PII redaction — strip personal data from stored messages

When on, Wilow runs a regex-based redactor over every user message before it's persisted to the database. Emails, phone numbers, credit-card-shaped digit sequences, and IBANs get replaced with placeholders like [REDACTED_EMAIL]. The original stays in memory long enough for the live reply and lead-capture extraction, then vanishes.

Why it's on by default

Transcripts are for review — you want to see what the visitor asked, not who they are. A transcript that contains raw credit-card numbers is a compliance risk; the same transcript with [REDACTED_CARD] is audit-safe.

Lead records are separate from transcripts. They keep the contact details — you need the email to actually respond. The redaction only affects the conversation archive, not your leads.

When to turn it off

Rarely. One case: you run a support business where the whole point is to resolve issues tied to account numbers, IBANs, or phone IDs. Without that data in the transcript, reviewing conversations is useless. If you disable it, make sure your data-retention policy accounts for personal data in archived chats.

What it catches

  • Email addresses (standard format)
  • Phone numbers (international +… and common national formats)
  • Credit-card-shaped digit sequences (13–19 digits with or without spaces/dashes)
  • IBANs (country code + check digits + BBAN)

What it doesn't catch

  • Names typed free-form ("This is John Smith from Acme…"). Names are context-dependent; a regex doesn't know the difference between "John" the person and "John" the brand.
  • Physical addresses. Too variable to pattern-match reliably without false positives.
  • Ad-hoc ID strings your own business uses (order numbers, ticket IDs). If those are sensitive, talk to us — we can add a custom rule for your account.