PII Scrubbing
Pionne sanitizes personal data by default before sending an event. You don’t have to configure anything to be GDPR-compliant on standard patterns.
Patterns scrubbed by default
Section titled “Patterns scrubbed by default”| Pattern | Match | Replacement |
|---|---|---|
EMAIL | john@doe.com | [email] |
CARD | 13-19 digit numbers (Luhn) | [card] |
IBAN | FR76..., DE89... | [iban] |
JWT | eyJ... 3 segments | [jwt] |
TOKEN | Bearer ..., pio_live_..., etc. | [token] |
IP | IPv4 / IPv6 | [ip] |
PHONE | +33 6 12 34 56 78, 06 12... | [phone] |
The scrubbing applies to the message, stack, breadcrumbs[].message and extra fields.
Disable completely
Section titled “Disable completely”Pionne.init({ token: '...', scrubPii: false });Add custom patterns
Section titled “Add custom patterns”Pass an array to extend (or replace) the default patterns:
Pionne.init({ token: '...', scrubPii: [ // Keep all defaults + these two new ones { re: /sk_live_[a-zA-Z0-9]{24,}/g, replace: '[stripe-secret]' }, { re: /SSN-\d{9}/g, replace: '[ssn]' }, ],});beforeSend hook
Section titled “beforeSend hook”For full control — e.g. extra scrubbing, dropping certain events, heavy anonymization:
Pionne.init({ token: '...', beforeSend: (event) => { // Drop dev events from a specific user if (event.user?.id === 'qa_bot') return null;
// Scrub a custom extra field if (event.extra?.payload) { event.extra.payload = '[redacted]'; } return event; },});Returning null cancels the send.
GDPR tips
Section titled “GDPR tips”- Keep
scrubPii: true(default). - Add your own patterns for internal secrets (API keys, internal IDs).
- Use
Pionne.setUser(idAnon)with an anonymous ID — never the email. - For health/finance, add
beforeSendto scrub business payloads.