Technical Guide6 min•Expert

How to Mask US Social Security Numbers (SSN) for OpenAI API Compliance

Prevent SSN leaks when using OpenAI GPT-4o or o3. Learn SSN format detection, regex patterns, and automated masking for HIPAA/GDPR compliance.

ssn redactionmask social security numberopenai ssn compliancehipaa openai

The Problem

US Social Security Numbers (SSN) are Protected Health Information (PHI) under HIPAA and sensitive data under GDPR. Sending SSNs to OpenAI without redaction violates both regulations, with fines up to $1.5M per HIPAA violation.

The Hard Way (Manual Regex)

You could manually implement regex detection in your application:

const ssnRegex = /\b\d{3}-\d{2}-\d{4}\b/g;

Regex Explanation: SSNs follow the format XXX-XX-XXXX (3 digits, hyphen, 2 digits, hyphen, 4 digits). This regex uses word boundaries (\b) to avoid partial matches and captures the standard hyphenated format. For non-hyphenated SSNs (9 consecutive digits), use: /\b\d{9}\b/

The Secure Way (SafePipe Proxy)

Instead of maintaining regex patterns and handling edge cases, use SafePipe's Zero-Knowledge proxy. We handle PII detection in <30ms RAM processing, hosted in Frankfurt (EU).

import OpenAI from "openai";

// Example: Processing HR data with SSNs
const hrQuery = `
  Employee: John Doe
  SSN: 123-45-6789
  Salary: $85,000
  Review his compensation package.
`;

// ❌ HIPAA VIOLATION: Direct OpenAI call
const unsafeClient = new OpenAI({
  apiKey: process.env.OPENAI_API_KEY
});

// 🚨 SSN "123-45-6789" is sent to OpenAI logs

// ✅ COMPLIANT: SafePipe SSN Auto-Masking
const safeClient = new OpenAI({
  apiKey: process.env.SAFEPIPE_API_KEY,
  baseURL: "https://safepipe.eu/api/v1",
  defaultHeaders: {
    "x-provider-key": process.env.OPENAI_API_KEY
  }
});

const response = await safeClient.chat.completions.create({
  model: "gpt-4o",
  messages: [{
    role: "user",
    content: hrQuery
  }]
});

// What OpenAI receives:
// "Employee: John Doe
//  SSN: [SSN_REDACTED]
//  Salary: $85,000
//  Review his compensation package."

Why This Matters for Compliance

SSNs are permanent identifiers that cannot be changed. A single leak can lead to identity theft and massive regulatory fines. SafePipe's regex engine detects SSNs in <5ms and redacts them before leaving EU jurisdiction (Frankfurt edge nodes). OpenAI never sees the raw SSN, eliminating your liability.

Ready to implement PII protection?

Get your SafePipe API key in 2 minutes. No credit card required for the Free tier.

Get API Key (Free)Read Full Docs

Related Guides

How to Filter IBAN Numbers Before Sending to LLM APIs (Python)

Protect EU banking data (IBAN) when using GPT-4o, Claude, or DeepSeek. Python regex for SEPA compliance + Frankfurt-based PII proxy.

6 min→

How to Redact Emails in Node.js Before Sending to OpenAI API

GDPR-compliant email redaction for Node.js developers using OpenAI. Learn the exact regex pattern and zero-latency proxy solution for PII protection.

5 min→