Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.maxicore.ai/llms.txt

Use this file to discover all available pages before exploring further.

Maxi AI Core includes a field-level data masking layer that intercepts every ability response before it reaches the AI agent. Any response field whose name matches an entry in the mask list has its value partially redacted — for example, "John" becomes "J***" and "john@example.com" becomes "j***************". This reduces how much personally identifiable information (PII) your AI provider receives, without preventing agents from understanding the structure or context of the data. Masking is active by default and does not require any configuration to work. You can add fields, remove fields, or disable masking entirely when your workflow requires it.
Masking is pseudonymization, not full anonymization. It reduces PII exposure to AI agents and providers but does not eliminate all obligations under GDPR or similar privacy regulations.

How masking works

The masking filter runs on every ability response, at every nesting depth. If first_name is in the mask list, it matches both top-level first_name fields (for example, in user meta responses) and nested fields (for example, billing.first_name in a WooCommerce order response). Only string values are redacted — integers, booleans, arrays, and ID fields pass through unchanged.

Default masked fields

When you first activate Maxi AI Core, the mask list is seeded automatically with the following field names:
first_name, last_name, display_name, nickname, user_email
email, phone, address_1, address_2, postcode, city, company
billing_first_name, billing_last_name, billing_email, billing_phone, billing_address_1, billing_address_2, billing_postcode, billing_city, billing_company
shipping_first_name, shipping_last_name, shipping_phone, shipping_address_1, shipping_address_2, shipping_postcode, shipping_city, shipping_company

Managing the mask list

Use the maxi/manage-mask-fields ability (Pro, requires manage_options) to view, add, or remove fields from the masking list. All changes are recorded in the audit log under category data_masking.

List current fields

{ "action": "list" }

Add a field

{ "action": "add", "field": "custom_phone" }

Remove a field

{ "action": "remove", "field": "nickname" }
If your site stores PII in custom meta fields with non-standard names, add those field names to the mask list so they are also redacted in ability responses.

Disabling masking

To disable masking entirely, add this line to your wp-config.php file above the /* That's all, stop editing! */ line: 
define( 'MAXI_AI_DATA_MASKING', false );
When masking is disabled, AI providers receive full, unredacted PII — names, email addresses, phone numbers, and shipping details — in every applicable ability response. Only disable masking if your use case requires it and you have considered the privacy implications for your users.
Alternatively, you can remove individual fields from the mask list via maxi/manage-mask-fields if you need only specific fields unmasked rather than disabling the feature altogether.