From anthropic-pack
Redacts PII (SSN, email, phone, card) from Claude API inputs using regex; restores in responses. Covers Anthropic policies, zero-retention, audit logging for compliance.
npx claudepluginhub jeremylongshore/claude-code-plugins-plus-skills --plugin anthropic-packThis skill is limited to using the following tools:
Anthropic's data policies: API inputs/outputs are NOT used for model training (commercial API). Zero-day retention is available. This skill covers PII redaction before sending to Claude and compliance patterns.
Implements PII redaction via regex, safe Mistral AI API wrappers with audit logging, and retention policies for GDPR/CCPA compliance in integrations.
Scans and redacts PII from prompts using regex patterns before OpenRouter API calls. Replaces emails, phones, SSNs, cards, keys, IPs with placeholders for GDPR/CCPA compliance.
Redacts PII like emails, phones, SSNs before Cohere chat/embed API calls for GDPR/CCPA compliance. Includes detection, redaction mapping, and response scrubbing.
Share bugs, ideas, or general feedback.
Anthropic's data policies: API inputs/outputs are NOT used for model training (commercial API). Zero-day retention is available. This skill covers PII redaction before sending to Claude and compliance patterns.
| Policy | Details |
|---|---|
| Training data | API data is NOT used for training (commercial API) |
| Data retention | 30-day default; 0-day available via agreement |
| Encryption | TLS 1.2+ in transit, AES-256 at rest |
| SOC 2 Type II | Certified |
| HIPAA BAA | Available for eligible customers |
import re
import anthropic
def redact_pii(text: str) -> tuple[str, dict]:
"""Redact PII before sending to Claude, return redaction map for restoration."""
redaction_map = {}
patterns = [
(r'\b\d{3}-\d{2}-\d{4}\b', 'SSN', '[SSN-REDACTED-{}]'),
(r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b', 'EMAIL', '[EMAIL-REDACTED-{}]'),
(r'\b\d{3}[-.]?\d{3}[-.]?\d{4}\b', 'PHONE', '[PHONE-REDACTED-{}]'),
(r'\b\d{4}[- ]?\d{4}[- ]?\d{4}[- ]?\d{4}\b', 'CARD', '[CARD-REDACTED-{}]'),
]
counter = 0
for pattern, label, replacement in patterns:
for match in re.finditer(pattern, text):
counter += 1
placeholder = replacement.format(counter)
redaction_map[placeholder] = match.group()
text = text.replace(match.group(), placeholder, 1)
return text, redaction_map
def restore_pii(text: str, redaction_map: dict) -> str:
"""Restore redacted PII in Claude's response."""
for placeholder, original in redaction_map.items():
text = text.replace(placeholder, original)
return text
# Usage
user_input = "Contact John at john@example.com or 555-123-4567"
safe_input, redactions = redact_pii(user_input)
# safe_input: "Contact John at [EMAIL-REDACTED-1] or [PHONE-REDACTED-2]"
client = anthropic.Anthropic()
msg = client.messages.create(
model="claude-sonnet-4-20250514",
max_tokens=256,
messages=[{"role": "user", "content": safe_input}]
)
final_output = restore_pii(msg.content[0].text, redactions)
import json
import logging
from datetime import datetime, timezone
audit_logger = logging.getLogger("claude.audit")
def audited_request(client, user_id: str, purpose: str, **kwargs):
"""Wrap Claude API calls with audit logging."""
# Log request metadata (never log content)
audit_logger.info(json.dumps({
"event": "claude.request",
"timestamp": datetime.now(timezone.utc).isoformat(),
"user_id": user_id,
"purpose": purpose,
"model": kwargs.get("model"),
"max_tokens": kwargs.get("max_tokens"),
}))
response = client.messages.create(**kwargs)
audit_logger.info(json.dumps({
"event": "claude.response",
"request_id": response._request_id,
"input_tokens": response.usage.input_tokens,
"output_tokens": response.usage.output_tokens,
"stop_reason": response.stop_reason,
}))
return response
| Risk | Mitigation |
|---|---|
| PII in prompts | Pre-call redaction pipeline |
| PII in responses | Post-call output scanning |
| Audit log gaps | Centralized logging with alerting |
| Data subject access request | Searchable audit trail by user_id |
For enterprise access control, see anth-enterprise-rbac.