Last updated: April 10, 2026
raipii ("we", "our", "us") is a PII sanitization service for AI pipelines. This policy explains what data we collect, how we use it, and the rights you have over your data. We take data privacy seriously — it is the entire basis of our product.
If you have questions, contact us at privacy@raipii.com.
We never store the text you submit. When you call /v1/sanitize, the original prompt and the sanitized output are processed in memory and never written to disk or any database.
Session records store only a token map — a mapping from replacement tokens back to original values — so that /v1/restore can reverse the substitutions. The token map is encrypted at rest and is automatically deleted when the session expires (default 1 hour, max 24 hours).
Account data: When you sign up, we collect your email address and create a customer record containing your account tier, usage counters, and configuration preferences. No payment information is stored by raipii — billing is handled by your cloud marketplace provider.
Audit metadata: Each API call produces an audit log entry containing: timestamp, operation type, session ID, detected entity types (e.g. EMAIL, PHONE), entity count, character count, and response latency. Audit records never contain PII values — only the types and counts of entities found.
Usage data: We count the number of characters processed each month to enforce plan limits and calculate billing. This counter is reset on the first of each month.
Service logs: Our infrastructure generates standard operational logs (errors, latencies, request counts). These logs do not contain prompt text and are retained for 30 days.
We do not sell your data. We do not use your data to train models.
We share data only with the infrastructure providers necessary to operate the service (compute, database, authentication). All providers are bound by data processing agreements. We do not share data with third parties for marketing or analytics purposes.
We may disclose data if required by law or to protect the rights and safety of raipii, our customers, or the public.
Session data: Deleted automatically on expiry (1–24 hours depending on session TTL).
Audit logs: Retained for 6 years in compliance with HIPAA requirements. Audit records contain no PII.
Account data: Retained while your account is active. Deleted on request (see Your Rights below).
Erasure receipts: A compliance record (confirmation ID, timestamp, record counts — no PII) is retained permanently as required by GDPR Article 17.
Under GDPR and applicable privacy laws, you have the right to:
To exercise any right, contact privacy@raipii.com. We respond within 30 days.
raipii is HIPAA-compliant and can execute a Business Associate Agreement (BAA) with covered entities and business associates. Contact hello@raipii.com to request a BAA.
HIPAA mode (available on Business tier) ensures that no text is sent to any external service during detection. All analysis runs within your designated region.
The raipii website uses no third-party analytics or advertising cookies. Authentication tokens are stored in browser memory only for the duration of your session.
We may update this policy from time to time. Material changes will be communicated by email and by updating the "Last updated" date above. Continued use of the service after changes constitutes acceptance of the updated policy.
raipii
privacy@raipii.com