Developer guide
How to Redact PII Before Sending Data to OpenAI (Node.js)
OpenAI requests can expose PII if you pass raw user input through unchanged. Emails, names, and phone numbers should be sanitized before API calls. Use a local redaction step first, then send the cleaned text onward.
The Problem
Example: sending raw input to OpenAI
const userInput = "Contact me at john@email.com";
await openai.chat.completions.create({
messages: [{ role: "user", content: userInput }]
});This sends raw PII to an external API.
The Solution
Redact sensitive data before sending it to OpenAI.
Install OpenRedaction
Install the library:
npm install openredaction
Redact Before Sending
Redact the input before sending it:
import OpenAI from "openai";
import { redact } from "openredaction";
const openai = new OpenAI({ apiKey: process.env.OPENAI_API_KEY });
const userInput = "Contact me at john@email.com";
const { redactedText } = redact(userInput);
const response = await openai.chat.completions.create({
messages: [{ role: "user", content: redactedText }]
});Example output:
Input
Email me at jane@company.com and call 555-123-4567
Output
Email me at [REDACTED] and call [REDACTED]
Why this matters
- Avoid sending user data to external APIs
- Reduce compliance risk (GDPR, etc.)
- Keep logs and prompts clean
- Maintain control over sensitive data
Where to use this
- Before OpenAI API calls
- Before logging user input
- Before storing prompts or responses
Regex vs AI
Regex is fast and predictable for known patterns.
AI can help with messy text.
Many systems use regex first, then AI if needed.
Use it locally in your app.