PII Redaction

Pre-recorded PII Redaction automatically detects and replaces sensitive entities (names, emails, addresses, etc.) in your transcript output. This feature is only available for pre-recorded transcription.

Handling audio data often involves processing conversations that contain personally identifiable information such as names, phone numbers, or financial details. Redacting PII helps you comply with privacy regulations like GDPR and CCPA/CPRA, protect your users’ sensitive data, and reduce the risk of data breaches when storing or sharing transcripts.

Usage

Add "pii_redaction": true to your request to redact all detected PII in the transcript. Sensitive entities will be replaced with markers in the output.

{
  "audio_url": "YOUR_AUDIO_URL",
  "pii_redaction": true
}

Optional configuration

You can customize the behavior with pii_redaction_config:

entity_types

string[]

Preset or list of PII entity types to redact (e.g. ["GDPR"]). See Supported entity types for available presets.

processed_text_type

enum

default:"MARKER"

How to replace detected PII:

MASK: Each character replaced by a mask (e.g. “John Smith” → #### #####)
MARKER: Placeholder labels like [NAME_1], [EMAIL_1]. Same entity will have same ID.

Example body

Pre-recorded

{
  "audio_url": "YOUR_AUDIO_URL",
  "pii_redaction": true,
  "pii_redaction_config": {
    "entity_types": ["GDPR"],
    "processed_text_type": "MARKER"
  }
}

Example output

Without PII redaction (raw transcript):

Hi, I’m calling about the order for John Smith. Can you confirm the delivery to john.smith@company.com? Yes, John Smith placed it yesterday.

With PII redaction (processed_text_type="MASK"):

Hi, I’m calling about the order for #### #####. Can you confirm the delivery to ######################? Yes, #### ##### placed it yesterday.

With PII redaction (processed_text_type="MARKER"):

Hi, I’m calling about the order for [NAME_1]. Can you confirm the delivery to [EMAIL_1]? Yes, [NAME_1] placed it yesterday.

The same entity mentioned multiple times receives the same marker ID (e.g. “John Smith” becomes [NAME_1] both times), so you can track references across the transcript while keeping sensitive data redacted.
This consistency is also useful for downstream tasks using LLMs, which can reason about entities (e.g. “the person in [NAME_1]”) without ever seeing the raw PII.

Supported entity types

When using entity_types, you can pass a preset group or a list of specific types.

Preset groups

GDPR — EU General Data Protection Regulation

GDPR_SENSITIVE — GDPR Article 9 sensitive data

HIPAA_SAFE_HARBOR — USA HIPAA Safe Harbor

De-identification standard for US healthcare data under HIPAA.Includes: ACCOUNT_NUMBER, AGE, DATE, DATE_INTERVAL, DOB, DRIVER_LICENSE, EMAIL_ADDRESS, HEALTHCARE_NUMBER, IP_ADDRESS, LOCATION, LOCATION_ADDRESS, LOCATION_ADDRESS_STREET, LOCATION_CITY, LOCATION_COORDINATE, LOCATION_ZIP, NAME, NAME_FAMILY, NAME_GIVEN, NAME_MEDICAL_PROFESSIONAL, NUMERICAL_PII, PASSPORT_NUMBER, PHONE_NUMBER, SSN, URL, VEHICLE_ID, BANK_ACCOUNT, CREDIT_CARD, CREDIT_CARD_EXPIRATION, CVV

HEALTH_INFORMATION — Health-related entities

PCI — Payment Card Industry

PCI-specific financial entities only.Includes: BANK_ACCOUNT, CREDIT_CARD, CREDIT_CARD_EXPIRATION, CVV, ROUTING_NUMBER

CPRA — California Privacy Rights Act

Personal data entities covered by the California Privacy Rights Act.Includes: DOB, DRIVER_LICENSE, EMAIL_ADDRESS, GENDER, HEALTHCARE_NUMBER, IP_ADDRESS, LOCATION_ADDRESS, LOCATION_ADDRESS_STREET, LOCATION_CITY, LOCATION_COORDINATE, LOCATION_ZIP, NAME, NAME_FAMILY, NAME_GIVEN, NAME_MEDICAL_PROFESSIONAL, NUMERICAL_PII, ORIGIN, PASSPORT_NUMBER, PASSWORD, PHONE_NUMBER, PHYSICAL_ATTRIBUTE, POLITICAL_AFFILIATION, RELIGION, SEXUALITY, SSN, URL, USERNAME, VEHICLE_ID, BANK_ACCOUNT, CREDIT_CARD, CREDIT_CARD_EXPIRATION, CVV, BLOOD_TYPE, CONDITION, DRUG, INJURY, MEDICAL_PROCESS

APPI — Japan Act on the Protection of Personal Information

Personal data entities covered by Japan’s APPI.Includes: AGE, DOB, DRIVER_LICENSE, EMAIL_ADDRESS, HEALTHCARE_NUMBER, IP_ADDRESS, LOCATION, LOCATION_ADDRESS, LOCATION_ADDRESS_STREET, LOCATION_CITY, LOCATION_COORDINATE, LOCATION_COUNTRY, LOCATION_STATE, LOCATION_ZIP, NAME, NAME_FAMILY, NAME_GIVEN, NAME_MEDICAL_PROFESSIONAL, NUMERICAL_PII, OCCUPATION, ORGANIZATION, ORGANIZATION_MEDICAL_FACILITY, PASSPORT_NUMBER, PASSWORD, PHONE_NUMBER, SSN, VEHICLE_ID, BANK_ACCOUNT, CREDIT_CARD, CREDIT_CARD_EXPIRATION, CVV, DRUG

APPI_SENSITIVE — APPI sensitive data

Sensitive data subset under Japan’s APPI.Includes: CONDITION, DRUG, GENDER, INJURY, LANGUAGE, MARITAL_STATUS, MEDICAL_PROCESS, ORIGIN, PHYSICAL_ATTRIBUTE, POLITICAL_AFFILIATION, RELIGION, SEXUALITY

QUEBEC_PRIVACY_ACT — Quebec Law 25

Personal data entities covered by Quebec’s Privacy Act / Law 25.Includes: AGE, DATE, DATE_INTERVAL, DOB, DRIVER_LICENSE, EMAIL_ADDRESS, HEALTHCARE_NUMBER, IP_ADDRESS, LOCATION_ADDRESS, LOCATION_ADDRESS_STREET, LOCATION_CITY, LOCATION_COORDINATE, LOCATION_ZIP, NAME, NAME_FAMILY, NAME_GIVEN, NAME_MEDICAL_PROFESSIONAL, NUMERICAL_PII, OCCUPATION, ORGANIZATION, ORGANIZATION_MEDICAL_FACILITY, ORIGIN, PASSPORT_NUMBER, PHONE_NUMBER, POLITICAL_AFFILIATION, RELIGION, SSN, BANK_ACCOUNT, CREDIT_CARD, CREDIT_CARD_EXPIRATION, CVV, BLOOD_TYPE, CONDITION, DRUG, INJURY, MEDICAL_PROCESS, STATISTICS

CORE_ENTITIES — Common PII types

Core set of the most commonly used PII entity types across all regulations.

CCI — Corporate Confidential Information

Business and corporate data entities.Includes: ACCOUNT_NUMBER, DATE, DATE_INTERVAL, EMAIL_ADDRESS, FILENAME, LOCATION, LOCATION_ADDRESS, LOCATION_ADDRESS_STREET, LOCATION_CITY, LOCATION_COUNTRY, LOCATION_STATE, LOCATION_ZIP, MONEY, NUMERICAL_PII, OCCUPATION, ORGANIZATION, PASSWORD, TIME, URL, VEHICLE_ID, BANK_ACCOUNT, CREDIT_CARD, CREDIT_CARD_EXPIRATION, CVV, ROUTING_NUMBER, DRUG, MEDICAL_PROCESS

LIDI — Locally Identifiable Data

Entities that can identify individuals within a local context.

NUMERICAL_EXCL_PCI — Numerical PII (excluding PCI)

Numerical PII entities, excluding PCI-specific types.Includes: ACCOUNT_NUMBER, NUMERICAL_PII, SSN, etc.Excludes: CREDIT_CARD, CVV, BANK_ACCOUNT, ROUTING_NUMBER

Individual entity types

Core PII

Entity	What it catches
`NAME`	Full person names
`EMAIL_ADDRESS`	Email addresses
`PHONE_NUMBER`	Phone/fax numbers
`LOCATION_ADDRESS`	Full mailing addresses
`DATE`	Specific dates
`DOB`	Dates of birth
`SSN`	Social security numbers (+ intl. equivalents)
`PASSPORT_NUMBER`	Passport numbers
`DRIVER_LICENSE`	Driver’s license numbers
`IP_ADDRESS`	IPv4 / IPv6 addresses
`URL`	Web addresses
`USERNAME`	Logins, handles

Financial / PCI

Entity	What it catches
`CREDIT_CARD`	Credit card numbers (incl. last 4)
`BANK_ACCOUNT`	Bank accounts, IBAN
`CVV`	Card verification codes

Entity	What it catches
`ORIGIN`	Nationality, ethnicity
`RELIGION`	Religious affiliation
`POLITICAL_AFFILIATION`	Political opinions
`SEXUALITY`	Sexual orientation
`PHYSICAL_ATTRIBUTE`	Race, physical traits

Entity	What it catches
`CONDITION`	Medical conditions, diseases
`DRUG`	Medications, supplements
`HEALTHCARE_NUMBER`	Health plan IDs, medical record numbers
`MEDICAL_PROCESS`	Treatments, procedures

Introduction

Speech-to-Text

Language

Audio Intelligence

Integrations

Limits & Specifications

Migrations

Usage

Optional configuration

Example body

Example output

Supported entity types

Preset groups

Individual entity types

Core PII

Financial / PCI

Introduction

Speech-to-Text

Language

Audio Intelligence

Integrations

Limits & Specifications

Migrations

Documentation Index

​Usage

​Optional configuration

​Example body

​Example output

​Supported entity types

​Preset groups

​Individual entity types

​Core PII

​Financial / PCI

​Sensitive / GDPR Article 9

​Healthcare (HIPAA / GDPR)

Usage

Optional configuration

Example body

Example output

Supported entity types

Preset groups

Individual entity types

Core PII

Financial / PCI

Sensitive / GDPR Article 9

Healthcare (HIPAA / GDPR)