What PII types can the system detect?

The system detects 30+ PII types including Thai national IDs (13-digit format), passport numbers, phone numbers, email addresses, physical addresses, bank account numbers, credit card numbers, dates of birth, medical record numbers, and biometric identifiers. Custom patterns can be added for organization-specific sensitive data.

Can masked data be recovered by authorized users?

Yes. The system uses reversible tokenization — authorized users with appropriate RBAC permissions can de-mask specific data fields when needed for legitimate business purposes. All de-masking actions are logged in the immutable audit trail.

Are the audit logs legally admissible?

Yes. Our cryptographic hash chain logging meets international forensic evidence standards. Logs are tamper-evident — any modification breaks the hash chain and is immediately detectable. This format is accepted by Thai regulatory bodies including the PDPC.

How does RBAC integrate with our existing identity provider?

Conzento integrates with Active Directory, LDAP, SAML 2.0, and OpenID Connect providers. Existing organizational roles can be mapped to Conzento permission sets, enabling deployment without disrupting your current identity infrastructure.

What is the performance impact of guardrails?

The complete guardrail pipeline (authentication, PII masking, RBAC check, logging) adds less than 10ms overhead per request. PII masking alone adds under 5ms. This negligible impact ensures security doesn't come at the cost of user experience.

Does the platform support multi-tenancy for different departments?

Yes. Conzento supports full multi-tenancy with department-level data isolation. Each department operates within its own secure boundary, with separate data stores, access policies, and audit trails. Centralized administration allows IT teams to manage all tenants from a single console while maintaining strict separation between departments.

Back to Home

AI Guardrails & Forensic Logging

Ironclad security controls for enterprise AI operations — PII protection, immutable auditing, zero-trust access

PII intercepted before AI processing

Immutable

tamper-proof audit trail

RBAC

granular role-based access control

Our multi-layered PII protection system ensures sensitive personal data never reaches AI models. Detection, masking, and tokenization happen in real-time at the AI boundary.

30+ PII types detected including Thai national ID, passport, phone
Real-time masking adds less than 5ms latency
Reversible tokenization for authorized de-masking
Thai-specific PII patterns trained on real regulatory data

PII Masking at the AI Boundary

Before any data reaches an AI model, our PII Masking layer automatically detects and redacts personal identifiable information — Thai national IDs, passport numbers, phone numbers, addresses. The AI processes sanitized data; original PII is never exposed to the model layer.

Our PII detection engine uses a combination of pattern matching, named entity recognition, and contextual analysis specifically trained for Thai PII formats. It recognizes Thai national ID structures, Thai phone number formats, and Thai address patterns that generic solutions miss.

Detects 30+ PII types including Thai-specific formats
Real-time masking with <5ms overhead per request
Reversible tokenization — authorized users can de-mask when needed
Custom PII patterns configurable per department or use case

Forensic-Grade Immutable Logs

Every AI interaction is recorded in cryptographically sealed, immutable audit logs. PDPA Audit Trails capture who queried what, when, what data was accessed, and what the AI returned. These logs are admissible for regulatory audits and cannot be altered or deleted.

Cryptographic hash chains prevent log tampering
Full query-response capture with timestamp and user identity
PDPA Section 37 compliance for data processing records
Export-ready formats for regulatory audit submissions

Role-Based Access Control (RBAC)

Granular RBAC ensures each user only accesses AI capabilities appropriate to their role and clearance level. Combined with attribute-based policies, the system enforces need-to-know principles automatically. Zero Trust architecture means every request is authenticated and authorized in real-time.

Hierarchical role definitions with inheritance
Attribute-based access policies (time, location, device)
Integration with Active Directory, LDAP, and SSO providers
Real-time authorization — no cached permissions
Multi-tenancy with department-level data isolation
AES-256 encryption at rest, TLS 1.2+ in transit

Enterprise Integration & Multi-Tenancy

Support multiple departments and organizational units with complete data isolation. Each tenant operates within its own secure boundary while sharing the same infrastructure. Integration with enterprise identity providers ensures seamless access management across your organization.

Department-level data isolation with strict boundary enforcement
Active Directory, LDAP, SAML 2.0, and OpenID Connect integration
Single sign-on (SSO) support for enterprise-wide deployment
REST API for integration with existing enterprise applications
Centralized administration with delegated department management

System Architecture

Input

Authenticated User

AI Query

Processing

RBAC Gateway

PII Masking Engine

AI Model (Sanitized)

Immutable Log Writer

Storage

Audit Log Store

PII Token Vault

Output

Secured Response

How It Works

Intercept Request

Every AI query passes through the guardrail gateway, which authenticates the user and validates their access level.

Detect & Mask PII

The PII engine scans the query for sensitive data and applies real-time masking before the request reaches any AI model.

Process Safely

The AI model receives only sanitized data, generates a response, and the guardrail layer logs the complete interaction.

Audit & Deliver

The response is logged immutably, PII tokens are restored for authorized users, and the answer is delivered securely.

Intercept Request

Every AI query passes through the guardrail gateway, which authenticates the user and validates their access level.

Detect & Mask PII

The PII engine scans the query for sensitive data and applies real-time masking before the request reaches any AI model.

Process Safely

The AI model receives only sanitized data, generates a response, and the guardrail layer logs the complete interaction.

Audit & Deliver

The response is logged immutably, PII tokens are restored for authorized users, and the answer is delivered securely.

Use Cases

Healthcare AI

Deploy AI on patient records while ensuring medical PII is never exposed to language models. Meet PDPA health data requirements.

Financial Services

Analyze financial documents with AI while masking account numbers, transaction details, and customer identities.

Government Intelligence

Use AI for document analysis in classified environments with strict access controls and full audit capabilities.

HR & Recruitment

AI-powered HR analytics without exposing employee PII. Demographic data masked while preserving analytical value.

Legal Discovery

Process legal documents with AI assistance while maintaining attorney-client privilege through strict access controls.

Insurance Claims

Automate claims processing with AI while protecting policyholder personal data and maintaining audit compliance.

Before & After Conzento

Without Conzento

With Conzento

PII Exposure

Sensitive data sent directly to AI models

100% PII masked before AI processing

Audit Trail

Basic application logs, easily altered

Cryptographically sealed immutable records

Access Control

Binary on/off access to AI

Granular RBAC with attribute-based policies

Compliance

Manual compliance documentation

Automated PDPA-compliant audit reports

Incident Forensics

Cannot reconstruct what AI accessed

Complete forensic trail of every interaction

Regulatory Readiness

Weeks to prepare audit evidence

Export-ready compliance reports on demand

Data Isolation

Shared access with no department separation

Multi-tenancy with strict department-level isolation

Related Technologies

AI GuardrailsPII MaskingImmutable LogsRBACMulti-TenancyREST API

AI Guardrails & Forensic Logging

PII Masking at the AI Boundary

Forensic-Grade Immutable Logs

Role-Based Access Control (RBAC)

Enterprise Integration & Multi-Tenancy

System Architecture

How It Works

Intercept Request

Detect & Mask PII

Process Safely

Audit & Deliver

Intercept Request

Detect & Mask PII

Process Safely

Audit & Deliver

Use Cases

Healthcare AI

Financial Services

Government Intelligence

HR & Recruitment

Legal Discovery

Insurance Claims

Before & After Conzento

Related Technologies

Frequently Asked Questions

Ready for enterprise data governance and PDPA compliance?