Keyword exclusions

Keyword exclusions form an allowlist: configured words or phrases that should never be redacted, even if a detector matched them. Each exclusion removes any already-detected entity whose text matches a configured keyword. Exclusions run as the last stage of the detection pipeline, after all detectors and consolidation. They override any earlier detection, including high-confidence pattern matches.

Use exclusions to suppress recurring false positives in your specific document set. To detect domain-specific sensitive terms instead, use Keyword recognizers (a denylist).

When to use exclusions

Common cases:

Suppress test or placeholder values such as test@example.com or N/A.
Suppress entity values that the semantic model detects as sensitive but aren’t sensitive in your context, such as your own company name.
Suppress any specific keyword you don’t want redacted.

Configuration

Add exclusions under keywordExclusions:

{
  "detectionConfiguration": {
    "keywordExclusions": [
      {
        "name": "SafeValues",
        "excludedKeywords": ["test@example.com", "N/A", "TBD"],
        "partialMatch": false
      },
      {
        "name": "InternalDomain",
        "excludedKeywords": ["example.com"],
        "partialMatch": true
      }
    ]
  }
}

For the full schema, refer to KeywordExclusion schema.

Match modes

Exact match (default). The entity’s full text must equal a keyword. Comparison is case-insensitive. partialMatch: false.
Partial match. The entity’s text must contain a keyword as a substring. partialMatch: true.

When to use exclusions​

Configuration​

Match modes​

When to use exclusions

Configuration

Match modes