Policy Engine
The Policy Engine is BitDrip's decision core. Every piece of content — from the browser extension or the API gateway — passes through it before reaching an AI service.
Data Categories
BitDrip detects these categories out of the box:
| Category | Examples |
|---|---|
| PII | Full names, email addresses, phone numbers, postal addresses, national ID numbers |
| PHI | Medical record numbers, health conditions, insurance IDs, treatment details |
| Financial | Credit card numbers (Luhn-validated), IBAN, bank account numbers |
| Credentials | API keys, passwords, private keys, bearer tokens, connection strings |
| Proprietary | Source code patterns, internal document markers (configurable) |
Compliance Profiles
Each profile is a curated set of detection rules and actions aligned to a regulatory framework. Enable profiles in the Admin Dashboard → Policies → Compliance Profiles.
| Profile | Blocks | Warns | Logs |
|---|---|---|---|
| GDPR | PII, special-category data | Contact info | All events |
| HIPAA | PHI | PII | All events |
| PCI DSS | Card numbers, CVV, PINs | Financial data | All events |
| SOC 2 | Credentials, secrets | PII | All events |
| ISO 27001 | Credentials | PII, proprietary | All events |
| CCPA | PII (California residents) | — | All events |
BitDrip is designed to support compliance with these frameworks. Achieving certification requires additional organisational controls beyond what software alone can provide.
Policy Actions
When the Policy Engine detects content matching a rule, it returns one of three actions:
- block — content is prevented from being submitted; user sees the violation message
- warn — user sees a warning but may proceed; event is logged
- log — content is submitted silently; event is logged for audit
Custom Rules
- Dashboard → Policies → Custom Rules → New Rule
- Set a pattern (regex or keyword list)
- Set the action:
block,warn, orlog - Assign to an organisation or user group
- Save — rules take effect immediately (no restart required)
Example rule:
{
"name": "Internal project codes",
"pattern": "PROJ-[0-9]{4,6}",
"category": "proprietary",
"action": "warn",
"message": "This looks like an internal project code. Are you sure you want to share it?"
}Audit Log
Every policy evaluation is immutably logged with:
- Timestamp (UTC)
- User identifier (hashed)
- Data category detected
- Action taken
- AI service targeted
Audit logs are accessible in Admin Dashboard → Audit and exportable as CSV or JSON.
Performance
Policy evaluation is designed for real-time use:
- Typical response time: < 100ms
- Redis caching for compiled rule sets
- No content is stored — only metadata about violations