> ## Documentation Index
> Fetch the complete documentation index at: https://docs.rehydra.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# PII Types

> Understand the categories of sensitive data Rehydra can detect

Rehydra detects different kinds of sensitive values through a combination of regex recognizers, optional NER, and custom patterns.

## Detection Categories

### Structured PII

Structured PII has recognizable formats and is usually detected with regex-based recognizers.

Common examples include:

* `EMAIL`
* `PHONE`
* `DATE`
* `IBAN`
* `BIC_SWIFT`
* `CREDIT_CARD`
* `IP_ADDRESS`
* `URL`
* `ACCOUNT_NUMBER`
* `TAX_ID`
* `NATIONAL_ID`

### Contextual PII

Contextual or "soft" PII depends on meaning and surrounding text, so it uses the optional NER model.

Common examples include:

* `PERSON`
* `ORG`
* `LOCATION`
* `ADDRESS`
* `DATE_OF_BIRTH`

### Secrets

Secrets are credentials and keys that should never leave your local environment. Detection is **opt-in** via the `secrets` configuration.

Supported types:

* `API_KEY` — provider-specific keys (OpenAI, Anthropic, GitHub, Stripe, Slack, and others)
* `PRIVATE_KEY` — PEM-encoded private keys (RSA, EC, DSA, OpenSSH, PGP)
* `JWT` — JSON Web Tokens
* `CONNECTION_STRING` — database/service URIs with embedded credentials (PostgreSQL, MySQL, MongoDB, Redis, AMQP)
* `AWS_CREDENTIALS` — AWS access key IDs and secret access keys
* `ENV_VAR_SECRET` — secret values in `.env`-style `KEY=VALUE` lines
* `CONFIG_SECRET` — secret values in JSON, YAML, or TOML config files

```typescript theme={null}
import { createAnonymizer } from 'rehydra';

const anonymizer = createAnonymizer({
  secrets: { enabled: true },
});
```

### Domain-Specific Identifiers

Some teams need to protect internal identifiers that are specific to their systems.

Typical examples include:

* `CASE_ID`
* `CUSTOMER_ID`
* Order numbers
* Employee IDs
* Support ticket IDs

These are usually added through custom recognizers or policy-level custom patterns.

## Where Types Come From

| Source                       | Best for                      | Examples                                         |
| ---------------------------- | ----------------------------- | ------------------------------------------------ |
| Built-in regex recognizers   | Stable, well-formed formats   | Email, phone, date, IBAN, credit card            |
| Optional NER model           | Meaning-dependent entities    | Person, organization, location, address          |
| Secrets recognizers (opt-in) | Credentials and keys          | API keys, JWTs, connection strings, private keys |
| Custom recognizers           | Business-specific identifiers | Case IDs, customer IDs, proprietary formats      |

## Type Selection and Policy

You do not have to detect every supported type on every call. Rehydra policies let you narrow detection to the types that matter for a given workflow.

```typescript theme={null}
import { createAnonymizer, PIIType } from 'rehydra';

const anonymizer = createAnonymizer({
  defaultPolicy: {
    regexEnabledTypes: new Set([PIIType.EMAIL, PIIType.PHONE]),
    nerEnabledTypes: new Set([PIIType.PERSON]),
  }
});
```

## Overlaps and Priority

Some values can match more than one detector. Rehydra resolves overlaps using the configured type priority and confidence rules so only one placeholder is emitted for a given span.

## Placeholder Shape

Types appear in the placeholder output and in entity metadata:

```xml theme={null}
<PII type="EMAIL" id="1"/>
<PII type="PERSON" id="1"/>
```

## Next Steps

<CardGroup cols={3}>
  <Card title="Recognizers" icon="scan-search" href="/concepts/recognizers">
    See how Rehydra finds structured, contextual, and custom PII.
  </Card>

  <Card title="Secrets Detection" icon="key" href="/guides/secrets-detection">
    Enable detection for API keys, tokens, and credentials.
  </Card>

  <Card title="Custom Recognizers" icon="code" href="/guides/custom-recognizers">
    Add your own domain-specific patterns.
  </Card>
</CardGroup>
