# Why redaction has to happen before storage

> Redaction is safer when it happens before raw agent context becomes durable memory.

If raw agent context is stored first, every later permission model is cleaning up after a mistake. Ambience redacts secrets and common PII before persistence so the raw version is not recoverable from disk.

## Why Ambience

- API keys, tokens, email addresses, phone numbers, and SSNs are stripped before storage.
- Redaction metadata can be audited without exposing the sensitive value.
- The stored memory remains useful without becoming a secret archive.

## Related

- [Security and trust](https://ambience.sh/security)
- [How to audit AI agent context](https://ambience.sh/answers/how-to-audit-ai-agent-context)
- [GitHub connection](https://ambience.sh/connections/github)