1 comment

[ 4.3 ms ] story [ 15.6 ms ] thread
Hi HN,

One thing I kept running into while building SaaS products was PII showing up in unexpected places:

application logs analytics event streams CSV exports support ticket systems

Once personal data gets into those systems it becomes hard to control or redact.

I built an API to detect and anonymise PII across text, JSON and CSV before the data leaves the system.Currently covers ~30 PII categories and maps them to frameworks like GDPR, HIPAA, PCI-DSS and 7 other regulatory frameworks.

Curious how others here deal with this — internal tooling, open source libraries, or just manual processes?