Security & Privacy — How Redactly Protects Your Data

Redactly was built from the ground up with privacy as the foundation, not an afterthought.

In-Memory Processing

Unlike most online document processing tools, Redactly does NOT upload your documents to a server. File reading, text extraction, and redaction rendering happen locally where possible. Extracted text may be sent securely to our AI endpoint for PII detection.

When you upload a PDF, Word, or Excel file to Redactly, the file remains on your device. The AI detection process sends only the extracted text content (not the full document) to our secure API endpoint for analysis. This text is processed in a stateless manner — no logs are kept, and no data is retained after the response is returned.

This architecture means that even if Redactly's infrastructure were compromised, your documents would be safe because they never left your computer. This is a fundamentally different approach from cloud-based redaction tools that require uploading files to remote servers for processing.

Automatic File Deletion

Once you have reviewed the detections and applied redactions, the redacted file is generated in your browser memory and offered for download. At this point, you have two options: download the redacted file or close the browser tab.

In either case, the data is automatically cleared from memory. There is no "delete" button to click — the data simply ceases to exist when the browser tab is closed or the page is refreshed. For users who want to be extra cautious, closing the browser entirely ensures that all cached data is purged from system memory.

No Storage, No Logs

Redactly does not store your documents, your redacted files, or your usage history on any server. We do not maintain logs of document content, filenames, or processing results. The only data we store is basic analytics (page views, feature usage) that contains no document content or personally identifiable information.

For Pro and Enterprise users, audit logs and redaction certificates are stored locally in your browser's localStorage. You have full control over this data and can clear it at any time through your browser settings. We are exploring optional encrypted cloud storage for audit logs in the future, but it will always be opt-in.

The AI text detection requests are processed by our provider in a stateless manner with no data retention. We have verified that no document text is used for model training or any purpose beyond fulfilling your specific detection request.

Encryption

All communications between your browser and Redactly's infrastructure are encrypted in transit over HTTPS, ensuring that data cannot be intercepted or modified. The AI detection API uses industry-standard HTTPS with certificate validation.

Because documents are not stored on any server, encryption at rest is not applicable to document content. For the minimal data we do store (analytics, user preferences), we follow industry best practices for database encryption and access control.

Experience privacy-first redaction

Redactly is the only free online redaction tool that supports PDF, Word, and Excel. Files are processed locally with text sent securely to AI for detection.

Start Redacting Free

FAQ

Are my documents stored on Redactly's servers?
No. Document files are handled locally where possible. Extracted text may be sent securely to our AI provider for PII detection only. Redactly does not use document content for training and does not intentionally store original documents. Once processing is complete, temporary in-browser data is cleared.
Is Redactly compliant with GDPR and HIPAA?
Redactly's processing model aligns with GDPR data minimization principles and HIPAA security requirements. Document files are handled locally where possible, while extracted text may be sent securely to AI for detection. For enterprise customers, we offer a Business Associate Agreement (BAA) for HIPAA compliance.
What happens to my files after I download them?
Redacted files are generated in your browser memory and offered for download. After you download or close the tab, the data is automatically cleared. We do not retain copies of original or redacted documents. Audit logs (for Pro users) are stored in your browser's localStorage, which you can clear at any time.
Is my data encrypted during processing?
All data transmitted between your browser and our servers is encrypted in transit over HTTPS. The AI detection API calls are also encrypted. Document content processed locally where possible is not persisted anywhere, so encryption at rest is not applicable — there is nothing stored to encrypt.
Security & Privacy — How Your Documents Stay Protected | Redactly