DPA available · Zero server storage

Bulk document redaction
for DSAR compliance

Process thousands of files in a single batch. The data subject's PII is preserved — everyone else's is redacted. Files never leave your browser.

Contact Sales Pilot Guide →
10
file types
1,000s
files per batch
0
documents stored
3-layer
AI detection pipeline

Capabilities

Everything you need to respond to a data subject access request

When a data subject requests their personal data under GDPR, CCPA, or UK GDPR, you must redact all third-party PII before disclosure.

Selective PII preservation

Name the data subject. Their personal information is preserved across every file. All other individuals' PII is redacted — names, emails, phone numbers, addresses, NI numbers.

Bulk upload via ZIP

Upload a single ZIP containing thousands of documents. Nested ZIPs are extracted automatically. Process an entire Purview eDiscovery export in one batch.

10 file types

PDF, DOCX, XLSX, EML, MSG, HTML, TXT, CSV, JSON, ZIP. Covers the full range of data found in DSAR exports — Outlook email, Teams transcripts, spreadsheets.

Zero data retention

Documents stay in the browser. Only extracted text is sent for AI detection. Nothing is stored on our servers or by our AI provider. Audit metadata only.

Process

How enterprise redaction works

01

Upload your data export

Drag in a ZIP file or select individual files. Supports thousands of files per batch — emails, attachments, PDFs, spreadsheets, chat transcripts.

02

Enter the data subject's details

Name, email addresses, phone number, NI number, employee ID, and other identifiers. The more fields you provide, the more precisely the tool distinguishes the subject from third parties.

03

AI detects and flags PII

A three-layer detection pipeline — inline regex, LLM classification, and context analysis — processes files in parallel. Each file shows detected PII in-context for review.

04

Review and export

Verify every detection before export. Add manual redactions for anything the AI missed. Download redacted files and a full audit CSV — ready for the data subject.

Trust

Built on enterprise infrastructure

Every component in the stack carries SOC 2 Type II certification. Documents never touch our servers.

Anthropic Claude
AI provider

SOC 2 Type II. No-retention API — text is processed and discarded. Never used for training.

Vercel
Hosting & compute

SOC 2 Type II. Edge network, serverless functions, zero persistent storage of document content.

Supabase
Auth & metadata

SOC 2 Type II. Stores only account data and job audit metadata. No document content.

UK GDPR
Supports Article 15
EU GDPR
DPA available
CCPA / CPRA
Consumer access rights
HIPAA
HIPAA-ready architecture

Use cases

Who uses SafeRedact Enterprise

DPOs & privacy teams

Process the redaction step of UK GDPR, EU GDPR, and CCPA access requests — often the most time-consuming part of meeting the statutory deadline.

Legal & compliance

Redact third-party PII from litigation holds, discovery sets, and regulatory disclosures. Full audit log provides defensible documentation for each redaction decision.

HR departments

Employee DSARs cross HR records, payroll, performance reviews, and internal communications. Bulk processing detects PII across the full dataset in a single pass.

Outside counsel

Law firms handling DSAR responses for clients. Documents stay in the browser — only extracted text is sent for AI detection. Nothing is stored after processing.

Ready to process your first DSAR?

Tell us about your data volume and compliance requirements. We'll scope the right plan.

Contact Sales Pilot Guide