Skip to main content
PII redaction is available exclusively on Enterprise plans. Contact your account manager to enable it for your workspace.
PII Redaction PII redaction automatically detects and removes personally identifiable information from your production transcripts. When enabled, data like names, email addresses, phone numbers, and financial details are replaced with generic markers (eg: [NAME], [EMAIL_ADDRESS]) before transcripts are stored. Sensitive user information never persists in your conversation logs.

How it works

PII is detected using a machine learning model hosted within Voiceflow’s infrastructure. Your data is never sent to any third-party service during the redaction process. Key behaviors:
  • Production only. Redaction applies only to production conversations. Development and test conversations are not redacted, so you can debug freely.
  • Not retroactive. Enabling redaction does not affect existing transcripts. Disabling it does not unredact previously redacted transcripts. Only future conversations are affected.
  • Structure preserved. The overall structure of your traces and requests remains the same. Only the content of specific text properties is modified.

Enabling PII redaction

1

Contact your account manager

PII redaction requires an Enterprise plan. Reach out to your account manager to have the feature enabled for your workspace.
2

Open transcript settings

Open Transcripts and click the settings icon in the toolbar.PI Iredaction1
3

Enable PII redaction

Toggle PII redaction on and click Save.PI Iredaction2

Viewing unredacted transcripts

After redaction is enabled, you can temporarily view the original unredacted version of a transcript using the toggle in the transcript detail view. This is intended for debugging purposes.
Unredacted transcripts are only available for 48 hours after the conversation takes place. After that, the original data is permanently deleted and cannot be recovered.

What gets redacted

PII redaction scans both your agent’s responses (traces) and user inputs (requests), covering a wide range of PII types across different data structures.

Detected PII types

The redaction system detects over 35 types of personally identifiable information:
CategoryExamples
IdentityNames, date of birth, age, gender, marital status, nationality
ContactEmail addresses, phone numbers, physical addresses, IP addresses
FinancialCredit card numbers, bank accounts, routing numbers, CVV codes
Government IDsSocial Security numbers, driver’s license, passport numbers, tax IDs
HealthMedical conditions, medications, blood type, medical procedures
AuthenticationUsernames, passwords, PINs
OtherOrganization names, URLs, vehicle identifiers, device IDs

Protection methods

The system uses four approaches depending on the type of content:
MethodWhat it doesExample
CensorReplaces detected PII with markers like [NAME] or [EMAIL_ADDRESS]"Hi John""Hi [NAME]"
EraseSets the property to an empty string (used for content that can’t be selectively redacted)Audio URLs are removed entirely
OverrideReplaces the value with a safe placeholderImage URLs are replaced with a placeholder image
Censor rich textStrips rich text formatting and replaces content with redacted plain textSlate content is flattened and censored

Trace data

Traces represent the messages and content your agent sends during a conversation, including text responses, cards, carousels, and media. PII redaction processes each trace type differently depending on the properties it contains.
Modified properties:
  • payload.message: Censor redaction
  • payload.slate.content: Censor rich text redaction
  • payload.audio.src: Erase redaction
Before redaction
{
  "type": "text",
  "payload": {
    "audio": {
      "message": "Hi, my name is John Smith and my email is john@email.com",
      "src": "https://example.com/audio/user-message.mp3"
    },
    "slate": {
      "id": 1,
      "content": [
        {
          "children": [
            { "text": "Hi, my name is John Smith and my email is john@email.com" }
          ]
        }
      ]
    }
  }
}
After redaction
{
  "type": "text",
  "payload": {
    "audio": {
      "message": "Hi, my name is [NAME] and my email is [EMAIL_ADDRESS]",
      "src": ""
    },
    "slate": {
      "id": 1,
      "content": [
        {
          "children": [
            { "text": "Hi, my name is [NAME] and my email is [EMAIL_ADDRESS]" }
          ]
        }
      ]
    }
  }
}
Modified properties:
  • payload.message: Censor redaction
  • payload.src: Erase redaction
Before redaction
{
  "type": "speak",
  "payload": {
    "type": "message",
    "message": "Hello Sarah, your appointment at 123 Main Street is confirmed",
    "src": "https://example.com/audio/response.mp3"
  }
}
After redaction
{
  "type": "speak",
  "payload": {
    "type": "message",
    "message": "Hello [NAME], your appointment at [LOCATION_ADDRESS] is confirmed",
    "src": ""
  }
}
Modified properties:
  • payload.title: Censor redaction
  • payload.description.text: Censor redaction
  • payload.description.slate: Censor rich text redaction
  • payload.imageUrl: Override redaction
  • payload.buttons[].name: Censor redaction
  • payload.buttons[].request.payload.label: Censor redaction
Before redaction
{
  "type": "cardV2",
  "payload": {
    "title": "Contact John Smith",
    "description": {
      "text": "Call John at 555-123-4567"
    },
    "imageUrl": "https://example.com/photos/john-profile.jpg",
    "buttons": [
      {
        "name": "Call John",
        "request": {
          "type": "path",
          "payload": { "label": "Contact John Smith" }
        }
      }
    ]
  }
}
After redaction
{
  "type": "cardV2",
  "payload": {
    "title": "Contact [NAME]",
    "description": {
      "text": "Call [NAME] at [PHONE_NUMBER]"
    },
    "imageUrl": "https://cdn.voiceflow.com/assets/pii_redaction_placeholder_img.png",
    "buttons": [
      {
        "name": "Call [NAME]",
        "request": {
          "type": "path",
          "payload": { "label": "Contact [NAME]" }
        }
      }
    ]
  }
}
Modified properties:
  • payload.buttons[].name: Censor redaction
  • payload.buttons[].request.payload.label: Censor redaction
Before redaction
{
  "type": "choice",
  "payload": {
    "buttons": [
      {
        "name": "Contact Dr. Smith",
        "request": {
          "type": "text",
          "payload": { "label": "Reach out to Dr. Smith at his office" }
        }
      },
      {
        "name": "Call Dr. Smith's office",
        "request": {
          "type": "text",
          "payload": { "label": "Phone: 555-123-4567" }
        }
      }
    ]
  }
}
After redaction
{
  "type": "choice",
  "payload": {
    "buttons": [
      {
        "name": "Contact Dr. [NAME]",
        "request": {
          "payload": { "label": "Reach out to Dr. [NAME] at his office" }
        }
      },
      {
        "name": "Call Dr. [NAME] office",
        "request": {
          "payload": { "label": "Phone: [PHONE_NUMBER]" }
        }
      }
    ]
  }
}
Modified properties:
  • payload.image: Override redaction
Before redaction
{
  "type": "visual",
  "payload": {
    "image": "https://example.com/user-photos/john-selfie.jpg",
    "visualType": "image",
    "device": "mobile",
    "dimensions": { "width": 800, "height": 600 }
  }
}
After redaction
{
  "type": "visual",
  "payload": {
    "image": "https://cdn.voiceflow.com/assets/pii_redaction_placeholder_img.png",
    "visualType": "image",
    "device": "mobile",
    "dimensions": { "width": 800, "height": 600 }
  }
}

Request data

Requests represent user inputs sent to your agent, such as typed messages, button presses, and intent matches. These are redacted in the same way as traces to ensure PII is removed from both sides of the conversation.
Modified properties:
  • payload: Censor redaction
Before redaction
{
  "type": "text",
  "payload": "Hi, my name is Sarah Johnson and I need help with my account. You can reach me at sarah@email.com or 555-123-4567"
}
After redaction
{
  "type": "text",
  "payload": "Hi, my name is [NAME] and I need help with my account. You can reach me at [EMAIL_ADDRESS] or [PHONE_NUMBER]"
}
Modified properties:
  • payload.query: Censor redaction
  • payload.entities[].value: Censor redaction
Intent names and entity types are preserved.
Before redaction
{
  "type": "intent",
  "payload": {
    "intent": { "name": "book_appointment" },
    "query": "I want to book an appointment with Dr. Smith for John Doe on March 15th",
    "entities": [
      { "name": "doctor_name", "value": "Dr. Smith" },
      { "name": "patient_name", "value": "John Doe" },
      { "name": "date", "value": "March 15th" }
    ]
  }
}
After redaction
{
  "type": "intent",
  "payload": {
    "intent": { "name": "book_appointment" },
    "query": "I want to book an appointment with Dr. [NAME] for [NAME] on [DATE]",
    "entities": [
      { "name": "doctor_name", "value": "[NAME]" },
      { "name": "patient_name", "value": "[NAME]" },
      { "name": "date", "value": "[DATE]" }
    ]
  }
}
Modified properties:
  • payload.label: Censor redaction
Before redaction
{
  "type": "path",
  "payload": {
    "label": "Contact Dr. Sarah Johnson at Boston Medical"
  }
}
After redaction
{
  "type": "path",
  "payload": {
    "label": "Contact Dr. [NAME] at [ORGANIZATION]"
  }
}
Modified properties:
  • payload.message: Censor redaction
Before redaction
{
  "type": "message",
  "payload": {
    "message": "Please send the invoice to john.smith@company.com and call me at 555-123-4567"
  }
}
After redaction
{
  "type": "message",
  "payload": {
    "message": "Please send the invoice to [EMAIL_ADDRESS] and call me at [PHONE_NUMBER]"
  }
}
Modified properties:
  • payload.label: Censor redaction (if present)
Before redaction
{
  "type": "action",
  "payload": {
    "label": "Send confirmation email to sarah.johnson@email.com"
  }
}
After redaction
{
  "type": "action",
  "payload": {
    "label": "Send confirmation email to [EMAIL_ADDRESS]"
  }
}

Debug traces

Debug traces contain technical information about your agent’s operation, such as model usage, latency metrics, and navigation data. These are handled differently from regular traces using an allowlist system. All properties in payload.metadata are redacted by default unless explicitly allowlisted.
The following properties are preserved as-is and never redacted:
  • userID - User identifier
  • versionID - Version identifier
  • tools - Tool registration and agent step data
  • model - AI model identifiers
  • provider - Service provider information
  • voice - Voice configuration
  • postMultiplierTokensConsumption - Token consumption metrics
  • variant - Message variant information
  • code - Execution code
  • latency - Performance timing metrics
  • maxTokens - Token limits
  • queryTokens - Query token counts
  • answerTokens - Answer token counts
  • temperature - AI temperature settings
  • tokens - Token counts
  • multiplier - Token multipliers
  • nextID - Navigation identifiers
  • diagramID - Diagram identifiers
  • intent - Intent information
  • confidence - Confidence scores
  • tokensMultiplier - Token multiplier values
  • tokensConsumption - Token consumption data
  • nodeID - Node identifiers
  • result - Result data
  • status - Status information
  • tokenConsumption - Token consumption data
All other properties are replaced with PII detection markers or the message [Restricted due to potential PII]. This ensures new debug metadata properties are automatically protected until explicitly reviewed.

Redaction examples

These quick examples show how common types of PII appear in your transcript data before and after redaction is applied: Text content:
  • Before: "Hello, I'm Sarah Johnson from Acme Corp"
  • After: "Hello, I'm [NAME] from [ORGANIZATION]"
Contact information:
  • Before: "Call me at 555-123-4567 or email sarah@acme.com"
  • After: "Call me at [PHONE_NUMBER] or email [EMAIL_ADDRESS]"
Address information:
  • Before: "I live at 123 Main St, Boston, MA 02101"
  • After: "I live at [LOCATION_ADDRESS], [LOCATION_CITY], [LOCATION_STATE] [LOCATION_ZIP]"

Limitations

There are a few things to keep in mind when using PII redaction. These limitations are by design to balance privacy protection with usability.
  • Development conversations are not redacted. Only production conversations are processed.
  • Redaction is not retroactive. Enabling or disabling PII redaction only affects future conversations.
  • Audio is erased entirely. Audio URLs are set to empty strings because audio content cannot be selectively edited to remove only PII.
  • Images are replaced with a placeholder. All image URLs are overridden with a standard placeholder to prevent potential PII exposure through images.
  • Detection is English only. The PII detection model analyzes text in English.