Cloud & AI for regulated, BaFin-supervised teams — from the team behind Redactor. · Book a consultation →
Features

Everything Redactor catches — and how

The same deterministic engine, surfaced everywhere you work — clipboard, screenshots, the AI prompt, the commit. 100% on-device.

Wherever you copy

Six ways to scrub

One engine, surfaced at every spot you handle sensitive text or images.

Global hotkey

One keystroke scrubs whatever's on your clipboard, in place — paste the clean version anywhere.

⌥⌘R

In the browser

The Redactor extension scrubs prompts to ChatGPT, Claude & Gemini before they leave the page — paired with the app's engine.

Chrome · coming soon

Clipboard watch

A top-right alert the moment you copy something sensitive. Opt-in, polled locally, nothing leaves your Mac.

Screenshots

Drop or capture an image → on-device OCR finds the secrets → black boxes land over them.

Window

Paste a blob of text into the app for a full review — with an optional local-AI pass for free-form PII.

Services menu

Right-click selected text in any app → Redact selection. No window, no switching.

Clipboard watch

It catches what you'd forget

Redactor polls your clipboard locally and, the instant a copied snippet contains a secret, surfaces a one-click redact prompt in the corner of your screen. It's off by default, fires only on real secrets — never on ordinary text — and never sends a thing anywhere.

  • Opt-in — you turn it on, it stays local
  • Secrets-only — no noise on plain copies
  • One click to redact in place, or ignore
! Secret on your clipboard
AWS_ACCESS_KEY_ID · AKIA…7EXAMPLE
RedactIgnore
Browser extension

Scrubbed before it leaves the browser

The Redactor extension rewrites your prompt on ChatGPT, Claude, and Gemini the moment you hit send — secrets and PII swap for tokens before anything leaves the page. It pairs with the free app on your Mac: the same 265-rule engine, spoken to entirely locally, so the extension itself has no server to talk to. Copy an AI reply and your real values come back.

  • Needs the app — the engine never leaves your Mac
  • Fail-closed — app unreachable blocks the send; unscrubbed stays an explicit click
  • Covers the text you type — file and image uploads aren't scanned

The Chrome Web Store listing is in preparation. The extension privacy policy is already up: what it reads, what stays on your Mac (everything), and what it can't cover.

2 items scrubbed before sending
jane@acme.io → [EMAIL_1] · AKIA…7EXAMPLE → [AWS_ACCESS_KEY_ID_1]
Undo (restore my draft)
Redact → work → restore

Round-trip with any AI

Swap secrets for realistic fakes, work with the AI, then put the real values back.

1

Redact

Secrets and PII swap out for realistic fakes — the AI sees coherent text, not [REDACTED] holes.

deploy as jane@acme.com
alex.morgan@example.com
2

Work with the AI

Paste the clean text into Claude, ChatGPT, Cursor — anything. The model reasons over plausible stand-ins.

paste → Claude / ChatGPT
get your answer back
3

Restore

Run the reply back through Redactor and the real values slot in, exactly where the fakes were.

alex.morgan@example.com
jane@acme.com
On-device OCR

Redact screenshots, too

Drop in or capture an image and Apple Vision OCR reads the text, on your Mac. Redactor draws a tight black box over each offending substring — leaving everything else legible — and hands you a redacted PNG straight to the clipboard or via Save….

  • Apple Vision OCR — no cloud, no upload
  • Per-substring boxes, not the whole line
  • Redacted PNG to clipboard or Save…
DB_PASSWORD = hunter2supersecret
api.key = sk-live-9f3a7c1e
email: jane@acme.com ✓ covered
region = eu-central-1 — left untouched
Detectors

Secrets and PII, verified — not guessed

245 secret rules + 20 PII, checksum & entropy validated

AWS keys GitHub / GitLab PATs Google API keys Stripe Slack / Discord webhooks OpenAI / Anthropic JWTs SSH / PEM keys DB connection strings IBAN Credit cards (Luhn) German Tax-ID Emails Phone (E.164) Public IPs +250 more
Regulated teams

Built for the standards you answer to

Redactor is a tool, not a certification — it supports specific control objectives in the frameworks regulated EU teams work within.

GDPR / DSGVO
Supports minimisation & pseudonymisation
DORA
Supports ICT data-leakage controls
BaFin BAIT / VAIT
Supports IT confidentiality controls
BSI C5
Supports secret-handling controls
ISO 27001 / 27701
Supports data-leakage prevention
EU AI Act
Supports data minimisation into AI

Hover any badge for the exact mapping. Redactor keeps secrets and personal data on your machine; meeting a framework is your organisation's job — this is the on-device control that makes the data-minimisation story credible.

Optional local AI

For the real deal: a local-LLM second pass

After the deterministic regex pass, a fully-local Ollama model can take a second look for the free-form PII regex can't catch — a name, an address, a sentence that gives someone away. It's free, one-click to set up via Homebrew, and adds nothing to the wire.

  • The model only sees already-redacted text — it can add redactions, never reveal a secret
  • Loopback only — 127.0.0.1:11434, no remote calls
  • Off by default — degrades cleanly to regex-only
# pass 1 — deterministic regex
contact [EMAIL_1] · key [AWS_KEY_1]

# pass 2 — local model (sees only the line above)
ollama · 127.0.0.1:11434 · loopback
+ [PII_LLM_1] ← "Erika Mustermann" (a name)

# 100% offline · the model never sees a raw secret
Privacy

Private by design

Deterministic regex running on your Mac. No accounts, no telemetry, no upload of your data. The only network calls are a signed Sparkle update check (on by default — switch it off in Settings → Updates) and an optional local Ollama pass (loopback, which only ever sees already-redacted text). Neither sends your data.

In-memory map

The redact-to-restore map lives in RAM for the round-trip and is never written to disk.

Personal allowlist

Mark a string safe once — your own emails, internal hosts — and Redactor stops flagging it.

Opt-in audit log

Want a record of what was scrubbed? Turn on a local log of rule hits — counts only, never values.

Questions

FAQ

Does anything get sent to a server?

Your data, never. Detection and redaction run entirely on your Mac — no accounts, no telemetry, no upload of your content. Two network calls exist: a signed Sparkle update check (on by default — turn it off in Settings → Updates) and an optional local Ollama pass (loopback to 127.0.0.1:11434, which only ever sees text that's already been redacted). Neither sends your data anywhere.

Can it watch my clipboard automatically?

Yes — clipboard watch is opt-in. Turn it on and Redactor polls your clipboard locally; the moment you copy something containing a secret, a one-click redact prompt appears in the top-right. It fires only on real secrets and stays entirely on-device.

Will it stop me committing a secret to git?

Yes — the bundled redactor CLI scans staged changes. Add a git pre-commit hook that calls it:

printf '#!/bin/sh\nexec redactor scan --staged --strict\n' > .git/hooks/pre-commit
chmod +x .git/hooks/pre-commit

Put redactor on your PATH first — it ships inside the app at /Applications/Redactor.app/Contents/MacOS/redactor. --strict blocks the commit when a secret is found; drop it to warn without blocking.

Can it redact screenshots?

Yes. Drop in or capture an image and Apple Vision OCR reads the text on-device. Redactor draws a tight black box over each offending substring and gives you a redacted PNG straight to the clipboard or via Save….

How do I use it with Claude or Cursor?

Redactor ships a built-in MCP server, so your AI tools can scan, redact, and restore through tool calls — no copy-paste dance. See the homepage for the one-line setup for Claude, Cursor, and other MCP clients.

Can I get the real values back?

Yes — that's the round-trip. Redact swaps secrets for realistic fakes and keeps a map in memory; once the AI replies, Restore slots the real values back exactly where the fakes were. The map never touches disk.

Won't it flag random strings?

No — detectors are validated, not guessed. Credit cards must pass the Luhn check, IBANs the mod-97 checksum, German Tax-IDs the ISO 7064 check, and high-entropy tokens have to clear an entropy threshold. That's how it stays quiet on ordinary text.

Is it free? What do I need?

Yes, it's free. Redactor is a menu-bar app for Apple-silicon Macs running macOS 13 or newer, and it keeps itself current via Sparkle auto-updates.

Does Redactor make us GDPR / DORA / BAIT compliant?

No — and we won't pretend otherwise. Redactor is one technical control, not a certification. What it does is support specific control objectives: GDPR data minimisation and pseudonymisation (Art. 5/25), DORA confidentiality and leakage-prevention (Art. 9, 28/30), BAIT/VAIT and MaRisk IT-confidentiality, BSI C5 secret-handling (CRY-01/IDM-08), ISO 27001 data-leakage prevention (A.8.12), and minimising what reaches AI under the EU AI Act — all by keeping secrets and personal data on your machine. Compliance itself stays your organisation's responsibility; Redactor is the on-device piece that makes the data-minimisation story credible.

Is it suitable for banks, insurers and other regulated teams?

That's exactly who it's built for. Redactor comes from ZERODOTFIVE Hamburg, who help BaFin-supervised banks and insurers adopt Cloud & AI. It runs 100% on-device, is deterministic and reversible, and keeps a value-free audit log (category counts + timestamps, never the data itself) — the kind of auditable, on-device control that holds up in front of a risk team.

Make secret-awareness a habit

On-device. Free. Running in the menu bar in under a minute.