HISN حصن
← Back to Docs

Understanding Policies

What Are Policies?

Policies define how HISN handles different types of sensitive data. Each policy rule specifies:

  • What to detect: Which data types to look for (credit cards, IDs, API keys, etc.)
  • What to do: Block, warn, or allow
  • Where it applies: Which AI services the rule covers

Actions

Block

The request is stopped completely. The AI service never receives the data. The user sees a clear message explaining why their message was blocked and what type of sensitive data was detected.

Warn

The request goes through, but the event is logged and flagged. Use this for data types where you want visibility without disrupting workflow.

Allow

Normal behavior. The request passes through and is logged for audit purposes only.

Default Policy

If no specific rule matches, the default action applies. Most organizations set this to "warn" — this gives visibility while the team learns what data types need blocking.

Rule Priority

Rules are checked from top to bottom. The first matching rule determines the action. This means more specific rules should be placed above general ones.

Managed by Your Admin

Policies are configured by your organization's IT administrator through the admin console. If you believe a policy is too restrictive or not restrictive enough, contact your IT team.