PII Redaction

Құжаттама ағылшын тілінде қолжетімді. Аударма дайындалуда.

BugSpotter automatically detects and masks sensitive text data in the browser before upload. When enabled (default), text fields are sanitized before submission.

Built-in Patterns (9 types)

Pattern	Detects	Example
`email`	Email addresses	`user@example.com` → `[REDACTED-EMAIL]`
`phone`	Phone numbers	`+7 701 123-4567` → `[REDACTED-PHONE]`
`creditcard`	Credit card numbers	`4111-1111-1111-1111` → `[REDACTED-CREDITCARD]`
`ssn`	US Social Security	`123-45-6789` → `[REDACTED-SSN]`
`iin`	Kazakhstan IIN/BIN	`860101350478` → `[REDACTED-IIN]`
`ip`	IPv4 and IPv6	`192.168.1.1` → `[REDACTED-IP]`
`apikey`	Stripe, AWS, Google keys	`sk_live_...` → `[REDACTED-APIKEY]`
`token`	Bearer, JWT, OAuth	`eyJhbG...` → `[REDACTED-TOKEN]`
`password`	Password field values	→ `[REDACTED-PASSWORD]`

Presets

Use a preset name instead of listing patterns individually:

Preset	Patterns included
`all`	All 9 patterns
`minimal`	email, creditcard, ssn
`financial`	creditcard, ssn
`contact`	email, phone
`identification`	ssn, iin
`credentials`	apikey, token, password
`kazakhstan`	email, phone, iin
`gdpr`	email, phone, ip
`pci`	creditcard

// Use a preset
await BugSpotter.init({
  sanitize: { patterns: 'kazakhstan' },  // email + phone + IIN
});

// Or pick individual patterns
await BugSpotter.init({
  sanitize: { patterns: ['email', 'phone', 'creditcard'] },
});

Custom Patterns

Add regex patterns for industry-specific data:

await BugSpotter.init({
  sanitize: {
    patterns: 'all',
    customPatterns: [
      {
        name: 'broker-account',
        regex: /FRH\d{9}/gi,
        description: 'Freedom Finance broker account',
      },
      {
        name: 'iban-kz',
        regex: /KZ\d{18}/gi,
        description: 'Kazakhstan IBAN',
      },
      {
        name: 'internal-id',
        regex: /ORD-\d{6,}/gi,
        description: 'Internal order ID',
      },
    ],
    excludeSelectors: ['.public-info'],
  },
});

Custom patterns produce [REDACTED-BROKER-ACCOUNT], [REDACTED-IBAN-KZ], etc.

Visual Element Exclusion

Text sanitization handles console logs, network URLs, and metadata. For visual elements:

Session Replay: Use replay.blockSelectors to hide DOM elements from recording
Screenshots: Add data-bugspotter-exclude attribute to exclude elements

Performance

PII sanitization adds < 50ms overhead. Patterns are compiled once and reused. Recursive sanitization handles nested objects with circular reference protection.

Next: Self-Hosted Deployment →