Skip to Content
User GuidesPrivate Data Protection

Private Data Protection

When working with large language models and prompt optimization, you may encounter text that contains Personally Identifiable Information (PII) or other sensitive data (e.g., SSNs, credit card numbers, secret keys, or internal bearer tokens).

Trunkate AI’s Private Data Protection offers a “Zero-Trust” architecture ensuring your sensitive data never leaves your environment when using our official SDKs.

How it Works

We use a hybrid approach that provides client-side stripping with an API-side fallback.

  1. Client-Side Stripping (Zero-Trust): When using a Trunkate AI SDK or Skill, any content wrapped in [PRIVATE]...[/PRIVATE] tags is extracted before the request is sent over the network. The SDK replaces this content with sequential placeholders (e.g., __PRIVATE_0__).
  2. API Optimization: The Trunkate API receives the text containing only the placeholders. It recognizes these placeholders as atomic units that must be kept verbatim and bypassed during compression or rewriting.
  3. Client-Side Restoration: When the optimized response returns to the client, the SDK re-inserts your original sensitive data perfectly into the placeholders. Your private data never touches our servers.

Note on Direct API Calls: If you are calling the Trunkate AI API directly (e.g., via cURL) without an SDK, the API will still recognize [PRIVATE] tags. It will treat the content exactly like [KEEP] tags—ensuring the content is untouched by the compressor—but the data will traverse the network to our servers.

Usage

Simply wrap the sensitive portions of your text in [PRIVATE] tags.

Python

import trunkate_ai
import os
 
client = trunkate_ai.Trunkate(api_key=os.environ["TRUNKATE_API_KEY"])
 
text = "Please write a summary for user [PRIVATE]John Doe[/PRIVATE] whose SSN is [PRIVATE]123-45-6789[/PRIVATE]."
 
response = client.optimize(
    text=text,
    budget=20
)
 
# The response will contain "[PRIVATE]John Doe[/PRIVATE]" and "[PRIVATE]123-45-6789[/PRIVATE]"
# exactly as provided.
print(response.optimized_text)

TypeScript

import { Trunkate } from 'trunkate-ai';
 
const client = new Trunkate({ apiKey: process.env.TRUNKATE_API_KEY });
 
const text = "Contact the CEO at [PRIVATE]ceo@example.com[/PRIVATE].";
 
const response = await client.optimize({ text, budget: 10 });
console.log(response.text);

Go

package main
 
import (
	"fmt"
	"log"
	
	"github.com/Trunkate-AI/trunkate-ai-sdk/go"
)
 
func main() {
	client, err := trunkate_ai.NewClient("")
	if err != nil {
		log.Fatal(err)
	}
 
	req := &trunkate_ai.Request{
		Text: "Auth token is [PRIVATE]Bearer eyJhbGci...[/PRIVATE]",
		Budget: trunkate_ai.StringOrInt{Int: 15},
	}
 
	res, err := client.Optimize(req)
	fmt.Println(res.Text)
}

Rust

use trunkate_ai::{Client, StringOrInt};
 
#[tokio::main]
async fn main() {
    let client = Client::new(None);
    
    let text = "My API key is [PRIVATE]sk-1234567890abcdef[/PRIVATE]";
    
    let result = client.optimize(text, None, Some(StringOrInt::Int(10)), None).await.unwrap();
    println!("{}", result.text);
}

CLI

trunkate "My secret is [PRIVATE]p@ssw0rd[/PRIVATE]" --budget 5

Auto-Protect (Opt-In Utility)

Identifying and wrapping every piece of sensitive data manually can be tedious. All Trunkate AI SDKs include an opt-in auto_protect() utility that uses regular expressions to automatically detect and wrap common PII patterns before you send the request.

Supported auto-detection patterns:

  • Emails
  • US Phone Numbers
  • SSNs
  • Credit Cards
  • Bearer Tokens
  • Common API Keys (sk-…, pk-…, AKIA…)

Example (TypeScript):

import { Trunkate, autoProtect } from 'trunkate-ai';
 
const rawText = "Email bob@example.com and tell him the code is 1234.";
 
// Automatically wraps "bob@example.com" in [PRIVATE] tags
const protectedText = autoProtect(rawText);
 
const client = new Trunkate();
const res = await client.optimize({ text: protectedText, budget: 15 });

Example (CLI): You can enable auto-protection in the CLI by passing the --auto-protect flag.

trunkate "My email is test@test.com" --auto-protect

FAQ

Does my private data ever reach Trunkate servers?
No. If you use our official SDKs (Python, TypeScript, Go, Rust) or the CLI, the [PRIVATE] tags are stripped and replaced with placeholder tokens locally on your machine before the HTTP request is made.

What is the difference between [PRIVATE] and [KEEP]?
Both tags instruct the API compressor to completely ignore and preserve the wrapped text. The difference is the zero-trust aspect.

  • Use [KEEP] for non-sensitive data you want preserved (e.g., a specific phrase, a required format).
  • Use [PRIVATE] for sensitive data (PII, secrets) that should never leave your server.
Last updated on
Optimization StrategiesIntegration Methods