Anomaly Detection: Real-time threat detection
• Access Logging: Complete audit trail
• Data Anonymization: Automatic after retention
• Right to be Forgotten: Immediate deletion on request
• Multi-Tenant Isolation: Complete data separation

Reporting Security Issues

DO NOT open public GitHub issues for security vulnerabilities.

Instead, email security@yourdomain.com with:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Your contact information

We will respond within 48 hours and provide updates as we address the issue.

Related Documentation

• Response Quality & Safety Review - AI response monitoring and escalation
• Security Practices - General security guidelines
• SOC 2 Controls - Compliance controls
• AI Configuration - PII redaction in AI
• Shortlinks - Link tracking and analytics

Questions?

If you have questions about PII handling or privacy protection:

• Review this documentation
• Check Security Practices
• Contact support for specific questions
• Review compliance documentation