Data Shielding (DLP)

Define account-wide PII redaction patterns that apply to every new MCP server. Individual servers can override these defaults.

Access via Settings → DLP Protection in Vinkius Cloud.

---

Global DLP configuration

The global Data Shielding tab provides a master toggle and a pattern editor with smart autocomplete. Patterns use fast-redact path syntax to target specific JSON fields across any API response structure.

GLOBAL DATA SHIELDING

Define default redaction patterns applied to every new server.

Protected Fields5 FIELDS PROTECTED

*.email ✕*.ssn ✕*.credit_card ✕*.phone ✕*.password ✕

e.g. *.email, *.ssn, users[*].credit_card

+

fast-redact paths — Use *.field for all objects, items[*].field for arrays.

Built-in suggestions

The input field includes autocomplete with 32+ built-in patterns organized across six categories: Identity (first name, last name, SSN, date of birth), Financial (credit card, bank account, IBAN), Contact (email, phone, address), Security (password, API key, token), Location (zip code, IP address), and Medical (patient ID, medical record).

Path syntax

Pattern	Matches	Example
*.email	Any object with an email field	{ user: { email: "..." } }
users[*].ssn	Every ssn inside a users array	{ users: [{ ssn: "..." }] }
*.credit_card	Any nested credit_card field	{ payment: { credit_card: "..." } }

Per-server override

Each server inherits global DLP patterns at creation. You can add additional patterns or replace the global set entirely from the server's detail page → Edit modal.

Deep dive

For the full technical reference on how DLP works — data flow, compliance impact, and industry context — see Zero-Trust PII Redaction.

---

Next steps

SECURITY

Zero-Trust PII Redaction

Architecture, compliance, and industry context.

Learn more →FINOPS

FinOps Guard

Response limits and cost control.

Configure →

---

Frequently Asked Questions

What path syntax does the DLP pattern editor use?

Patterns use fast-redact path syntax. Use *.field to match any object with that field name (e.g., *.email), and items[*].field to match arrays (e.g., users[*].ssn). The asterisk wildcard matches at any nesting depth.

How many built-in DLP patterns are available?

The autocomplete provides 32+ built-in patterns across six categories: Identity (first name, last name, SSN, date of birth), Financial (credit card, bank account, IBAN), Contact (email, phone, address), Security (password, API key, token), Location (zip code, IP address), and Medical (patient ID, medical record).

Can I add custom DLP patterns beyond the built-in ones?

Yes. Type any valid fast-redact path into the input field and click the add button. Custom patterns appear as chips alongside built-in ones. There is no limit on the number of patterns you can define.

Do global DLP patterns merge with per-server patterns?

By default, per-server patterns inherit the global set. From the server's Edit modal, you can add additional patterns on top of the global set or replace the global set entirely with server-specific patterns.

Does DLP work with all deployment methods?

Yes. DLP redaction runs at the proxy layer, after the upstream API response is received and before it reaches the AI client. It works identically across OpenAPI Import, Manual API, and Vurb.ts deployments.

Where can I learn about the DLP architecture and compliance impact?

For the full technical reference — data flow diagrams, compliance mapping (GDPR, HIPAA, SOC 2), and industry context — see the Zero-Trust PII Redaction page under Security & Governance.