Security & Compliance
euRedact is built with privacy as a core architectural principle. Local processing, open-source rules, and zero data transmission give you full control over how personal data is handled.
How Your Data Flows
Rule Engine detects: IBANs, BSNs, phones, emails, IDs
AI model detects: names, addresses, contextual PII
Structured PII never leaves your device.
Why You Can Trust euRedact
100% Local Processing
euRedact Rules runs entirely on your machine. No data is sent to any external server. Your text never leaves your infrastructure.
Open Source & Auditable
The full rule engine is open source under Apache 2.0. Every regex pattern, checksum validator, and suppression rule is visible and auditable on GitHub.
No Vendor Lock-in
euRedact is a library, not a service. Your redaction rules, custom patterns, and configuration are yours. No accounts, no API keys, no data retention.
Zero Required Dependencies
No external packages required in either Python or Node.js. Minimal attack surface, no transitive dependency risks, easy to audit and deploy.
Privacy Architecture in Detail
Hash-Based Segment Routing
Text is split into segments and routed via one-way hashes. The cloud model never sees the full document -- only isolated, unlinkable fragments that cannot be reassembled server-side.
Cross-Client Shuffling
Segments from different clients are shuffled together in each inference batch. Even if an attacker compromises a batch, no single client's text can be isolated.
Constrained JSON Output
The model is constrained to emit only structured JSON with entity labels and offsets -- never free-form text. This eliminates the risk of the model echoing or leaking input data.
Graceful Offline Fallback
When the cloud is unreachable, the SDK falls back to the local rule engine automatically. Structured PII is still detected with high precision -- your pipeline never stalls.