Redact personally identifiable information (PII)¶

PII includes names, addresses, phone numbers, email addresses, tax identification numbers, and other data that can be used (alone or with other information) to identify an individual. Most organizations have regulatory and compliance requirements around handling PII data. AI_REDACT is a fully-managed Cortex AI Function that helps you help redact PII from unstructured text data, using a large language model (LLM) hosted by Snowflake to identify PII and replace it with placeholder values.

AI_REDACT can help you prepare text for call center coaching, sentiment analysis, insurance and medical analysis, and ML model training, among other use cases.

Tip

Use AI_PARSE_DOCUMENT or AI_TRANSCRIBE to convert document or speech data into text before applying AI_REDACT.

AI_REDACT¶

The AI_REDACT function replaces personally identifiable information (PII) in the input text with placeholder values.

Important

AI_REDACT performs redaction in a best-effort manner using AI models. Always review the output to ensure compliance with your organization’s data privacy policies. Please let Snowflake know if AI_REDACT fails to redact any PII in your data.

Regional availability¶

See Regional availability.

Limitations¶

Redaction is performed using AI models and may not find all personally identifiable information. Always review output to ensure compliance with your organization’s data privacy policies. Please reach out to Snowflake support if AI_REDACT fails to redact certain PII.
The COUNT_TOKENS and AI_COUNT_TOKENS functions do not yet support AI_REDACT.
At this time, AI_REDACT works best with well-formed English text. Performance may vary with other languages or text with many spelling, punctuation, or grammatical errors.
AI_REDACT currently redacts only US PII and some UK and Canadian PII, where noted in Detected PII categories.
AI_REDACT is currently limited in the number of tokens it can input and output. Input and output together can be up to 4,096 tokens. Output is limited to 1,024 tokens. If the input text is longer, split it into smaller chunks and redact each chunk separately, perhaps using SPLIT_TEXT_RECURSIVE_CHARACTER. See Chunking example for an example of redacting text that exceeds token limits.

Note

A token is the smallest unit of data processed by the AI model. For English text, industry guidelines consider one token to be approximately four characters, or 0.75 words.

Detected PII categories¶

AI_REDACT supports redacting the following categorise of PII. The values in the Category column are the strings supported in the optional categories argument.

Category

Notes

NAME

Recognizes full name, first name, middle name, and last name

EMAIL

PHONE_NUMBER

DATE_OF_BIRTH

GENDER

Recognizes male, female, and nonbinary

AGE

ADDRESS

Identifies:

complete postal address (US, UK, CA)

street address (US, UK, CA)

postal code (US, UK, CA)

city (US, UK, CA)

state (US) or province (CA)

county, borough, or township (US)

NATIONAL_ID

Identifies Social Security numbers (US)

PASSPORT

Identifies passport numbers (US, UK, CA)

TAX_IDENTIFIER

Identifies Individual Taxpayer Numbers (ITNs)

PAYMENT_CARD_DATA

Identifies complete card information, card number, expiration date, and CVV

DRIVERS_LICENSE

Supported US, UK, CA

IP_ADDRESS

Category	Notes
NAME	Recognizes full name, first name, middle name, and last name
EMAIL
PHONE_NUMBER
DATE_OF_BIRTH
GENDER	Recognizes male, female, and nonbinary
AGE
ADDRESS	Identifies: complete postal address (US, UK, CA) street address (US, UK, CA) postal code (US, UK, CA) city (US, UK, CA) state (US) or province (CA) county, borough, or township (US)
NATIONAL_ID	Identifies Social Security numbers (US)
PASSPORT	Identifies passport numbers (US, UK, CA)
TAX_IDENTIFIER	Identifies Individual Taxpayer Numbers (ITNs)
PAYMENT_CARD_DATA	Identifies complete card information, card number, expiration date, and CVV
DRIVERS_LICENSE	Supported US, UK, CA
IP_ADDRESS

Note

AI_REDACT supports partial matches for some PII categories. For example, a first name alone is sufficient to trigger redaction with the [NAME] placeholder.

Error handling¶

Ordinarily, AI_REDACT raises an error if it cannot process the input text. When a query redacts multiple rows, an error causes the entire query to fail. To allow processing to continue with other rows, you can set the session parameter AI_SQL_ERROR_HANDLING_USE_FAIL_ON_ERROR to FALSE. Errors then return NULL instead of stopping the query.

ALTER SESSION SET AI_SQL_ERROR_HANDLING_USE_FAIL_ON_ERROR=FALSE;

Copy

With this parameter set to FALSE, you can also pass TRUE as the final argument to AI_REDACT, which causes the return value to be an OBJECT that contains separate fields for the redacted text and any error message. One of these fields is NULL depending on whether the AI_REDACT call processed successfully.

Cost considerations¶

AI_REDACT incurs costs based on the number of input and output tokens processed, as with other Cortex AI Functions. See the Snowflake Pricing Guide for details.

Examples¶

Basic examples¶

The following example redacts a name and an address from the input text.

SELECT AI_REDACT(
    input => 'My name is John Smith and I live at twenty third street, San Francisco.'
);

Copy

Output:

My name is [NAME] and I live at [ADDRESS]

The following example redacts only names and email addresses from the input text. Note that the text only contains a first name, which is recognized and redacted as [NAME]. The input text does not contain an email address, so no email placeholder appears in the output.

SELECT AI_REDACT(
    input => 'My name is John and I live at twenty third street, San Francisco.',
    categories => ['NAME', 'EMAIL']
);

Copy

Output:

My name is [NAME] and I live at twenty third street, San Francisco.

End-to-end example¶

The following example processes rows from one table and inserts the redacted output into another table. You could use a similar approach to store the redacted data in a column in an existing table.

After redaction, the text is passed to AI_SENTIMENT to extract overall sentiment information.

-- Create a table with unredacted text
CREATE OR REPLACE TABLE raw_table AS
  SELECT 'My previous manager, Washington, used to live in Kirkland. His first name was Mike.' AS my_column
  UNION ALL
  SELECT 'My name is William and I live in San Francisco. You can reach me at (415).450.0973';

-- view unredacted data
SELECT * FROM raw_table;

-- Create a redaction table
CREATE OR REPLACE TABLE redaction_table (
  value VARCHAR
);

-- Redact PII from raw_table and insert into redaction_table
INSERT INTO redaction_table
SELECT AI_REDACT(my_column) AS value FROM raw_table;

-- view redacted results
SELECT * FROM redaction_table;

-- Run AI_SENTIMENT on redacted text
SELECT
    value AS redacted_text,
    AI_SENTIMENT(value) AS summary_sentiment
FROM redaction_table;

Copy

Error handling example¶

This example, based on the preceding example, shows how to handle errors when processing multiple rows with AI_REDACT. It sets the session parameter AI_SQL_ERROR_HANDLING_USE_FAIL_ON_ERROR and passes TRUE as the last argument to AI_REDACT. This causes the function to return an OBJECT with separate fields for the redacted text and any error message, one of which is NULL depending on whether the function succeeded or failed.

ALTER SESSION SET AI_SQL_ERROR_HANDLING_USE_FAIL_ON_ERROR=FALSE;

-- Create a redaction table with columns for value and error message
CREATE OR REPLACE TABLE redaction_table (
  value VARCHAR,
  error VARCHAR
);

-- Redact PII from raw_table and insert into redaction_table
-- Both the redacted text and any error message are stored
INSERT INTO redaction_table
SELECT
  result:value::STRING AS value,
  result:error::STRING AS error
  FROM (SELECT AI_REDACT(my_column, TRUE) AS result FROM raw_table);

Copy

Chunking example¶

This example illustrates how to redact PII from long text by splitting the text into smaller chunks, redacting each chunk separately, and then recombining the redacted chunks into the final output. This approach works around AI_REDACT’s token limits.

CREATE OR REPLACE TABLE patients (
    patient_id INT PRIMARY KEY,
    patient_notes text
);

CREATE OR REPLACE TABLE final_temp_table AS
WITH chunked_data AS (
    -- Step 1: Split text into chunks
    SELECT
        patient_id,
        chunk.value AS chunk_text,
        chunk.index AS chunk_index
    FROM
        patients,
        LATERAL FLATTEN(
            input => SNOWFLAKE.CORTEX.SPLIT_TEXT_RECURSIVE_CHARACTER(
                patient_notes,
                'none',
                1000
            )
        ) AS chunk
    WHERE
        patient_notes IS NOT NULL
        AND LENGTH(patient_notes) > 0
),
redacted_chunks AS (
    -- Step 2: Apply AI_REDACT to each chunk
  SELECT
  patient_id,
        chunk_index,
        chunk_text,
        TO_VARIANT(results:value) AS redacted_chunk,
        TO_VARIANT(results:error) AS error_string
        from (
    SELECT
        patient_id,
        chunk_index,
        chunk_text,
        AI_REDACT(chunk_text,TRUE) AS results
    FROM
        chunked_data
)
),

-- Step 3: Concatenate redacted chunks
final AS (
SELECT
chunk_text as original,
IFF(error_string IS NOT NULL, chunk_text, redacted_chunk) AS redacted_text,
patient_id,
chunk_index
FROM
    redacted_chunks
)
SELECT * FROM final;

SELECT
  patient_id,
  LISTAGG(redacted_text, '') WITHIN GROUP (ORDER BY chunk_index) AS full_output
  FROM final_temp_table
  GROUP BY patient_id;

Copy

Legal notices¶

The data classification of inputs and outputs are as set forth in the following table.

Input data classification	Output data classification	Designation
Usage Data	Customer Data	Generally available functions are Covered AI Features. Preview functions are Preview AI Features. [1]

For additional information, refer to Snowflake AI and ML.