Anonymization
How Copilot via API detects and anonymizes personally identifiable information (PII).
Copilot via API automatically anonymizes personally identifiable information (PII) in messages to protect user privacy.
Overview
When you send messages — either by attaching them to a thread or via the Chat-Completions API — they may contain PII. Before processing, the service detects and replaces PII using a combination of static pattern matching and named-entity recognition (NER).
The following entity types are anonymized:
| Entity Type | Placeholder |
|---|---|
| Email addresses | <EMAIL_ADDRESS> |
| Phone numbers | <PHONE_NUMBER> |
| IBANs | <IBAN> |
| Credit card numbers | <CREDIT_CARD_NUMBER> |
| German tax IDs | <TAX_ID> |
| German social security numbers | <SSN_DE> |
Detected entities are replaced with their corresponding placeholder tag. For example, an email address is replaced with <EMAIL_ADDRESS> and a tax ID with <TAX_ID>. Downstream services only see the anonymized form.
Even though PII is anonymized, we strongly recommend encouraging your users to share only the minimum personal information necessary in their messages.
Extended Anonymization for Data Deletion
In addition to the entities above, the following entities can also be detected and removed:
- Names:
<PERSON> - Birthdates:
<BIRTH_DATE>
We have decided to not remove names and birthdates, due to high false positive rate within Haufe content, e.g., European laws are referred to by names.
This extended anonymization is applied during data deletion to ensure all PII is removed from thread messages.