The Short Version
SafeRedact uses AI to detect sensitive information in your documents. Here's exactly what that means for your data:
Original files stay local
Original PDF files stay in your browser
Text sent to AI
Extracted text is analyzed by Claude AI
No file storage
We don't store your documents anywhere
Redaction is local
Clean file created in your browser
Our Hybrid Architecture
We use a hybrid approach that balances AI accuracy with privacy protection. Here's the step-by-step process:
Text Extraction (Your Browser)
When you upload a document, your browser extracts the text using PDF.js (for PDFs) or Tesseract.js OCR (for scanned documents). The original file stays in your browser memory.
AI Detection (Cloud)
The extracted text (with position coordinates) is sent to our API, which uses Claude AI to classify which items are sensitive: SSNs, names, addresses, phone numbers, etc. This is what enables accurate, context-aware detection.
Review & Redact (Your Browser)
The AI returns classification results. You review the detections, adjust as needed, and click Redact. The clean output file is generated entirely in your browser—a new PDF without the sensitive data.
What IS Sent to the Cloud
Encrypted text payload
When your document is processed, text content is encrypted with AES-256-GCM in your browser before transmission. What actually leaves your device is an encrypted blob—not readable text. Our serverless function decrypts it only to pass to Claude for classification, then re-encrypts the response.
// What's actually transmitted:
{
"encrypted": "U2FsdGVkX1+vupppZksvRf8xY2FkZTk3NmI0ZjJh
MGJlNzU4MzQ2YWI3YWE3YzRjMWNhYzM0MzE2NTU2
NjMyMWU3ZDk4ZTdhN2YzODJmMDcyOGY0MGY5NTJl
M2IwNmE5YjU3YzBhZjE0NWYzMTQyN2Q3YjI...",
"iv": "mHp4VkXq9bN3ZwRt",
"key": "xK9mP2vL8nQ4wS7yA3bC6dE0fG5hJ1kM..."
}
Your sensitive data (names, SSNs, addresses) is never transmitted in readable form.
The decrypted text is processed by Anthropic's Claude API, which does not store or train on API inputs. Data is processed in memory and immediately discarded. See Anthropic's Privacy Policy for details.
AES-256-GCM Encryption
Application-Layer Encryption
Defense-in-depth beyond standard TLS
SafeRedact implements AES-256-GCM encryption at the application layer, providing an additional security boundary beyond standard HTTPS/TLS encryption. Your document text is encrypted in your browser before transmission and decrypted only upon return.
Browser generates ephemeral key
A unique 256-bit AES key is generated for each request using the Web Crypto API
Text encrypted before transmission
Document text is encrypted with AES-256-GCM (Galois/Counter Mode) with authentication
Server decrypts for AI processing
Our serverless function decrypts, sends to Claude API, receives detections
Response re-encrypted
Detection results are encrypted before being sent back to your browser
Why this matters
- • Protects against network-level interception
- • Data never exists in plaintext outside your browser
- • Each request uses a unique encryption key
- • Same encryption standard used by banks and governments
Technical specifications
- • Algorithm: AES-256-GCM
- • Key size: 256 bits
- • IV: 96 bits (randomly generated)
- • Authentication: GCM auth tag (128 bits)
This dual-layer encryption (TLS + application-layer AES-256) ensures your sensitive document text is protected at every step of transmission, exceeding industry standards for data protection.
What Is NOT Sent
Original PDF binary stays in your browser
Original PDF stays local; only extracted text is sent
Formatting, layout, fonts, embedded objects
Author, creation date, filename, etc.
Important: We do not store documents on SafeRedact servers. There is no retention period because there is nothing retained. Processing is ephemeral—when you close the tab, it's gone.
How We Compare to Other Tools
| Tool | File Upload | Detection | Retention |
|---|---|---|---|
| SafeRedact | Text only | AI (Claude) | None |
| Adobe Acrobat Pro | Local | Regex patterns | N/A |
| Smallpdf | Full file | Manual only | 1 hour |
| iLovePDF | Full file | Manual only | 2 hours |
| Redactable | Full file | AI | Account storage |
Visual: Where Your Document Goes
Stored & processed
Not stored · Discarded
SafeRedact advantage
AI-powered detection accuracy without uploading your actual documents. Other AI redaction tools require full file uploads and store documents in your account.
Tradeoff
Desktop apps like Adobe are fully local, but use basic pattern matching that misses context-dependent PII like names and addresses.
Compliance Considerations
Important Disclaimer
SafeRedact is not certified for HIPAA, GLBA, FERPA, or other industry-specific regulations. While we minimize data exposure, extracted text is processed via a third-party AI API. Organizations with strict compliance requirements should evaluate whether this meets their policies.
What this means for HIPAA
- → Text from documents is sent to Anthropic's API
- → Anthropic does not store API inputs by default
- → SafeRedact does not have a BAA in place
- → Consult your compliance officer before use with PHI
What this means for GDPR
- → Text processing involves a US-based data processor (Anthropic)
- → No persistent storage of personal data
- → Processing is ephemeral (no retention)
- → Review your DPA requirements
Frequently Asked Questions
Why not process everything locally?
We tried. Browser-based regex detection catches obvious patterns (SSNs, credit cards) but consistently misses context-dependent PII like names and addresses. AI provides dramatically better accuracy, which is the whole point of a redaction tool—you need to catch everything.
Is my data used to train AI models?
No. We use Anthropic's API, which does not use API inputs for model training by default. See Anthropic's Privacy Policy.
Why is this better than Smallpdf or iLovePDF?
Those tools upload your entire PDF to their servers and store it for 1-2 hours. We only send extracted text, and we don't store anything. Plus, they don't have AI detection—you have to manually find and mark every sensitive item.
Can I use SafeRedact offline?
Text extraction and redaction work offline, but AI detection requires an internet connection. Without it, the tool falls back to basic regex patterns (less accurate but still functional for SSNs, credit cards, etc.).
Is the redaction permanent?
Yes. SafeRedact renders your document as a new image with redaction boxes burned in. The sensitive content is never included in the output file—it's not hidden or covered, it simply doesn't exist in the exported document. The redacted content cannot be recovered by copy/paste, Photoshop, or any other method.
Start redacting in seconds
AI-powered detection with no document storage. Upload a PDF, review detections, download redacted. Free tier available.