Retrieval-Augmented Generation (RAG) systems risk exposing sensitive information when retrieving from private knowledge bases. To address this, we propose an end-to-end privacy-preserving framework that replaces real retrieval corpora with purely synthetic data, eliminating raw-data exposure. Our method, termed SAGE, introduces a novel two-stage synthetic data generation paradigm: Stage I performs attribute-aware semantic extraction to preserve critical information; Stage II employs agent-driven iterative refinement to explicitly model the utility–privacy trade-off. Evaluated across multiple RAG benchmarks, SAGE generates synthetic corpora achieving retrieval fidelity comparable to original data, while reducing membership inference attack success rates by over 70%. To our knowledge, this is the first work to simultaneously achieve high-fidelity retrieval performance and strong formal privacy guarantees in RAG via synthetic data.

Retrieval-augmented generation (RAG) enhances the outputs of language models by integrating relevant information retrieved from external knowledge sources. However, when the retrieval process involves private data, RAG systems may face severe privacy risks, potentially leading to the leakage of sensitive information. To address this issue, we propose using synthetic data as a privacy-preserving alternative for the retrieval data. We propose SAGE, a novel two-stage synthetic data generation paradigm. In the stage-1, we employ an attribute-based extraction and generation approach to preserve key contextual information from the original data. In the stage-2, we further enhance the privacy properties of the synthetic data through an agent-based iterative refinement process. Extensive experiments demonstrate that using our synthetic data as the retrieval context achieves comparable performance to using the original data while substantially reducing privacy risks. Our work takes the first step towards investigating the possibility of generating high-utility and privacy-preserving synthetic data for RAG, opening up new opportunities for the safe application of RAG systems in various domains.