Zero-storage architecture

Your documents never leave the browser

Only extracted text reaches our API — with a no-log header ensuring it's immediately discarded. No files stored. No AI training.

Files stay in browser

Document content is processed entirely client-side using JavaScript. No upload to any server — ever.

No-log API calls

Extracted text sent with anthropic-no-log: true headers. Not retained, not trained on.

Zero server storage

Job metadata (file names, detection counts) stored for audit. Document content never written to any database or disk.

Data flow

Where your data goes

01
Browser

File selection & parsing

PDFs rendered via PDF.js. DOCX, XLSX, EML, MSG parsed client-side. No data leaves the browser.

02
Browser

Text extraction & inline regex

First-pass regex catches emails, phones, NI numbers, sort codes. All local.

03
In transit

AI detection API call

Extracted text — not the original file — sent over TLS 1.3 with anthropic-no-log: true headers.

04
In transit

Anthropic API (PII classification)

Claude classifies PII types and returns results. Text not used for training and not retained.

05
Browser

Detection results returned

Spans returned to browser. Document content never left. Results stored in IndexedDB locally.

06
Complete

Redacted output generated

Redacted file rendered client-side with █ blocks. Downloaded to your device. No copy stored anywhere.

Data boundary

What leaves your browser vs. what doesn't

Stays in your browser
Original document files
Rendered page images (PDFs)
Redacted output files
Detection checkpoint data (IndexedDB)
Data subject identity fields
Sent to detection API (text only)
Extracted plain text (not original files)
Sent with no-log & no-persist headers
Immediately discarded after classification
Not stored, not used for AI training
Transmitted over TLS 1.3

Infrastructure

Infrastructure partners

All partners maintain SOC 2 Type II certification.

Anthropic Claude
AI provider · SOC 2 Type II

Zero-retention API. Text processed and discarded. Never used for training. Explicit no-log headers on every request.

Vercel
Hosting & compute · SOC 2 Type II

Edge network, serverless functions. App is static HTML/JS served to browser. No document content handled.

Supabase
Auth & metadata · SOC 2 Type II

Stores account data and job audit metadata only. No document content. RLS enforced. AWS eu-west-2.

Compliance

Regulatory posture

Built to support privacy regulations across jurisdictions.

GDPR / UK GDPR

Data processor under Article 28. DPA available covering processing instructions, confidentiality, sub-processor management, breach notification, and data deletion.

CCPA / CPRA

Service provider. Personal information processed solely for PII detection and redaction — never sold, shared for cross-context behavioural advertising, or repurposed.

SOC 2 certified partners

All infrastructure partners maintain SOC 2 Type II. Zero-storage architecture eliminates the need to secure document content at rest.

HIPAA

Architecture minimises PHI exposure by design — documents never leave the browser and extracted text is processed with no-log headers. Zero-storage model reduces the compliance surface for organisations handling PHI.

In progress

ISO 27001 certification in progress (target Q3 2026). SafeRedact's architecture provides a smaller attack surface than most certified cloud tools.

Questions about our architecture?

We're happy to walk through our security model with your privacy or security team.

Contact Sales Enterprise Overview →