Hydra logoHydra · Hydra Support

Configuration

Privacy and PII redaction

Optionally strip emails, phone numbers, and card-shaped strings from prompts sent to Claude. Stored messages in your inbox stay intact.

Privacy and PII redaction

Hydra can strip personally-identifying information out of the text it sends to Claude — without changing what your team sees in the inbox. Use this when a tenant or customer requires that no raw email addresses, phone numbers, or card numbers are passed to a third-party model.

The setting is at Settings → Privacy and applies workspace-wide.

What gets detected

When redaction is on, three pattern detectors run against every text payload Hydra sends to Claude:

  • Emails — anything matching local@domain.tld. Replaced with [EMAIL_REDACTED].
  • Phone numbers — common North American and international formats (10–15 digits with optional country code, parens, dashes, dots, or spaces). Replaced with [PHONE_REDACTED].
  • Card-shaped strings — 13–19 contiguous digits with optional space/dash separators that pass the Luhn checksum used by every major card network. Replaced with [CARD_REDACTED].

The Luhn check on card-shaped strings keeps the false-positive rate low — order numbers, IDs, and timestamps almost always fail Luhn even when they look like card numbers.

The detector list is intentionally conservative. SSNs, addresses, and other PII categories are not detected today because their patterns overlap heavily with other text and would generate false positives. If you need a custom detector for your business, contact us.

Redaction modes

There are two modes:

Off (default)

Messages and system prompts go to Claude unchanged. This is the right setting for most tenants — Anthropic does not train on production API traffic, and customers usually want the bot to be able to repeat their email back to them when confirming details.

Model-only redaction

Hydra strips detected PII from the prompt before the Claude API call. The original message is preserved exactly as the customer typed it in the database — agents reviewing the inbox, ticket detail page, and audit log all still see the unredacted text.

Specifically, model-only redaction applies to:

  • The widget chat path (/api/chat) — system prompt, message history, the new user turn, and any tool results passed back into the conversation loop.
  • The strict-directive safety-net pass — the same redaction happens before the second-pass Haiku call that double-checks strict directives.
  • Intent and sentiment tagging — the post-turn Haiku pass that fills in intent and sentiment on each conversation also receives redacted transcript text.
  • Conversation summaries — when a conversation is resolved, the Haiku summarization pass receives a redacted transcript.

What it does not apply to:

  • The internal Help Panel chat in your dashboard — that's admins talking to Hydra, not customers, so PII redaction is intentionally not in that path.
  • Email send/receive bodies, ticket content displayed in the UI, exports, or anywhere else the data is read by humans rather than the model.

The live test box

The Settings → Privacy page has a side-by-side preview: paste a message in the left textarea and the right pane shows exactly what Claude would see when model-only redaction is on. The preview runs in your browser using the same regex code the server uses, so the output matches the model-bound text exactly.

Use this to:

  • Verify a sample customer message gets the right fields stripped before turning the policy on.
  • Show a privacy-conscious customer or auditor what their data looks like once it's redacted.
  • Sanity-check whether your bot's own system prompt or knowledge-base content has anything that would get incidentally redacted (it normally shouldn't).

What changing the mode does

Switching the mode is instantaneous and applies to the next message sent. There is no backfill or rewrite of stored data — the column is a forward-looking policy, not a retroactive one. Past conversations remain in the inbox untouched.

Every mode change is recorded in Team → Audit log with the from/to values and the admin who made the change.

Permissions

  • Any teammate can view the current mode on Settings → Privacy.
  • Only admins and owners can change the mode.

What this is not

This is not a storage-level redaction or right-to-be-forgotten control. The customer's original message stays in the database for agent review. If a customer asks for their data to be deleted, use Settings → Data → Export data to download their conversations first, then remove the contact via the standard delete flow on their profile page — that cascades to the underlying conversations and tickets per the documented FK behavior.

If you have a compliance requirement that demands destructive storage redaction (replace messages.content rows with the redacted text on write), let us know — we have a design path for it but it's a separate, larger feature than the model-only toggle described here.