Configure a column once. DeltaForge transforms it in memory during the read path, so the value written to the Delta table is already protected. No separate masking pipeline. No exposure window.
Choose by what the column means and who needs to see it
For identifiers that must never be recovered. Same input always lands on the same hash, so joins still work.
For values you may need to recover under a key custody process. Deterministic, so encrypted columns remain joinable.
Display-style masking for emails, phones, cards, and other structured fields. Keeps the shape, hides the value.
Reduces precision for k-anonymity: dates to coarser buckets, ages to ranges, postal codes to prefixes.
Replaces values with stable tokens within a configurable scope. Linkability is a knob, not a default.
A single command attaches a transform to a column
Rules are SQL DDL, stored in the catalog, versioned with the rest of your schema. No external config file to drift.
The raw value never reaches the Delta table. The transform runs in memory before the write commits.
Enable, disable, and inspect rules at any time. Every change is captured in the audit log.
Battle-tested primitives, no bespoke schemes
Industry-standard hashing, authenticated encryption, and key derivation. No custom or proprietary cryptography.
Bring your own key store. Cloud secret managers and on-prem vaults are supported. Keys never have to leave them.
Protect PHI before it ever lands in the lakehouse
Keyed hashing turns MRNs, SSNs, and member IDs into stable surrogates. Cohort joins and longitudinal analysis keep working, but the raw identifier is never exposed to analysts.
Dates of birth become quarters, ages become ranges, and postal codes become prefixes. The same generalisation rules used for k-anonymity map onto the date and geography fields covered by Safe Harbor.
Pseudonymisation narrows what analytics users can see while keeping datasets useful. When a request does require deletion, Delta tables handle it in plain SQL: see GDPR right to be forgotten on Delta Lake.
Related guides from the DeltaForge blog
Query HL7v2 messages directly in SQL, then pseudonymise patient identifiers on their way into Delta. Read the guide →
Flatten FHIR resources into queryable tables and apply column protection before the write. Read the guide →
Configure a column, choose a transform, and DeltaForge handles the rest in-memory on every write.