Visual Learning

PII: Super-Easy to Understand

No legal jargon. No textbooks. Four illustrated characters explain exactly what personal data is, what makes it risky, and what the law says about it, in one visual.

Want the full technical breakdown? Read the complete PII types guide → or follow our step-by-step guide to removing PII before AI →

PII Explained. Seven Visual Guides

Click any infographic to open it in full resolution. Zoom in, pan and explore every detail.

The PII Risk Lineup, four risk categories of personal data
Enlarge
The PII Risk Lineup
Four illustrated characters showing what counts as PII and how risky each type is, from no risk to GDPR Article 9 critical.
The Evolution of Data Privacy Risks, from the 1970s to the AI era
Enlarge
The Evolution of Data Privacy Risks
From locked filing cabinets in the 1970s to invisible AI risks today, five eras of data privacy explained in one timeline.
What happens to your data when you paste it into an AI tool, six step flow
Enlarge
What Happens to Your Data in an AI Tool?
Every step your document takes after you paste it into an AI, from your device to third-party subprocessors.
Every document you send to AI contains PII, document anatomy breakdown
Enlarge
Every Document You Send to AI Contains PII
CVs, contracts, medical reports, invoices, HR forms, every document type broken down by the personal data hiding inside it.
Who can see your data after you hit send, five parties with access
Enlarge
Who Can See Your Data After You Hit Send?
Five parties that can access your document the moment you paste it into an AI tool, across multiple legal jurisdictions.
PII by Industry, six sectors and their most sensitive personal data types
Enlarge
PII by Industry: What's at Stake
Healthcare, Finance, HR, Legal, Education, Marketing, the most dangerous personal data in each sector and the regulations that govern it.
How long does your personal data live online, seven data types with persistence timelines
Enlarge
How Long Does Your Personal Data Live Online?
Email addresses vanish in days. Biometric data never does. Seven personal data types ranked by how long they survive online after a breach, and what damage they cause the longer they stay.
What a hacker can do with just your email address, six cyberattack vectors including phishing, credential stuffing, account takeover and identity theft
Enlarge
What a Hacker Can Do With Just Your Email Address
One email address. Six attack vectors. From phishing and credential stuffing to identity theft. See exactly what cybercriminals can do with the most basic piece of personal data.
Local processing vs cloud processing, how PrivacyPromptAI keeps your document on your device while typical AI tools upload it to remote servers
Enlarge
Local Processing vs. Cloud Processing
Cloud AI tools upload your document to remote servers, where it can be stored, logged, or used to train models. PrivacyPromptAI runs entirely in your browser. Nothing ever leaves your device.

© 2026 PrivacyPromptAI. All rights reserved. Reproduction without written permission is prohibited.

The catch most people miss

All four types can appear in the same document. A standard HR report might contain a job title (Not PII), an email address (Standard PII), a bank account number (High-risk PII), and a disability note (GDPR Article 9). All on the same page.

Pasting that document into an AI tool without cleaning it first puts you in breach of GDPR, regardless of intent. The law does not distinguish between deliberate and accidental disclosure.

Clean PII now, free → Full PII type guide → Test your PII knowledge →
PII: Why & What

The complete technical guide to all PII types, with legal definitions and real-world examples.

PII Info Test

Think you understand PII? Test yourself and find out where the gaps are.

GDPR & AI Compliance

What GDPR actually requires when you use AI tools at work, and how to stay compliant.

Get Professional Protection

Explore the full suite of privacy services we recommend to keep your data safe.

Frequently asked questions

Questions about PII types, risk levels, and what to do about them.

What is the difference between the four PII risk levels in the infographic?

Not PII cannot identify anyone. Standard PII identifies a person and is protected under GDPR Article 4, email addresses, phone numbers, IP addresses fall here. High-risk PII directly enables fraud, passport numbers, IBANs, credit card numbers. GDPR Article 9 data is the most sensitive legal category, health records, biometrics, genetic data, requiring explicit consent and carrying the highest fines.

Can non-PII data become PII when combined with other fields?

Yes, this is called the aggregation problem. A zip code, a date of birth, and a gender identifier are each not PII individually. But research has shown that combining just those three fields can uniquely identify 87% of the US population. Always consider what your data looks like in combination, not just in isolation. See our full PII types guide for more examples.

What happens if I paste a document with PII into ChatGPT or another AI tool?

The content is sent to and processed on external servers outside your control. Under GDPR, this constitutes a transfer of personal data to a third-party processor. Without a Data Processing Agreement in place, this may be a reportable breach, even if completely unintentional. GDPR Article 9 data carries the highest penalties. PrivacyPromptAI cleans all PII locally in your browser before you send anything anywhere.

Is a person's name always considered PII?

Usually yes. A full name is considered Standard PII because it identifies a specific person. A very common name like "John Smith" may require additional data points to pinpoint one individual, but in practice you should always treat full names as PII and remove them accordingly.

Does GDPR apply to me if I am not based in Europe?

Yes, GDPR applies to any organisation that processes the personal data of EU residents, regardless of where the organisation is located. Most countries also have equivalent legislation: CCPA in California, PDPA in Singapore and Thailand, LGPD in Brazil, PIPL in China, and POPIA in South Africa. Read more in our GDPR & AI compliance guide.

How do I remove PII from a document before using it with AI?

Paste your document into PrivacyPromptAI. It automatically detects and cleans all four PII categories: names, emails, phone numbers, IBANs, passport numbers, health data, and more, entirely in your browser. Nothing leaves your device. It is free and supports 23 European languages.

Now you know what PII is, remove it in seconds

PrivacyPromptAI detects all four PII categories automatically, entirely in your browser. Free, instant, and works across 23 languages.

Try the free tool → Full PII type guide Test your knowledge