Presidio

Detects 30+ PII entity types (names, SSNs, credit cards, phone numbers, Bitcoin wallets, etc.) across text using a pluggable recognizer system that combines NLP-based models, regex patterns, and ML classifiers. The Analyzer component orchestrates multiple recognizers in parallel, applies context enhancement to reduce false positives, and returns scored entity matches with confidence levels and character offsets for precise location tracking.

De-identifies detected PII in text by applying configurable anonymization operators (replace, redact, hash, encrypt, mask, synthetic generation) to matched entity spans. The Anonymizer component accepts a list of RecognitionResult objects from the Analyzer, applies the specified operator to each match, and returns the transformed text with PII replaced according to the operator's logic. Supports custom operators for domain-specific anonymization strategies.

Allows non-developers to configure Presidio through YAML files that define recognizers, operators, and anonymization rules without writing Python code. YAML configuration specifies which recognizers to enable, their parameters, context rules, and which operators to apply to each entity type. Supports loading custom recognizers and operators from configuration files, enabling rapid experimentation and deployment without code changes.

Provides pre-built Docker images for Analyzer, Anonymizer, and Image Redactor components that can be deployed as microservices. Includes Docker Compose configurations for local development and Kubernetes manifests for production deployments. Supports scaling individual components independently, health checks, and integration with container orchestration platforms. Enables rapid deployment without manual Python environment setup.

Supports PII detection across multiple languages (English, Spanish, Portuguese, French, German, Chinese, Dutch, Greek, Italian, Lithuanian, Norwegian, Polish, Romanian, Russian, Ukrainian) through pluggable spaCy language models. Allows users to specify language per analysis or auto-detect language. Supports custom NLP models by implementing a custom NLP engine interface. Enables language-specific context enhancement and recognizer rules.

Detects and redacts PII in images (PNG, JPG, DICOM) by extracting text via OCR (Tesseract or Azure Computer Vision), running the extracted text through the Analyzer to identify PII entities, and then redacting the corresponding image regions using bounding box coordinates. The Image Redactor component handles coordinate transformation from OCR output to image pixel space and supports both text-based and face/object detection redaction.

Detects and anonymizes PII in structured and semi-structured data formats (CSV, JSON, Parquet, databases) by applying the Analyzer and Anonymizer to specified columns or fields. The Structured component handles schema-aware processing, allowing users to define which columns contain PII and which anonymization operators to apply per column, enabling batch processing of tabular data while preserving data integrity and relationships.

Allows developers to create and register custom recognizer classes that implement domain-specific PII detection logic (e.g., internal employee IDs, proprietary account numbers) and integrate them into the Analyzer pipeline. Custom recognizers inherit from the base Recognizer class, implement a validate() method with custom logic (regex, ML models, lookup tables), and are registered with the AnalyzerEngine to run alongside built-in recognizers. Supports both pattern-based and ML-based custom recognizers.

Enables developers to create custom anonymization operators that implement domain-specific de-identification strategies beyond the built-in operators (replace, redact, hash, encrypt, mask). Custom operators inherit from the Operator base class, implement an operate() method with custom transformation logic, and are registered with the AnonymizerEngine. Supports operators that generate synthetic data, apply format-preserving encryption, or implement custom masking patterns.

Provides mechanisms to reverse anonymization by maintaining and querying mappings between original and anonymized values. Supports deterministic operators (hash, encrypt) that produce consistent outputs for the same input, enabling reconstruction of original values if the mapping or encryption key is available. Includes utilities for storing and retrieving deanonymization mappings from external storage (databases, key-value stores).

Exposes the Analyzer and Anonymizer components as REST APIs (running on ports 5002 and 5001 respectively) that accept JSON payloads with text and configuration, perform PII detection/anonymization, and return JSON responses with results. Enables integration with non-Python applications and distributed architectures where PII detection is a microservice. Supports both synchronous request-response and asynchronous batch processing patterns.

Supports processing large volumes of text or structured data through batch and streaming patterns. Includes utilities for processing files (CSV, JSON, Parquet), dataframes (pandas, PySpark), and streaming data sources. Handles chunking of large texts to manage memory, parallel processing of independent records, and aggregation of results. Integrates with PySpark for distributed processing across clusters.

Reduces false positives in PII detection by analyzing surrounding context using NLP models. When a potential PII match is found, the system examines the surrounding text to determine if the match is likely a true positive or a false positive (e.g., 'John' in 'John Smith' vs. 'john' as a variable name). Uses spaCy NLP models to extract contextual features and applies scoring adjustments based on context. Configurable per recognizer with context-specific rules.