Skip to content
PrivateAI
← Back to Home
Guides

Scrub PII Before You Prompt: A Developer's Guide to Sanitizing Data for Cloud AI

10 min read min readBy PrivateAI Team

The Data You're Sending Without Realizing It

Here's the real cost of AI productivity: developers are routinely pasting customer data into cloud AI tools and calling it debugging.

A support ticket with a user's full name and email. A log file with IP addresses and session tokens. A CSV export that includes dates of birth and phone numbers. A SQL query result that happens to include partial credit card numbers. Not maliciously — just quickly, because the AI assistant is right there and you need an answer in 30 seconds.

Every one of those pastes is a potential GDPR violation, a HIPAA incident, or an NDA breach depending on your jurisdiction and employer. More practically: it's your users' data living in OpenAI's or Anthropic's training pipeline unless you've specifically opted out, verified the opt-out worked, and trust that it'll hold.

The fix isn't to stop using AI. The fix is a pre-flight sanitization habit that takes 30-60 seconds and eliminates the risk. This guide gives you the tools, the checklist, and the tiered decision framework to make it automatic.


What Actually Counts as PII in an AI Context

The GDPR and HIPAA definitions are a starting point, but they're not complete for your purposes. When you're prompting an AI tool, you should treat all of the following as PII or sensitive data:

Obvious PII (most people already know):

  • Full names, email addresses, phone numbers
  • Physical addresses, postal codes
  • Social Security Numbers, passport numbers, driver's license numbers
  • Dates of birth when combined with other identifiers

Less obvious but equally risky:

  • IP addresses — uniquely identifies users in most jurisdictions under GDPR
  • Session tokens, user IDs, internal customer IDs — these don't look like PII but map directly to real people in your database
  • Device fingerprints and User-Agent strings tied to logged activity
  • Geolocation data (even city-level can be identifying for small populations)
  • Usernames and handles — even pseudonymous ones, because they can be cross-referenced

Business-sensitive data that isn't technically PII but still shouldn't leave:

  • API keys, access tokens, passwords — even partial or expired ones
  • Internal project names and codenames
  • Revenue figures, contract values, pricing from internal tools
  • Client company names in certain contexts (if under NDA)
  • System architecture details, database schemas, infrastructure hostnames

The mental model: if the data has a unique identifier attached — even implicitly — treat it as PII and scrub it before prompting.


Step One: Store the Raw Data Safely Before You Work

Before you start scrubbing, you need somewhere to keep the unsanitized original. This matters more than it sounds: the scrubbing process itself involves handling sensitive data, and you need confidence that the raw file isn't sitting in plaintext on a shared drive, a Slack message, or a Google Doc.

Tresorit is the cleanest solution for this. It's end-to-end encrypted with zero-knowledge architecture, meaning Tresorit servers never see the plaintext of your files. You upload the raw log file, customer export, or whatever it is, and only your device (and whoever you explicitly share with) can decrypt it.

Recommended

Store sensitive files before and after scrubbing. E2E encrypted, GDPR-compliant, zero-knowledge by design.

Tresorit

Get Tresorit — Zero-Knowledge Encrypted Storage

Affiliate Disclosure: This article may contain affiliate links. If you make a purchase through these links, we may earn a small commission at no extra cost to you. We only recommend products we genuinely believe in. This helps support our work and allows us to continue providing free content.


The Output Side: Encrypted Storage for Sanitized Results

Scrubbing the input is step one. The output — the AI-generated analysis, the insights, the code — also needs a home that doesn't introduce new exposure.

The Proton ecosystem handles this well. Proton Drive gives you end-to-end encrypted cloud storage for AI output documents. Proton Mail handles encrypted delivery if you're sharing results with colleagues or clients. The suite is independently audited, Swiss-headquartered under strong privacy law, and doesn't require trusting a company headquartered in a Five Eyes jurisdiction.

For a complete private AI workflow: raw sensitive data stored in Tresorit → scrubbed locally → Tier 2/3 queries to cloud AI → AI outputs stored in Proton Drive → shared via Proton Mail if needed. Every step in that chain is encrypted by a party that can't read the content.

Recommended

End-to-end encrypted email, cloud storage, and VPN. Swiss privacy law. Free plan available.

Proton Privacy Suite

Get Proton — Mail, Drive, and VPN Bundled

Affiliate Disclosure: This article may contain affiliate links. If you make a purchase through these links, we may earn a small commission at no extra cost to you. We only recommend products we genuinely believe in. This helps support our work and allows us to continue providing free content.

_Last updated: 2026-06-28_