Our legal team is concerned about sending prompt data through a third-party proxy. Does Helicone offer any PII masking features or a self-hosted option? We need to ensure that patient names in our healthcare app never get stored in any external observability logs.
3 answers
Security is a major focus for this platform. If you use the cloud version, you can enable PII masking which uses automated models to redact sensitive information before it hits the logs. However, for a healthcare app, the best route is their self-hosted Docker version. By running the proxy and the database within your own VPC (like on AWS ECS), the data never leaves your infrastructure except for the final trip to the LLM provider. This satisfies most HIPAA and GDPR requirements because you retain full control over the storage and encryption of the logs. They also support vault integrations for managing your API keys securely so they aren't hardcoded in your environment.
Is the self-hosted version's dashboard as feature-rich as the cloud version? I've noticed some open-source tools gate the best UI features behind their SaaS.
You can also selectively disable logging for specific highly sensitive end-points while still keeping the proxy active for cost tracking.
That "log-suppression" feature is exactly what we used for our login-related prompts. It gives us the cost data without the risk of logging passwords.
It’s actually quite comparable. Most of the core observability features, like the trace view and basic analytics, are identical. The main thing you'll be managing yourself is the ClickHouse database which stores the traces. If you have a high volume of requests, you’ll need a decent-sized instance to keep the dashboard snappy, but from a feature perspective, you aren't losing much by keeping your data on-prem.