ZeroEgress — Security & Architecture

Want to use ChatGPT on your documents?
Clean them first.

Your employees are already using AI tools. The risk isn't the AI — it's sending unredacted patient records, financial statements, or legal transcripts to an external model.

ZeroEgress removes the sensitive information before anything leaves the device. What gets shared with the AI contains no names, no IDs, no protected data.

Drop the document into ZeroEgress

→

Download the de-identified version

→

Upload that to ChatGPT, Claude, or any AI

Zero compliance risk. Full AI productivity.

Try it now — free

Who is this for?

Anyone who needs to share documents without sharing the sensitive parts.

🏥

Healthcare

Share patient files with researchers. Remove names, doctors, hospitals. HIPAA Safe Harbor de-identification in seconds, not hours.

⚖️

Legal

Prepare documents for discovery or opposing counsel. Strip names and locations from transcripts, contracts, case files.

👥

Human Resources

Anonymize employee complaints, performance reviews, or investigation reports before sharing with external consultants.

🏦

Finance

Remove client names, account numbers, and SSNs from financial documents before audit or regulatory submission.

🏫

Education

Anonymize student records for research or reporting. FERPA compliance without manual redaction.

🔒

Any regulated industry

If you can't send unredacted documents to the cloud, but you need AI-quality redaction — this is how.

What it detects

Person names Organizations Locations Email addresses Phone numbers Social Security Numbers Credit card numbers Dates ZIP codes URLs Account / MRN numbers License numbers Vehicle VINs IP addresses

Why not just use ChatGPT?

Every alternative sends your data somewhere. ZeroEgress doesn't.

	ChatGPT / Claude	AWS Comprehend	Redactable	Presidio / CaseGuard	Adobe	ZeroEgress
Data stays on device	✗	✗	✗	✓ (needs server)	✗ (online) / ✓ (desktop)	✓
AI-powered detection	✓	✓	✓	✓	✗	✓
No installation needed	✓	✗	✓	✗	✓ (online)	✓
Cryptographic audit trail	✗	✗	Audit log (not cryptographic)	Partial	✗	✓
Memory clearing (NIST)	✗	✗	✗	✗	✗	✓
Verifiable (DevTools)	✗	✗	✗	✗	✗	✓
Cost per document	API fees	API fees	From $19/mo	License	$19.99/mo	Free (beta)

Under the hood

For the security team. Everything your CISO will ask about.

Zero network egress

The AI model runs locally via WebAssembly. During processing, zero outbound requests. Verify: open DevTools → Network tab.

Verifiable

End-to-end encryption

AES-256-GCM via SubtleCrypto API. Keys are non-extractable — JavaScript cannot read them. They exist only in hardware.

SubtleCrypto

Memory clearing

After every operation, plaintext is overwritten with a 3-pass NIST SP 800-88 compliant sequence. XOR bit-difference verification confirms the wipe.

NIST SP 800-88 Compliant

Tamper-evident audit

Every step — encrypt, decrypt, infer, wipe — is logged to an HMAC-SHA256 chain. Export as JSON or CSV for regulatory compliance.

HMAC-SHA256

Bounded plaintext window

Decrypted data cannot exist in memory beyond a configurable T_max. If exceeded, emergency wipe triggers automatically.

T_max enforced

Browser isolation

COOP/COEP headers prevent Spectre-class side-channel attacks. WASM runs in a sandboxed execution environment.

COOP/COEP

PDF output construction

Redacted PDFs are built from scratch via new jsPDF(). The original file's bytes are never copied — only the extracted, NER-processed, redacted text is rendered into a fresh document. No author metadata, XMP streams, revision history, or embedded scripts carry through.

Zero metadata carry-through

Permanent redaction, real text

Redacted documents are generated as new files — original text is never present in the output. No hidden layers, no recoverable data. Unlike pixel-burn approaches, output remains searchable and accessible — because it's real text, not a flattened image.

New file generation

Try it. Right now.

Paste text or drop a file (PDF, Word, Excel, PowerPoint, image). First load downloads the model (~250MB, cached after).

Drop file here — PDF, Word, Excel, PowerPoint, image, or text file

AES-256-GCM T_max:

Keep specific text from redaction (optional, comma-separated):

Custom entity patterns (optional, Name:regex, comma-separated, max 10, 200 chars each):

Annotated Text

Scan a document to see results

Audit Chain — NOT VERIFIED

No events yet

The architecture is the privacy policy.

Before

After

Want to use ChatGPT on your documents?
Clean them first.

Who is this for?

Healthcare

Legal

Human Resources

Finance

Education

Any regulated industry

What it detects

Why not just use ChatGPT?

Under the hood

Zero network egress

End-to-end encryption

Memory clearing

Tamper-evident audit

Bounded plaintext window

Browser isolation

PDF output construction

Permanent redaction, real text

Try it. Right now.

The architecture is the privacy policy.

Before

After

Want to use ChatGPT on your documents?Clean them first.

Who is this for?

Healthcare

Legal

Human Resources

Finance

Education

Any regulated industry

What it detects

Why not just use ChatGPT?

Under the hood

Zero network egress

End-to-end encryption

Memory clearing

Tamper-evident audit

Bounded plaintext window

Browser isolation

PDF output construction

Permanent redaction, real text

Try it. Right now.

Want to use ChatGPT on your documents?
Clean them first.