Sonomos for HR & people ops

A quickstart for HR generalists, recruiters, benefits administrators, total rewards, and people-operations teams who want to use AI tools for everyday work without quietly exposing sensitive employee data.

If you read one thing

Install the Sonomos browser extension, enable Cloak on Claude.ai / Gemini / Grok, and set Send Guard to “Modal always” for workflows that touch SSNs, salary data, performance reviews, medical accommodations, immigration data, or anything related to investigations. For your most common compliance pressures, see the CCPA guide (for California employees) and the GDPR guide (for EU employees).

Who this is for

You’re on the people team and you (or your colleagues) are using AI tools for:

• Drafting offer letters, employment agreements, and PIPs
• Writing job descriptions and recruiting outreach
• Summarizing candidate interview feedback
• Drafting performance reviews and feedback templates
• Researching benefits, leave laws, accommodations
• Writing internal policies and handbook updates
• Drafting severance communications, separation agreements
• Employee relations investigations and case summaries

Every one of these can pull employee identifiers and sensitive personal information into prompts. Some of the data is also “special category” or “sensitive personal information” under modern privacy regimes — which adds legal weight to the safeguard.

What’s at stake

HR data is the densest mix of high-severity PII in any function:

• Identification — SSNs, dates of birth, full names, home addresses, government IDs, work authorization documents
• Compensation — salaries, bonuses, equity, severance amounts
• Performance — ratings, manager feedback, PIPs, terminations
• Health and accommodations — ADA accommodations, medical leave, benefits selections, mental-health resource use
• Family — dependents, beneficiaries, emergency contacts
• Immigration — visa status, sponsorship details

Most of this is special-category data under GDPR Article 9 and sensitive personal information under CPRA. Submitting any of it to an AI vendor that uses prompts for training is a meaningful disclosure.

The information Sonomos detects

Sonomos catches every common category of HR-relevant PII:

• Personal identifiers — names, DOBs, SSNs (high severity), addresses, emails, phones
• Government IDs — passport numbers, driver’s licenses, tax IDs, national IDs
• Financial — bank routing and account numbers (for payroll), credit cards (for expense workflows)
• Health-related — MRNs, health plan beneficiary IDs, NPI / DEA when benefits or providers are referenced
• Contextual identifiers — via on-device AI, including phrases like “the employee”, “Ms. Smith”, “the candidate”

See the Detector Reference for the full list.

Recommended product stack

Channel	What to install
Web AI chat (Claude.ai, Gemini, Grok, ChatGPT)	Browser extension
HRIS and ATS web UIs (Workday, BambooHR, Greenhouse)	Browser extension
Native Office Copilot (Word / Outlook / Teams)	Coming: Sonomos Desktop
Native Slack / Notion AI	Coming: Sonomos Desktop
People-ops developers building internal tools	Add Canary

Setup checklist

1. Install the browser extension on every browser the people team uses. See Install.

2. Pick a plan. For most HR teams the Teams plan is the right starting point — it lets the head of people / HRBP leadership pin a minimum policy and review aggregate detection statistics.

3. Pin Cloak on for Claude.ai, Gemini, and Grok via Teams admin policy.

4. Set Send Guard to “Modal always” for the roles that handle the most sensitive data: benefits, total rewards, ER, immigration, and any HRBP supporting senior leadership.

5. Schedule monthly compliance reports to the head of people, the DPO (for EU employees), and the privacy officer (for California employees).

6. Update the AI acceptable-use policy for people-team staff. A short paragraph that says “do not paste SSN, salary, performance data, medical or immigration information into external AI tools; Cloak masking on supported platforms is a safety net, not a license” is enough to set expectations.

Workflows, step by step

Drafting an offer letter

1. Open Claude.ai. Cloak is on (admin policy).
2. Paste the offer details — candidate name, role, salary, equity, start date.
3. Cloak rewrites the name and any identifiers to placeholders before the prompt is transmitted.
4. The model returns a polished letter referencing [CANDIDATE], [SALARY], etc.
5. Replace placeholders with real values in your ATS or document generator — don’t paste the AI output verbatim into the candidate-facing letter.

Summarizing interview feedback

A high-leverage workflow with high risk of capturing protected characteristics:

1. Paste the raw feedback notes — candidate name, role, interviewer impressions.
2. Cloak masks the candidate’s name (and any other identifiers).
3. The model produces a synthesized summary referencing [CANDIDATE_1].
4. Add the summary to your ATS under the candidate record.
5. Important: if any feedback inadvertently references protected characteristics (age, pregnancy, disability, religion, national origin), that’s an HR-policy issue, not a Sonomos issue. Train interviewers; Sonomos can’t read intent.

Writing performance reviews

1. Paste the manager’s draft and the employee’s self-assessment.
2. Names, dates, and any references to specific colleagues get masked.
3. The model returns a polished review structure.
4. Replace placeholders with real names in your performance system; never store the AI output unmodified in the official record.

Researching benefits and leave laws

1. Most research prompts have no PII — green widget.
2. If you describe a specific employee’s situation to get a tailored answer, you’ll see amber or red. Restate the question more generically.
3. Cloak still masks any residual on supported platforms.

Drafting separation communications

The single most sensitive workflow for HR:

1. Send Guard’s Modal mode is non-negotiable here. Severance terms, last-day plans, and reason narratives are all high-severity.
2. Cloak rewrites names and identifiers on supported platforms; Send Guard’s modal blocks anywhere else.
3. Keep the AI’s role narrow. Use it for tone polish, not for deciding the substance of what to say.

Employee relations investigations

1. Witness names, complainant identities, and case details are all sensitive.
2. The strongest workflow is to describe the pattern without identifiers — “an employee alleging retaliation after a complaint” — rather than paste full investigation notes.
3. Send Guard’s modal forces a deliberate review before any high-severity content can leave the browser.

Special considerations

EU employees and GDPR

Performance, compensation, health, and immigration data are all special-category or directly identifying under GDPR.

• Modal mode is the operational floor for HR staff supporting EU populations.
• Document the technical safeguard in your Article 30 records of processing for the HR purpose.
• See the GDPR guide.

California employees and CPRA

CPRA’s SPI category captures SSN, driver’s license, financial credentials, geolocation, biometric data, and health information — all common in HR records.

• Limit-use SPI obligations are honored most cleanly when you don’t disclose SPI in the first place. Cloak’s masking is the technical implementation.
• See the CCPA guide.

Healthcare-adjacent benefits

If your benefits work involves PHI (FSA/HSA balances tied to medical procedures, accommodation requests with diagnostic details, leave administration for serious health conditions):

• Treat as Cloak-mandatory on supported platforms and Modal-mode elsewhere.
• See the HIPAA guide for the broader framing — even if you’re not the covered entity, the data is sensitive.

Recruiting agencies and candidate data

When you receive resumes and candidate data from agencies:

• Don’t paste resumes verbatim into AI tools for screening or summarization unless you have explicit consent (typical agency agreements don’t cover this).
• Cloak masks identifiers if you do; Send Guard catches anything you missed.

Pitfalls to avoid

• Workday, BambooHR, ADP, Rippling, Greenhouse, Lever — these systems are adding AI summarization and writing assistants. The extension only sees the web UI; the AI itself runs server-side at the vendor. Read their data-processing addenda carefully.
• Native Office Copilot in Word for offer letters, Outlook for sensitive emails, Teams for HR meetings. Major exposure for the people team that the extension can’t reach.
• Slack AI / Slack Huddles AI / Notion AI — increasingly used for internal HR docs. Native or server-side; not covered by the extension.
• ATS AI features — Greenhouse Inclusive, Lever LeverTRM AI, Workday Recruiting AI. Server-side.
• Shared HRIS sessions on shared computers. Sign-in is per-account; the standard HR-data hygiene rules still apply.

Documenting the control

Most HR compliance functions don’t have a single regulator to please; you have several reading over your shoulder:

• Privacy officer / DPO — monthly compliance reports show the AI-tool channel’s masking and warning activity.
• CCO / legal — Teams admin policy pin demonstrates the firm’s minimum operational floor for HR-data handling.
• Internal audit — per-member detection statistics highlight where exposure concentrates and where targeted training would help.

See Compliance reports.

Related guides

CCPA / CPRA compliance Handling California employee SPI in HR workflows.

GDPR compliance For HR teams supporting EU populations.

HIPAA compliance For benefits and accommodation workflows that touch PHI.

Teams setup Pinning admin policy across the people team.