DATA OPS

Detect and redact PII in uploaded CSVs before warehouse load

On a CSV upload to S3, scans columns for PII, redacts or hashes sensitive fields, writes the sanitized file to R2, loads it into Snowflake.

CategoryData Ops

Enginesim

Difficultyadvanced

Triggerevent

Steps6

Setup~25 min

How it runs

The automated pipeline, trigger to output.

TriggerNew CSV uploaded to S3AWS S3
ActionScan columns and classify PII fields
LogicApply redaction policy to flagged columns
ActionWrite sanitized file to R2Cloudflare R2
ActionLoad redacted data into SnowflakeSnowflake
OutputPost redaction audit summary to SlackSlack

What it does

Screens every incoming CSV for personally identifiable information before it enters the warehouse. It detects PII columns (emails, phone numbers, SSNs, names), applies redaction or one-way hashing per a policy, stores the sanitized copy in R2, then loads the clean data into Snowflake. An audit summary of what was redacted is posted to Slack.

When to use it

Use it when CSV feeds may contain regulated personal data you are not permitted to land raw in analytics storage. This enforces a redaction policy automatically so engineers never have to manually scrub files, and gives compliance a per-file audit record.

How it works

1An S3 object-created event triggers the run.
2The pipeline scans each column with PII detection rules and classifies sensitive fields.
3A logic step applies the policy — hash, mask, or drop — to the flagged columns.
4The sanitized file is written to an R2 bucket as the retained clean copy.
5The redacted data is loaded into Snowflake.
6A redaction audit summary (fields touched, action taken, row count) is posted to Slack.

Set it up

What you configure once, before turning it on.

1
Connect AWS S3Buckets, objects, signed URLs.
2
Connect Cloudflare R2Object storage, S3-compatible.
3
Connect SnowflakeWarehouses, queries, shares.
4
Connect SlackChannels, DMs, threads, mentions.
5
Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
6
Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
7
Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.

More Data Ops workflows

Weekly BigQuery Cost Trend Sheet and Exec Digest

Compiles week-over-week BigQuery scheduled-query cost by owner and dataset into a Google Sheet with trend columns.

Daily BigQuery Scheduled-Query Cost Attribution to Owners

Each morning, totals the prior day's on-demand bytes-billed per scheduled query, maps each query to its owner from a label, and posts a per-owner cost leaderboard to Slack.

BigQuery Per-Team Budget Breach Alert to PagerDuty

Tracks month-to-date BigQuery scheduled-query spend per team and, when a team crosses its monthly budget, pages the team's on-call in PagerDuty and snapshots the spend breakdown…

dbt source freshness watcher with severity-routed alerts

Checks Snowflake loaded-at timestamps against each dbt source's freshness SLA, then routes warnings to Slack and hard breaches to a PagerDuty incident so stale data never…

dbt orphan model detector with Linear cleanup tickets

Scans your dbt manifest for models that no other model, exposure, or BI tool consumes.

Raw Sensor Telemetry Archive to BigQuery

Captures every incoming building sensor reading via webhook, normalizes the payload into a consistent schema.

Browse all Data Ops →

Run it inside a business

This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.

Finance

Research & Trading Desk

Governance-first research, execution, and risk — every trade on the audit trail.

Software

Agent Hive runs Agent Hive

The team that built Agent Hive, exactly as it runs today.

Marketing

Content Marketing Agency

SEO, blogs, social, and reporting on autopilot.

Browse all business templates →Solutions by industry →

Run this workflow in your colony.

14-day trial. No DevOps. No Sales call. Provisioned in under a minute.

Join the Waitlist Browse all workflows →