PII Scrubbing
LogVault automatically detects and masks Personally Identifiable Information (PII) before it's stored, helping you maintain compliance without changing your code.
How It Works
When you send an event to LogVault, our ingestion engine scans the metadata for common PII patterns. Detected values are replaced with masked versions before being stored.
Before Storage
JSON
1{2 "action": "payment.processed",3 "user_id": "user_123",4 "metadata": {5 "email": "john.doe@example.com",6 "credit_card": "4111111111111111",7 "iban": "NL91ABNA0417164300",8 "ssn": "123-45-6789"9 }10}
After Storage
JSON
1{2 "action": "payment.processed",3 "user_id": "user_123",4 "metadata": {5 "email": "j***@example.com",6 "credit_card": "[REDACTED]",7 "iban": "NL91****4300",8 "ssn": "[REDACTED]"9 }10}
Supported PII Types
| Type | Example | Masked Result |
|---|---|---|
| Credit Card | 4111111111111111 | [REDACTED] |
| IBAN | NL91ABNA0417164300 | NL91****4300 |
john@example.com | j***@example.com | |
| SSN (US) | 123-45-6789 | [REDACTED] |
| BSN (NL) | 123456789 | [REDACTED] |
| Phone Number | +31612345678 | +316****5678 |
| API Key | sk_live_abc123... | [API_KEY] |
Configuration
PII scrubbing is enabled by default for all organizations. You can configure the behavior in your dashboard settings:
- Strict Mode: Redacts all detected PII completely
- Partial Mode: Keeps first/last characters for debugging
- Custom Patterns: Add your own regex patterns (Enterprise)
Best Practices
- Don't rely solely on scrubbing. Avoid sending sensitive data in the first place when possible.
- Use structured metadata. Our detection works best with clearly labeled fields.
- Test with test keys. Verify scrubbing works as expected before going live.