# Custom PII Masking and Blocking Using Your Own Security API
Organizations often exchange sensitive information while communicating with customers. This may include personal identifiers, financial information, identification numbers, or confidential documents. For enterprises that operate under strict security and compliance requirements, protecting this information is essential.
Enterprise Security allows organizations to control how sensitive data is handled in conversations. By connecting a custom **Security API**, businesses can detect and manage Personally Identifiable Information (PII) in both text messages and media. Based on the organization’s rules, sensitive information can either be **masked** or **blocked** before it is stored or shared.
***
#### **Availability**
Enterprise Security is available **only for Enterprise accounts**.
If your DoubleTick account is on the **Enterprise plan**, you will be able to access and configure this feature from your settings.
Accounts using the **Starter** or **Pro plans** will not see this option. If you want to use Enterprise Security, you must **upgrade your account to the Enterprise plan**. Once upgraded, the feature can be enabled and configured.
Only the **Primary Owner of the account** can access and modify Enterprise Security settings.
***
#### **What is Enterprise Security?**
Enterprise Security allows organizations to integrate their own **Security API** with DoubleTick.
This API determines:
* What qualifies as sensitive data
* How it should be detected
* What action should be taken when it is found
Whenever a message or media file is sent or received, it is checked through this API. The API analyzes the content using the organization’s internal rules and returns the appropriate response.
Based on this response, the system either **masks the sensitive data** or **blocks the message or media**.
All detection logic remains within the organization’s own system, ensuring full control over security and compliance policies.
***
#### **How Enterprise Security Works**
Enterprise Security connects DoubleTick with the organization’s existing security systems.
The process works as follows:
1. The organization provides a **Security API endpoint**.
2. Every text message or media file is sent to this API.
3. The API analyzes the content using the organization’s detection rules.
4. The API returns a response indicating whether sensitive data is detected.
5. Based on the configured mode, the system either masks the information or blocks the content.
This ensures that enterprise security policies are enforced automatically across conversations.
***
#### **Security Actions**
Organizations can choose how sensitive information should be handled.
#### Mask
Sensitive data is hidden before the message or media is stored or shared.
Example:\
A phone number such as **9876543210** may appear as **XXXXXXXX10**.
The message is delivered, but sensitive information remains protected.
#### Reject
Messages or media containing sensitive information are blocked completely. If sensitive data is detected, the message or file will not be sent.
This option is suitable for organizations that require strict control over data transmission.
***
#### **Protection for Text and Media**
Enterprise Security works for both **text messages** and **media files**.
#### **Text Messages**
Text messages sent by agents or customers are analyzed by the Security API. If sensitive information is detected, the message is either masked or rejected based on the configured settings.
#### **Media Files**
Media such as images or documents can also contain sensitive data. These files are checked through the Security API before they are stored or shared.
If sensitive data is detected, the media can be **blocked** or **blurred** depending on the configuration.
***
#### **Examples of Sensitive Data That Can Be Protected**
Organizations can define what type of information should be protected. Common examples include:
* Credit card numbers
* Bank account numbers
* One-time passwords (OTP)
* Government identification numbers
* Personal identity documents
* Any custom sensitive fields defined by the organization
For example, an Indian bank may configure the system to detect and protect:
* Aadhaar card numbers
* PAN card numbers
* Credit card numbers
* Bank account numbers
Sensitive information inside images or documents can also be masked.
***
#### **Example Use Case**
A company may decide that **customer phone numbers should not be visible to agents**.
If a customer sends a phone number in a message, the Security API detects the number and masks it before storing or displaying it.
Example:
Original message\
My phone number is 9876543210
Stored message\
My phone number is XXXXXXXX10
This allows the conversation to continue while keeping the sensitive data protected.
***
Enterprise Security enables organizations to enforce their own data protection policies while communicating with customers. By integrating existing security systems with DoubleTick, enterprises can ensure that sensitive information is consistently protected across conversations.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://learn.doubletick.io/settings/enterprise-security/custom-pii-masking-and-blocking-using-your-own-security-api.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.