Optional PII Redaction for AI Prompt Content on Bitcoin.com AI
Bitcoin.com AI now supports optional PII redaction for AI prompt and response content, including web chats and API calls.
This feature is about private information inside the content being sent to the model: prompts, messages, attached context, tool text, and model responses. It is not about scrubbing Bitcoin.com AI account metadata, because we normally do not attach your account name, email, or other account metadata to model-provider requests.
This is not a simple [REDACTED] filter for ordinary personal data. If you turn redaction on, the model-bound request content is routed through Grepture before it reaches the model. Grepture uses a mask-and-restore flow: it scans the content, replaces supported personal data with temporary typed placeholders, forwards the tokenized content to the model, and then restores the original values on the way back when possible.
Secrets are handled differently. API keys, tokens, passwords, and webhooks are replaced permanently, because a leaked credential should not be restored into model output.
Bitcoin.com AI's production redaction path runs Grepture in zero-data mode, on EU infrastructure only. Prompt and response content is processed in-flight and kept in memory only. Grepture does not persist request bodies, response bodies, headers, URLs, or query parameters.
The short version:
- Personal data uses mask and restore so the model sees typed placeholders instead of the real values.
- Secrets are replaced permanently because API keys, tokens, passwords, and webhooks should not be restored into a model response.
- Grepture stores no prompt content in zero-data mode. Detection, PII masking, secret redaction, blocking, and tokenization all happen in-flight on EU infrastructure.
- It is opt-in from the website, per API key, per API request, or by model suffix.
- It costs $0.0005 per redacted request on top of the normal model cost.
- It fails closed. If redaction is requested and the redaction path is unavailable, Bitcoin.com AI will not silently retry the same request without redaction.
Why we added this
People paste a lot into AI tools: support tickets, logs, stack traces, emails, internal notes, customer records, code, config files, and sometimes secrets that should never have been copied in the first place.
Telling everyone to "just be careful" does not scale. Even careful users miss things. Developers also build prompts from many sources: user input, database rows, uploaded files, previous messages, tools, and application state. Sensitive data can enter the context window without anyone deliberately typing it.
Redaction gives users another privacy layer for sensitive content before traffic reaches an external model provider.
The storage and processing model matters here. Grepture is not meant to be a second place where your prompts are archived. In zero-data mode, the request content is inspected and modified in-flight, bodies stay in memory only, content is not persisted, and Bitcoin.com AI's production Grepture redaction path runs on EU infrastructure.
This is not a formal compliance guarantee, and it does not make every prompt safe. It is a practical protection layer for common personal data and common credential leaks.
How mask and restore works
When we say "redaction" here, we mean reversible redaction for ordinary PII, not blanket replacement with [REDACTED].
Traditional permanent redaction is useful for some contexts, like logs or analytics, where the original value should never come back. But it is a poor fit for user-facing AI responses. If every name and email becomes [REDACTED], the model can only produce an answer full of missing references.
For example, if a customer asks:
My name is Sarah Miller, my email is sarah@example.com, and I need help with my account.
Permanent redaction would give the model something like:
My name is
[REDACTED], my email is[REDACTED], and I need help with my account.
The model can still answer generally, but it cannot maintain a useful reference to the person or email address.
Grepture's mask-and-restore approach is different. It temporarily replaces personal data with typed tokens before the model sees the prompt:
My name is NAME1, my email is EMAIL1, and I need help with my account.
The model can still reason about "this is a name" or "this is an email" without receiving the original value. If the response contains the temporary tokens, Grepture restores them before the response gets back to Bitcoin.com AI:
I can help, Sarah Miller. I will use sarah@example.com for the account follow-up.
The request path looks like this:
User -> Bitcoin.com AI -> Grepture -> AI model -> Grepture -> Bitcoin.com AI -> User
That means the model provider receives placeholders instead of the raw PII, while the final user-facing answer can still read naturally.
What gets masked and restored
When redaction is enabled, Bitcoin.com AI's Grepture rule is configured to mask and restore these PII categories when they appear inside prompt, message, context, or response content:
| Category | Examples |
|---|---|
| Email addresses | |
| Phone | Phone numbers |
| SSN | US Social Security numbers |
| Credit card | Payment card numbers |
| IP address | IPv4/IPv6-style addresses |
| Address | Physical addresses |
| Name | Person names |
| DOB | Dates of birth |
These values are replaced with temporary typed tokens and restored after the model response when possible. The current token restore TTL is 1 hour, which is intended to cover ordinary chat and agent interactions while avoiding indefinite retention of the mapping.
What gets permanently replaced
Secrets are handled differently from PII.
If a user accidentally sends an API key or webhook to a model, we generally do not want that value restored into the model's answer. So Bitcoin.com AI also uses Grepture find-and-replace rules for likely credentials and replaces them with stable labels such as [OPENAI_KEY], [SLACK_WEBHOOK], or [PASSWORD].
The rule covers common credential families, including:
| Type | Replacement examples |
|---|---|
| AI and API platform keys | [OPENAI_KEY], [ANTHROPIC_KEY], [GOOGLE_API_KEY], [HUGGINGFACE_TOKEN], [COHERE_KEY] |
| Vector database keys | [PINECONE_KEY], [WEAVIATE_KEY] |
| Cloud and infrastructure credentials | [AWS_ACCESS_KEY], [AWS_SESSION_TOKEN], [GCP_SERVICE_ACCOUNT], [VAULT_TOKEN], [SSH_PRIVATE_KEY] |
| Code hosting and package registry tokens | [GITHUB_PAT], [GITHUB_FINE_PAT], [GITLAB_PAT], [NPM_TOKEN], [PYPI_TOKEN] |
| Deployment and hosting tokens | [VERCEL_TOKEN], [NETLIFY_TOKEN], [DOCKERHUB_TOKEN] |
| Payments, messaging, and monitoring secrets | [STRIPE_KEY], [SENDGRID_KEY], [TWILIO_AUTH_TOKEN], [SLACK_TOKEN], [SLACK_WEBHOOK], [DISCORD_WEBHOOK], [MAILGUN_KEY], [MAILCHIMP_KEY], [NEW_RELIC_KEY], [SENTRY_DSN], [DATADOG_KEY] |
| Generic sensitive assignments | [PASSWORD], [SECRET], [WEBHOOK_URL], [FTP_CREDENTIALS] |
These secret rules are case-insensitive. They are designed as a safety net for common leak patterns, not as a complete secret-management system.
How to enable it in the app
On the website, go to:
Settings -> Privacy -> PII redaction
When this is enabled, new chat message content is routed through the redaction path by default.
You can also set API redaction defaults from settings, including per-API-key behavior. This is useful if you want one key to always redact request content while another key behaves normally.
How to enable it in the API
Redaction is available on:
/v1/chat/completions/v1/completions/v1/responses
You can enable it with a request header:
curl https://nano-gpt.com/api/v1/chat/completions \
-H "Authorization: Bearer $NANOGPT_API_KEY" \
-H "Content-Type: application/json" \
-H "redaction: true" \
-d '{
"model": "gpt-4o-mini",
"messages": [
{
"role": "user",
"content": "My name is Sarah Miller and my email is sarah@example.com. Write a short reply."
}
]
}'
The following headers work:
redaction: true
piiredaction: true
redacted: true
You can also enable it by appending a suffix to the model name:
{
"model": "gpt-4o-mini:redaction",
"messages": [
{ "role": "user", "content": "My phone number is +1 555 123 4567. Draft a short SMS reply." }
]
}
Supported suffixes:
:redaction
:redacted
:piiredaction
:piiredacted
Bitcoin.com AI strips the suffix before sending the request onward, so the upstream model still receives the normal model name.
API defaults and opt-out
You can also configure redaction as a default for API usage. There are two levels:
- Account default: apply redaction by default to API request content for your account.
- Per-key override: make a specific API key always redact request content, never redact by default, or follow the account default.
If a default would redact request content, you can explicitly opt out for a specific request:
redaction: false
That lets you keep a safer default for normal usage while still allowing deliberate exceptions.
Pricing
Redaction costs:
$0.0005 per redacted request
This is charged in addition to the normal model cost. It is per request, not per token.
The reason we price it separately is simple: redaction adds an extra processing step on the request path. Keeping it as a small add-on makes the cost visible and avoids raising base model prices for users who do not need it.
What to expect
Redaction is most useful when:
- users paste customer messages, logs, or support tickets into chat
- applications build prompts from user records or internal tools
- developers debug with stack traces or config snippets
- teams want a simple privacy layer before data reaches external AI providers
- API users want a default safety net for prompt and message content across multiple models
There are still limits:
- No automated detector catches every possible secret or personal detail.
- Very unusual formats may be missed.
- False positives can happen.
- Long-running conversations can outlive the restore TTL.
- Redaction reduces exposure, but it does not replace access control, data minimization, or proper secret handling.
We think it is still a strong default option for privacy-sensitive AI workflows: easy to turn on, cheap per request, and designed to preserve useful model behavior instead of destroying the prompt.
Why Grepture
We chose Grepture because it is built for this exact point in the AI stack: the request path between your app and the model.
The parts that matter most for Bitcoin.com AI users are:
- Zero-data mode on EU infrastructure, where bodies stay in memory only and content is not written to disk or stored in Grepture's database.
- Reversible PII redaction for user-facing AI responses.
- Secret scanning for common credential leaks.
- Streaming support, so redaction can work with streamed responses.
- Provider-agnostic proxying, so the feature can work across Bitcoin.com AI's model catalog without users learning a new API.
- EU-hosted infrastructure and open-source gateway code, which make the privacy tradeoffs easier to inspect.
You can read more about Grepture's approach in their docs on zero-data mode, their post on mask and restore, and their AI gateway.
Bottom line
You can now use Bitcoin.com AI with an extra privacy layer for prompt, message, context, and response content:
- turn it on in Privacy settings for website chats
- set account or per-key API defaults
- add a header for one-off API requests
- or append a redaction suffix to the model name
The request still feels like a normal Bitcoin.com AI request. The difference is that common PII and secrets get a chance to be removed before the model sees them.
