PII & Data Handling
fyrn supports field-level PII policies that mask, encrypt, or strip sensitive data as it flows through your integrations. Policies are defined in the flow YAML and enforced at runtime.
PII policies in flow YAML
Section titled “PII policies in flow YAML”Add a policies array to your flow definition:
flow: order-to-analyticsversion: 1source: connector: order-service trigger: webhooktarget: connector: analytics-warehouse endpoint: /api/events method: POSTmapping: order_id: source.id amount: source.total_price | decimal(2) customer_email: source.customer.email customer_ssn: source.customer.ssnpolicies: - pii-mask: - customer.email - customer.phone - pii-encrypt: - customer.ssn - payment.card_number - pii-strip: fields: - customer.ssn - payment.card_number targets: - analytics-warehouse - external-partnerPolicy types
Section titled “Policy types”pii-mask
Section titled “pii-mask”Replaces field values with *** in logs and message payloads. The actual data is still delivered to the target, but masked in observability surfaces.
policies: - pii-mask: - customer.email - customer.phoneField paths use dot notation matching the payload structure.
pii-encrypt
Section titled “pii-encrypt”Encrypts field values using AES-256-GCM. The encrypted value is stored as a structured marker:
{ "__encrypted": true, "iv": "...", "data": "...", "field": "customer.ssn"}policies: - pii-encrypt: - customer.ssn - payment.card_numberpii-strip
Section titled “pii-strip”Completely removes fields from the payload sent to specific targets. Fields are only stripped for the named targets — other targets receive the full payload.
policies: - pii-strip: fields: - customer.ssn - payment.card_number targets: - analytics-warehouse - external-partnerField-level configuration
Section titled “Field-level configuration”Policies are applied by dot-notation field path. Paths match the source payload structure:
# These paths reference the inbound payload structurepolicies: - pii-mask: - customer.email # source.customer.email - customer.phone # source.customer.phone - billing.card_last_four # source.billing.card_last_fourHow each policy works
Section titled “How each policy works”| Policy | Behavior | Target delivery | Logs/observability |
|---|---|---|---|
pii-mask | Value delivered to target normally | Original value | Replaced with *** |
pii-encrypt | Value encrypted before delivery | Encrypted marker object | Encrypted |
pii-strip | Value removed for named targets | Field absent from payload | Field absent |
MCP PII filtering
Section titled “MCP PII filtering”The MCP server automatically filters PII in responses to AI agents:
- Sensitive config fields (api_key, token, password, secret) →
***REDACTED*** - PII fields (email, phone, SSN, address) →
***PII***in message-related tools
PII filtering can be relaxed per agent key via the pii_access permission flag.
Compliance considerations
Section titled “Compliance considerations”fyrn’s PII policies map directly to requirements in GDPR, CCPA, and similar regulations. pii-strip enforces data minimization by ensuring targets only receive the fields they need — analytics systems never see SSNs, external partners never see internal identifiers. For right to erasure, pii-encrypt with key rotation lets you render stored data unreadable by destroying the encryption key, without needing to locate and delete every record across downstream systems.
For cross-border data transfer, combine pii-strip with target-level scoping to ensure PII never leaves your compliance boundary. For example, strip all customer fields for targets in regions where you lack a data processing agreement, while delivering full payloads to targets within your jurisdiction.
Important distinctions: pii-encrypt uses AES-256-GCM with per-flow encryption keys managed through your configured key provider. The encrypted marker object is delivered to the target, which must have the decryption key to read it. pii-mask is an observability-only policy — the original value is still delivered to the target unchanged. Masking prevents PII from appearing in logs, traces, and the fyrn dashboard, but it does not protect data in transit or at rest. If you need to prevent delivery of sensitive fields, use pii-strip or pii-encrypt instead.
Combining policies
Section titled “Combining policies”Multiple policies can be applied to the same flow. They are evaluated independently:
policies: - pii-mask: - customer.email # Masked in logs - pii-encrypt: - customer.ssn # Encrypted in transit - pii-strip: fields: - customer.ssn # Stripped for analytics target targets: - analytics - audit: full # Arbitrary policy for extensibilityWhat’s next
Section titled “What’s next”- DSL Reference — Full PII policy specification
- Alerting — Get notified about policy violations
- MCP Tools — PII filtering in agent responses