Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.responsibleailabs.ai/llms.txt

Use this file to discover all available pages before exploring further.

Overview: Compliance API | Credits: 0.5 per call
Scans text for DPDP-relevant patterns and returns findings with optional masking. Designed to run inside middleware on every LLM output.

Parameters

content
string
required
The text to scan. Must be 1-10,000 characters.
config.pii_action
string
default:"detect"
"detect" returns findings without modifying content. "mask" replaces PII with type-specific placeholders. "block" replaces all PII with [BLOCKED].
config.child_detection
boolean
default:"true"
Scan for child signals (age mentions, grade references, parental references). Required for S.9 compliance.
config.purpose
string
Declared processing purpose (e.g., "loan_advisory", "marketing"). Enables purpose-drift detection under S.4.
config.session_id
string
Links this scan to a compliance session for stateful tracking.

Indian PII types detected

TypePatternValidation
aadhaar12-digit (XXXX XXXX XXXX)Verhoeff checksum; must not start with 0 or 1
pan5 alpha + 4 digits + 1 alphaRegex match
mobile+91 prefix or 10-digit starting with 6-9Regex match
upiusername@bankhandleValidated against known bank handles
passportLetter + 7 digitsActive series only (J, K, L, M, R, S, T, U, V, Z)
voter_id3 alpha + 7 digitsRegex match
driving_licenseState code + RTO + year + serialRegex match
ifsc4 alpha + 0 + 6 alphanumericRegex match
bank_account9-18 digitsContext-aware: requires nearby keywords (account, a/c, acct)
gstin2 digits + PAN + 1 alphanum + Z + 1 alphanumRegex match

Masking behavior

PII TypeMask ModeBlock Mode
AadhaarXXXX XXXX 0123 (last 4 visible)[BLOCKED]
PANXXXXX1234X (digits visible)[BLOCKED]
Mobile[MOBILE][BLOCKED]
UPIXXXX@bankhandle[BLOCKED]
All others[TYPE] (e.g., [PASSPORT])[BLOCKED]

Child signal types

SignalExamplesAge Inference
age_mention”I am 14”, “my son is 12”Yes
grade_mention”in 8th grade”, “class 10”Yes (grade + 5)
school_mention”my school”No
parental_reference”my parents”, “my mom said”No
minor_keyword”I am a minor”No

Request

curl -X POST https://api.responsibleailabs.ai/railscore/v1/compliance/dpdp/scan \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_RAIL_API_KEY" \
  -d '{
    "content": "Your loan is approved. Aadhaar: 2345 6789 0123, PAN: ABCDE1234F.",
    "config": {
      "pii_action": "mask",
      "child_detection": true,
      "purpose": "loan_advisory"
    }
  }'

Response

{
  "result": {
    "compliant": false,
    "content_masked": "Your loan is approved. Aadhaar: XXXX XXXX 0123, PAN: XXXXX1234X.",
    "pii_found": [
      {
        "type": "aadhaar",
        "original": "2345 6789 0123",
        "masked": "XXXX XXXX 0123",
        "position": { "start": 34, "end": 48 },
        "severity": "critical",
        "section": "S.8(5)",
        "penalty_crore": 250
      },
      {
        "type": "pan",
        "original": "ABCDE1234F",
        "masked": "XXXXX1234X",
        "position": { "start": 55, "end": 65 },
        "severity": "high",
        "section": "S.8(5)",
        "penalty_crore": 250
      }
    ],
    "child_signals": [],
    "child_session": false,
    "child_actions_required": [],
    "purpose_drift": false,
    "purpose_drift_details": {},
    "checks_run": ["indian_pii_scan", "child_signal_detection", "purpose_drift_detection"],
    "latency_ms": 12.5
  },
  "credits_consumed": 0.5
}
result.compliant
boolean
true if no PII, child signals, or purpose drift were detected.
result.content_masked
string
The input text with PII replaced by type-specific masks. Only present when pii_action is "mask" or "block".
result.pii_found
array
Array of detected PII items. Each entry includes type, original value, masked replacement, character position, severity (critical/high/medium), DPDP section, and maximum penalty_crore.
result.child_signals
array
Detected child indicators. Each entry has type, matched text, inferred_age (if available), and DPDP section (S.9).
result.child_session
boolean
true if child signals were detected, indicating S.9 protections must be applied.
result.child_actions_required
string[]
Specific actions required when a child is detected: parental consent, no targeted ads, no tracking, no harmful processing, age-gating.
result.purpose_drift
boolean
true if the content contains indicators inconsistent with the declared purpose (S.4 violation).
result.purpose_drift_details
object
When drift is detected: declared_purpose, drift_indicators (keywords found), DPDP section, and penalty_crore.

Response: child detected

When child signals are found, the response includes required actions under S.9: 
{
  "result": {
    "compliant": false,
    "pii_found": [],
    "child_signals": [
      {
        "type": "age_mention",
        "text": "my son is 14",
        "inferred_age": 14,
        "section": "S.9"
      }
    ],
    "child_session": true,
    "child_actions_required": [
      "Obtain verifiable parental consent before processing (DPDP S.9)",
      "Do not serve targeted advertisements to the child",
      "Do not perform tracking or behavioral monitoring",
      "Do not process data likely to cause harm to the child",
      "Implement age-gating mechanism"
    ],
    "checks_run": ["indian_pii_scan", "child_signal_detection"],
    "latency_ms": 8.3
  },
  "credits_consumed": 0.5
}

Response: purpose drift

When the content contains keywords inconsistent with the declared purpose: 
{
  "result": {
    "compliant": false,
    "pii_found": [],
    "purpose_drift": true,
    "purpose_drift_details": {
      "drift_detected": true,
      "declared_purpose": "loan_advisory",
      "drift_indicators": ["advertising", "retarget", "tracking"],
      "section": "S.6",
      "penalty_crore": 250
    },
    "checks_run": ["indian_pii_scan", "child_signal_detection", "purpose_drift_detection"],
    "latency_ms": 5.1
  },
  "credits_consumed": 0.5
}