PII & GDPR Event Auditor

Decide PII before you collect it

The cheapest time to handle personal data is before it enters your pipeline. Flagging which properties carry PII at tracking-plan time lets you decide up front what to hash, drop, or restrict — instead of discovering it during a GDPR request or a security review.

Watch the free-text fields

The obvious fields — email, phone, name — are easy. The risky ones are free-text: comment, feedback, message, search_query. Users routinely type emails and names into them, so treat them as sensitive by default.

PII as a first-class signal

Pug marks PII at the schema level so every downstream consumer knows which fields need care, and self-hosting means the data never leaves your infrastructure at all — open-source product analytics under AGPL-3.0.

Frequently asked questions

What counts as PII in analytics?

Personally identifiable information is any field that can identify a person — email, name, phone, IP address, precise location, device/ad IDs, and government or financial identifiers. Free-text fields (comments, messages) are sensitive because users often type PII into them.

Why flag PII in my tracking plan?

Knowing which fields carry PII up front tells your warehouse, access controls, and GDPR/CCPA tooling what needs redaction, encryption, or restricted access — before the data is collected, not after a breach or audit.

Is this checking my actual data?

No. It reads field names only and never sees your data — everything runs in your browser. Treat it as a fast first pass, then confirm against the real values.

How does Pug handle PII?

Pug's event registry marks PII fields with a pii annotation at the schema level, so downstream consumers know which properties to scrub or restrict. This auditor uses the same signals.