PII rules are available on the Teams plan. Only owners and admins can configure rules. All workspace members can trigger detections.
Open PII settings
In the workspace sidebar, click Settings, then click PII Detection — or navigate to Settings → PII Detection from the settings page. The page has two sections:- Detection rules — built-in detectors and any custom rules you have created, each with a toggle and an action dropdown.
- Detection log — a read-only history of recent matches. Matched values are always shown censored; the raw content is never stored.
Built-in detectors
Genie ships with detectors for common categories of sensitive data. All are enabled by default with thelog action.
| Detector | What it catches |
|---|---|
| Email address | Email addresses in any format |
| Credit card number | Major card formats (Visa, Mastercard, Amex, and more) |
| IBAN | International bank account numbers |
| API key | Generic API key and secret patterns (Bearer tokens, hex secrets) |
| Phone number | International and local phone formats |
| Social security number | US SSN formats |
| Passport number | Common international passport formats |
| IP address | IPv4 and IPv6 addresses |
log action.
Custom rules
Create custom rules for data patterns specific to your organisation — for example, employee IDs, contract numbers, or proprietary reference codes.Name the rule
Give it a clear display name (for example, “Employee ID”). This name appears in the detection log when the rule matches.
Enter a regex pattern
Write a regular expression that matches the data you want to detect. The pattern is validated before saving — an invalid regex returns a clear error message. Example:
\bEMP-\d{6}\b catches employee IDs like EMP-123456.Set the confidence level
Choose Definite (the pattern unambiguously identifies sensitive data) or Possible (the pattern may contain sensitive data). This label appears in the detection log.
Choose an action
Select what happens when the rule matches. See Actions below.
Actions
Each rule has an action that controls what happens when it matches a message.- Log
- Block
- Ignore
The message is allowed through. A censored entry is written to the detection log — the matched value is stored as
[REDACTED] and the raw content is never recorded.Use this for: data you want to monitor without disrupting users.Detection log
The Detection log section shows the 50 most recent rule matches. Each entry includes:- The rule that matched (e.g. “Credit card number”)
- The action taken (
logorblock) - The chat surface where the match occurred (workspace chat or a project)
- The workspace member who sent the message
- The date and time
[REDACTED]. Only owners and admins can view the log.
Manage rules from workspace chat
You can read and update PII rules by asking the Genie workspace AI in plain language:- “List all my PII rules” — shows you the full rule list with their current actions.
- “Block credit card numbers instead of just logging them” — the AI updates the rule’s action to
block. - “Add a rule that catches employee IDs matching EMP-123456” — the AI creates a custom rule on your behalf.
- “Show me the most recent PII detections” — the AI reads the detection log and summarises what was caught.
block action or disabling a detector.
Related pages
- Genie MCP Server — manage PII rules programmatically
- Workspace integrations
- Workspace members and roles