> ## Documentation Index
> Fetch the complete documentation index at: https://docs.starfort.io/llms.txt
> Use this file to discover all available pages before exploring further.

# How to add a customized PII policy

> Create a PII Guard Policy with NER, regex, and keyword rules, then apply it to a Guardian.

This recipe creates a PII policy that masks personal data, assigns it to a Guardian, and verifies it with a real call. See [Guard Policy](/en/v1.3/concepts/guard-policy) for the model.

## 1. Create & assign the policy

Open your Guardian → **Policies** → **Add** on **Input Policies** → **Create & Assign Policy**. Name it (e.g. `PII Masking Policy`), set **Policy Type = PII**, and create. It starts at `v0.1.0` and opens in the editor.

<Frame caption="Create a PII policy">
  <img src="https://mintcdn.com/aimintelligence/-3ie4No4rGti8Jbz/images/v1.3/admin/pii-create-assign.png?fit=max&auto=format&n=-3ie4No4rGti8Jbz&q=85&s=c2757849c04676521a173d377a826ef8" alt="Create a PII policy" width="1200" height="626" data-path="images/v1.3/admin/pii-create-assign.png" />
</Frame>

## 2. Add rules

Use **Add** in the editor to add rules one at a time, choosing the kind:

| Rule                   | Define                      | Action via `policy_type`           |
| ---------------------- | --------------------------- | ---------------------------------- |
| **NER Entity**         | name, mask word, ± examples | `MASKING` or `BLOCKING`            |
| **Regular Expression** | a regex + `rule_id`         | `MASKING` / `BLOCKING` / `PASSING` |
| **Keyword**            | an exact word               | `MASKING` / `BLOCKING` / `PASSING` |

For masking, set **`policy_type: MASKING`** and a **mask word** (e.g. `PHONE_NUMBER`) — matches become `[PHONE_NUMBER_1]`.

<Frame caption="A masking NER rule">
  <img src="https://mintcdn.com/aimintelligence/-3ie4No4rGti8Jbz/images/v1.3/admin/pii-ner-editor.png?fit=max&auto=format&n=-3ie4No4rGti8Jbz&q=85&s=8901cb6cdc5e7ff98f42dd71f7b42ea8" alt="A masking NER rule" width="1200" height="902" data-path="images/v1.3/admin/pii-ner-editor.png" />
</Frame>

### Faster: load JSON

Choose **JSON** to paste a whole policy at once. Allowed top-level keys are `ner`, `regex`, `keyword`:

```json theme={null}
{
  "ner": [
    { "id": 0, "name": "Phone number", "policy_type": "MASKING", "mask_word": "PHONE_NUMBER",
      "alert_message": "Phone number detected", "positive_examples": ["010-1234-5678"] }
  ],
  "regex": [
    { "id": 1, "rule_id": "email", "regex": "(?i)\\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,}\\b",
      "policy_type": "MASKING", "mask_word": "EMAIL", "description": "email", "alert_message": "Email detected" }
  ],
  "keyword": []
}
```

The editor validates before saving. **Save** creates a new version.

<Frame caption="Loading a PII policy as JSON">
  <img src="https://mintcdn.com/aimintelligence/-3ie4No4rGti8Jbz/images/v1.3/admin/pii-json-editor.png?fit=max&auto=format&n=-3ie4No4rGti8Jbz&q=85&s=689615510dbab4e399acb8b7dc08b925" alt="Loading a PII policy as JSON" width="1200" height="626" data-path="images/v1.3/admin/pii-json-editor.png" />
</Frame>

## 3. Apply the new version

Saving created a **new version** (the number only has to be unique for this policy — it needn't be higher than the last). **Saving doesn't apply it** — you must re-point (pin) the Guardian to the new version, or the change won't take effect. See [Version & apply a policy update](/en/v1.3/admin/how-to/version-and-apply-policy).

<Frame caption="Re-point the Guardian to the new version">
  <img src="https://mintcdn.com/aimintelligence/-3ie4No4rGti8Jbz/images/v1.3/admin/edit-policy-version.png?fit=max&auto=format&n=-3ie4No4rGti8Jbz&q=85&s=8ea724097ec67517de1f41b0544de26e" alt="Re-point the Guardian to the new version" width="1200" height="626" data-path="images/v1.3/admin/edit-policy-version.png" />
</Frame>

## 4. Verify

Send a test call with PII and confirm it's masked:

```bash theme={null}
curl -X POST "https://bastion-guardian-api.starfort.io/v1/guard/api" \
  -H "Content-Type: application/json" -H "X-Starfort-Guard-Api-Key: sf_your_key" \
  -d '{"messages":[{"role":"user","content":"My number is 010-2543-2513."}],"processType":"input"}'
```

A masked response (`"action":"MASK"`, `processed_content` with `[PHONE_NUMBER_1]`) confirms it works. Review it in [Opticon](/en/v1.3/admin/monitoring-opticon).

<Frame caption="Confirm the MASK in Opticon">
  <img src="https://mintcdn.com/aimintelligence/-3ie4No4rGti8Jbz/images/v1.3/admin/opticon-trace-detail.png?fit=max&auto=format&n=-3ie4No4rGti8Jbz&q=85&s=d5a2bd58a20574fbeb50bf8cd4ea1601" alt="Confirm the MASK in Opticon" width="1200" height="626" data-path="images/v1.3/admin/opticon-trace-detail.png" />
</Frame>

<Tip>
  Starfort ships a comprehensive **default PII policy** (Korean phone, RRN, passport, card, email, …). Loading it via the JSON editor is the quickest start — then trim to what you need.
</Tip>
