Skip to content
Sonomos Docs

Sonomos Glossary — PII, PHI, Cloak, Dagger, Compliance Terms

A quick reference for terms used across Sonomos products and documentation. Definitions skew practical: how the term is used in Sonomos, not the formal regulatory wording. Where a term has a strict regulatory definition, follow the link to the relevant guide.

Sonomos product terms

Browser extension — The Sonomos browser extension is a Chromium-compatible extension that detects PII in web pages and masks it before it’s sent to supported AI platforms. Currently a prototype / proof of concept. See Browser extension overview.

Canary — Sonomos’s open-source PII monitor for Claude Code. Counts and categorizes PII shared with Claude inside a coding session. Local-only, MIT-licensed. See Canary overview.

Cloak — The masking engine. Intercepts outgoing prompts on supported AI platforms (Claude.ai, Gemini, Grok) and replaces detected PII with stable placeholders before transmission. See Cloak — masking.

Cloak placeholder — A stable token ([NAME_1], [SSN], [EMAIL], etc.) that replaces a PII value in an outgoing prompt. Same input gets the same placeholder within a single message so the model can reason about coreference.

Compliance report — A downloadable PDF or emailed summary documenting detection and masking activity over a date range. Includes counts, categories, severity, and platform coverage — never the underlying PII text. Available on Professional and Teams plans. See Compliance reports.

Dagger — The detection engine. Identifies PII using a combination of regex matchers with checksum validators and an on-device AI model for unstructured categories. Ships inside the browser extension. See Dagger — detection.

On-device AI / on-device model — A small language model bundled with Sonomos that runs locally in the browser for unstructured PII recognition (names, organizations, contextual identifiers). No remote inference call is made.

Pattern analysis — Regex-based detection paired with validators (Luhn for credit cards, MOD-97 for IBANs, EIP-55 for Ethereum addresses, MOD-11 for VINs, Base58Check for Bitcoin, etc.). Fast and precise for structured PII.

Risk widget — The floating shield indicator that appears in the bottom-right of every page when the extension is active. Shows green / amber / red based on the highest-severity PII detected on the current page. See Risk widget.

Send Guard — Fallback protection for sites Cloak doesn’t natively cover. Shows a non-blocking banner for medium-severity detections and a blocking modal for high-severity detections. See Send Guard.

Severity tier — The three-level classification Sonomos assigns each detection: High (red), Medium (amber), Low (green). Drives the risk widget color and whether Cloak auto-masks. See Detector Reference.

Sonomos Desktop — The upcoming native, system-wide successor to the browser extension. Will protect PII across native AI apps, IDE assistants, local LLMs, the clipboard, screenshots, and file drops. In active development. See Sonomos Desktop overview.

Privacy & data terms

Air-gapped / fully offline mode — A mode planned for Sonomos Desktop where the application makes no network calls of any kind, including license validation. Intended for classified or restricted environments.

BAA (Business Associate Agreement) — A HIPAA contract between a covered entity and a business associate that processes PHI. Because Sonomos doesn’t receive PHI in the course of providing the service, a BAA is generally not required. See the HIPAA guide.

Covered entity — Under HIPAA, a healthcare provider, health plan, or healthcare clearinghouse that transmits health information electronically. See the HIPAA guide.

Data exfiltration — Sending data out of a controlled environment. Sonomos’s design goal is zero data exfiltration from the user’s device for detected content.

Local-first — An architecture in which data is processed and stored on the user’s device by default. Sonomos products are local-first across the board.

NPI (Non-public Personal Information) — The category of personally identifiable financial information protected by GLBA. See the GLBA guide.

PHI (Protected Health Information) — Health-related information that identifies an individual, protected by HIPAA. See the HIPAA guide.

PI (Personal Information) — Under CCPA, information that identifies, relates to, or could reasonably be linked with a California consumer or household. See the CCPA guide.

PII (Personally Identifiable Information) — The umbrella term for any data that can identify a person directly (SSN, full name) or indirectly when combined with other data. Sonomos’s core function is detecting and masking PII.

Pseudonymization — Replacing identifying values with non-identifying tokens (placeholders) while keeping the data useful for the original task. Cloak performs pseudonymization at the AI-tool boundary. GDPR cites it explicitly as an example of an appropriate security measure.

Redaction — Removing or obscuring information. Canary stores redacted findings: first two and last two characters of a detected value, middle replaced with ••.

SPI (Sensitive Personal Information) — A stricter subset of PI under CPRA: SSN, driver’s license, financial credentials, geolocation, biometric data, racial / ethnic / religious data, mail and message contents, health, and sex life information. See the CCPA guide.

Zero data exfiltration — Sonomos’s positioning that detected content and the original PII never leave the device. Account info and billing data still need network connectivity; the protected content itself does not.

Regulation acronyms

CCPA / CPRA — California Consumer Privacy Act (2018), as amended by the California Privacy Rights Act (2020). See the CCPA guide.

GDPR — EU General Data Protection Regulation. See the GDPR guide.

GLBA — Gramm-Leach-Bliley Act (US financial services privacy and safeguards). See the GLBA guide.

HIPAA — Health Insurance Portability and Accountability Act. See the HIPAA guide.

PCI-DSS — Payment Card Industry Data Security Standard. See the PCI-DSS guide.

SOX — Sarbanes-Oxley Act (US public-company financial-reporting controls). See the SOX guide.

Detector terms

ABA routing number — A nine-digit US bank routing number with a defined checksum. Detected by Sonomos.

Base58Check — The checksum encoding used by Bitcoin addresses. Canary uses this for validation.

DEA number — A US Drug Enforcement Administration number assigned to prescribers. High-severity PHI under HIPAA.

EIN (Employer Identification Number) — A US tax ID for organizations. Detected by Sonomos.

EIP-55 — The checksum encoding used by Ethereum addresses. Canary uses this for validation.

IBAN — International Bank Account Number, validated via MOD-97.

Luhn algorithm — The checksum used to validate credit card numbers. Sonomos rejects any candidate credit card that fails the Luhn check.

MBI (Medicare Beneficiary Identifier) — The US Medicare identifier that replaced SSN-based numbers in 2018. Detected by Canary.

MOD-11 — The checksum used by VINs. Canary uses this for validation.

MOD-97 — The checksum used by IBANs. Used by both Sonomos and Canary.

MRN (Medical Record Number) — A facility-specific identifier for a patient. High-severity PHI under HIPAA.

NPI (National Provider Identifier) — A 10-digit US healthcare provider identifier with a defined checksum. Detected by Sonomos.

OCR (Optical Character Recognition) — Extracting text from images so it can be run through PII detection. The extension does OCR on inline images and PDFs.

Severity (high / medium / low) — See “Severity tier” above.

SSN (Social Security Number) — A nine-digit US identifier with format-based exclusion rules (e.g., excluding 000, 666, and 9xx area numbers). High-severity.

SWIFT/BIC — The international bank identifier used in cross-border payments. Detected by Sonomos.

VIN (Vehicle Identification Number) — A 17-character vehicle identifier with a MOD-11 checksum. Detected by Sonomos and Canary.

Plan & deployment terms

Admin policy — A Teams-plan feature that lets administrators enforce a minimum configuration (Cloak on, Send Guard mode floor) across organization members. See Teams setup.

Individual plan — The free tier. Full detection and masking, no compliance reports or admin features. See Plans overview.

MDM (Mobile Device Management) — A category of management tools (Jamf, Intune, Workspace ONE) used to deploy and configure software at scale. Sonomos Desktop will support MDM-managed deployment.

Policy-as-code — Planned for Sonomos Desktop: define detection, masking, and Send Guard rules in a versioned policy file your security team can review and ship.

Professional plan — The paid individual tier. Adds compliance report download / email and an extensive dashboard. See Plans overview.

SCIM (System for Cross-domain Identity Management) — A standard for automated user provisioning from identity providers. Planned for Sonomos Desktop.

Send Feedback — The in-product feedback action available in every Sonomos product. Reports are tagged with your account, browser, and OS.

SSO (Single Sign-On) — Sign-in via a centralized identity provider (Okta, Microsoft Entra ID, Google Workspace). Planned for Sonomos Desktop.

Teams plan — The organization tier. Adds admin policy controls, real-time member analytics, and aggregate compliance reports. Graduated volume pricing. See Teams pricing.