GDPR Data Masking
Before any ability response reaches the agent, Maxi redacts the values of personal-data fields. “John Doe” becomes “**** ***”, an email becomes “****************”. It’s on by default, and it applies to everything.
Data masking is a privacy layer that sits on the way out: whenever an ability returns data — an order, a customer record, a user profile — Maxi scans the response for fields that hold personal data and fully redacts their values before the agent (or the AI provider behind it) ever sees them.
Maxi AI Core is designed so operators can configure masking and query restrictions to prevent agents from receiving recognizable personal data. Out of the box it applies privacy protections, and operators retain control over what additional fields and query patterns must be blocked or masked for their site.
What the agent sees instead
Masked values keep their first character and replace the rest with asterisks, word by word:
"John Doe"→"**** ***""john@example.com"→"****************"
It’s on by default
Masking is active out of the box. On first use, Maxi seeds the list with the personal-data fields you’d expect, covering both general WordPress user data and the full set of WooCommerce billing and shipping fields. The seeded defaults are:
| Group | Fields masked by default |
|---|---|
| User & general | first_name, last_name, display_name, nickname, user_email, email, phone, address_1, address_2, postcode, city, company |
| Billing (WooCommerce) | billing_first_name, billing_last_name, billing_email, billing_phone, billing_address_1, billing_address_2, billing_postcode, billing_city, billing_company |
| Shipping (WooCommerce) | shipping_first_name, shipping_last_name, shipping_phone, shipping_address_1, shipping_address_2, shipping_postcode, shipping_city, shipping_company |
You don’t have to configure anything for this baseline protection to apply.
How it decides what to mask
Maxi matches by field name, at any depth in the response. If first_name is on the list, it’s redacted whether it appears at the top level of a user record or nested deep inside an order’s billing details. Only text values are touched — numbers, IDs, and true/false flags pass through unchanged, so masking never breaks the structure the agent relies on. The masking applies to responses going through the agent’s connection (the MCP and abilities endpoints), which is exactly where the agent reads data.
Managing the list
You can tailor which fields are masked by asking your agent — there are three actions:
- List the fields currently being masked.
- Add field names to mask (for example, a custom field that holds personal data your theme or plugins store).
- Remove fields you don’t need masked.
“What fields is Maxi currently masking?”
“Also mask the ‘customer_vat_number’ and ‘date_of_birth’ fields.”
There’s no separate settings screen — the masking list is managed through the agent, and every change is recorded in the audit log under the data-masking category, so there’s always a record of who changed what. Managing the list requires an administrator.
Turning it off (development only)
For a development or staging environment where you genuinely want the agent to see raw data, masking can be disabled entirely with a single line in your site’s wp-config.php:
define( 'MAXI_AI_DATA_MASKING', false );On a live site with real customer data, leave masking on.