PII Auto-Scrubbing
Guardrly automatically removes sensitive data before any information leaves your machine. This happens locally, before cloud upload.
What Gets Scrubbed
Authorization Headers
All Authorization header values are replaced with [REDACTED]. This includes Bearer tokens, API keys, and Basic auth credentials.
Access Tokens in URLs
URL parameters containing access_token, api_key, token, or key are replaced with [REDACTED].
Email Addresses
Email addresses in request bodies and URLs are replaced with [email_redacted].
Phone Numbers
Phone numbers (international and domestic formats) are replaced with [phone_redacted].
Credit Card Numbers
16-digit card numbers (with or without spaces or dashes) are replaced with [card_redacted].
What Is NOT Scrubbed
- Request URLs (endpoint paths are kept for monitoring purposes)
- HTTP method and status codes
- Response timing data
- Platform-specific non-sensitive fields
Technical Implementation
PII scrubbing runs on your local machine using 5 precompiled regex patterns. Processing time is under 1ms per request.
The scrubbed payload is what gets stored locally and uploaded to the cloud. The original sensitive data never leaves your machine.
Verification
You can verify scrubbing is working by checking your logs at app.guardrly.com/logs. Authorization headers and tokens should appear as [REDACTED].
Compliance
Guardrly's PII scrubbing approach supports compliance with:
- GDPR (data minimization principle)
- CCPA (personal information protection)
- SOC 2 (access control requirements)