Does anything get sent to a server?
Your data, never. Detection and redaction run entirely on your Mac — no accounts, no telemetry, no upload of your content. Two network calls exist: a signed Sparkle update check (on by default — turn it off in Settings → Updates) and an optional local Ollama pass (loopback to 127.0.0.1:11434, which only ever sees text that's already been redacted). Neither sends your data anywhere.
Can it watch my clipboard automatically?
Yes — clipboard watch is opt-in. Turn it on and Redactor polls your clipboard locally; the moment you copy something containing a secret, a one-click redact prompt appears in the top-right. It fires only on real secrets and stays entirely on-device.
Will it stop me committing a secret to git?
Yes — the bundled redactor CLI scans staged changes. Add a git pre-commit hook that calls it:
printf '#!/bin/sh\nexec redactor scan --staged --strict\n' > .git/hooks/pre-commit
chmod +x .git/hooks/pre-commit
Put redactor on your PATH first — it ships inside the app at /Applications/Redactor.app/Contents/MacOS/redactor. --strict blocks the commit when a secret is found; drop it to warn without blocking.
Can it redact screenshots?
Yes. Drop in or capture an image and Apple Vision OCR reads the text on-device. Redactor draws a tight black box over each offending substring and gives you a redacted PNG straight to the clipboard or via Save….
How do I use it with Claude or Cursor?
Redactor ships a built-in MCP server, so your AI tools can scan, redact, and restore through tool calls — no copy-paste dance. See the homepage for the one-line setup for Claude, Cursor, and other MCP clients.
Can I get the real values back?
Yes — that's the round-trip. Redact swaps secrets for realistic fakes and keeps a map in memory; once the AI replies, Restore slots the real values back exactly where the fakes were. The map never touches disk.
Won't it flag random strings?
No — detectors are validated, not guessed. Credit cards must pass the Luhn check, IBANs the mod-97 checksum, German Tax-IDs the ISO 7064 check, and high-entropy tokens have to clear an entropy threshold. That's how it stays quiet on ordinary text.
Is it free? What do I need?
Yes, it's free. Redactor is a menu-bar app for Apple-silicon Macs running macOS 13 or newer, and it keeps itself current via Sparkle auto-updates.
Does Redactor make us GDPR / DORA / BAIT compliant?
No — and we won't pretend otherwise. Redactor is one technical control, not a certification. What it does is support specific control objectives: GDPR data minimisation and pseudonymisation (Art. 5/25), DORA confidentiality and leakage-prevention (Art. 9, 28/30), BAIT/VAIT and MaRisk IT-confidentiality, BSI C5 secret-handling (CRY-01/IDM-08), ISO 27001 data-leakage prevention (A.8.12), and minimising what reaches AI under the EU AI Act — all by keeping secrets and personal data on your machine. Compliance itself stays your organisation's responsibility; Redactor is the on-device piece that makes the data-minimisation story credible.
Is it suitable for banks, insurers and other regulated teams?
That's exactly who it's built for. Redactor comes from ZERODOTFIVE Hamburg, who help BaFin-supervised banks and insurers adopt Cloud & AI. It runs 100% on-device, is deterministic and reversible, and keeps a value-free audit log (category counts + timestamps, never the data itself) — the kind of auditable, on-device control that holds up in front of a risk team.