Understanding Policies
What Are Policies?
Policies define how HISN handles different types of sensitive data. Each policy rule specifies:
- What to detect: Which data types to look for (credit cards, IDs, API keys, etc.)
- What to do: Block, warn, or allow
- Where it applies: Which AI services the rule covers
Actions
Block
The request is stopped completely. The AI service never receives the data. The user sees a clear message explaining why their message was blocked and what type of sensitive data was detected.
Warn
The request goes through, but the event is logged and flagged. Use this for data types where you want visibility without disrupting workflow.
Allow
Normal behavior. The request passes through and is logged for audit purposes only.
Default Policy
If no specific rule matches, the default action applies. Most organizations set this to "warn" — this gives visibility while the team learns what data types need blocking.
Rule Priority
Rules are checked from top to bottom. The first matching rule determines the action. This means more specific rules should be placed above general ones.
Managed by Your Admin
Policies are configured by your organization's IT administrator through the admin console. If you believe a policy is too restrictive or not restrictive enough, contact your IT team.
