Skip to main content
Back
35 XP

Lesson 6 · 8 min

PII handling and data minimization

What lives in the prompt, the trace, the cache, and the analytics. Each of those is a possible PII leak. The principle: send the model the minimum needed to do the job.

Where PII leaks

Four places, all of which need a policy:

  1. The prompt itself. User inputs PII; you send it to a third-party API.
  2. The trace / log. Your observability captures the prompt and response.
  3. The provider's retention. Some providers retain inputs for X days for safety review unless you opt out.
  4. Your analytics. PostHog, Mixpanel, etc. — events sometimes include the user's text.