Try it. Right now.
Paste text or drop a file (PDF, Word, Excel, PowerPoint, image). First load downloads the model (~250MB) from this site — no third-party CDN — cached after.
Every inference verified. Every byte accounted for. No server to trust.
Looking for the simple version to share with your team? See the user-facing page →
Your employees are already using AI tools. The risk isn't the AI — it's sending unredacted patient records, financial statements, or legal transcripts to an external model.
ZeroEgress removes the sensitive information before anything leaves the device. What gets shared with the AI contains no names, no IDs, no protected data.
Anyone who needs to share documents without sharing the sensitive parts.
Share patient files with researchers. Remove names, doctors, hospitals. HIPAA Safe Harbor de-identification in seconds, not hours.
Prepare documents for discovery or opposing counsel. Strip names and locations from transcripts, contracts, case files.
Anonymize employee complaints, performance reviews, or investigation reports before sharing with external consultants.
Remove client names, account numbers, and SSNs from financial documents before audit or regulatory submission.
Anonymize student records for research or reporting. FERPA compliance without manual redaction.
If you can't send unredacted documents to the cloud, but you need AI-quality redaction — this is how.
Every alternative sends your data somewhere. ZeroEgress doesn't.
| ChatGPT / Claude | AWS Comprehend | Redactable | Presidio / CaseGuard | Adobe | ZeroEgress | |
|---|---|---|---|---|---|---|
| Data stays on device | ✗ | ✗ | ✗ | ✓ (needs server) | ✗ (online) / ✓ (desktop) | ✓ |
| AI-powered detection | ✓ | ✓ | ✓ | ✓ | ✗ | ✓ |
| No installation needed | ✓ | ✗ | ✓ | ✗ | ✓ (online) | ✓ |
| Cryptographic audit trail | ✗ | ✗ | Audit log (not cryptographic) | Partial | ✗ | ✓ |
| Memory clearing (NIST) | ✗ | ✗ | ✗ | ✗ | ✗ | ✓ |
| Verifiable (DevTools) | ✗ | ✗ | ✗ | ✗ | ✗ | ✓ |
| Cost per document | API fees | API fees | From $19/mo | License | $19.99/mo | Free (beta) |
For a detailed comparison with specific redaction tools, see the full comparison →
For the security team. Everything your CISO will ask about.
The AI model (DistilBERT fine-tuned for NER, dslim/distilbert-NER, ~250MB) runs locally via WebAssembly. During processing, zero outbound requests. Verify: open DevTools → Network tab.
AES-256-GCM via SubtleCrypto API. Keys are non-extractable — JavaScript cannot read them. They exist only in hardware.
SubtleCryptoEach session derives unique HMAC keys from a master key via HKDF-SHA256 with session-specific context. Sessions are cryptographically isolated — audit entries from a prior session cannot be verified under a new session's key. Sessions expire after 1 hour; re-authentication required.
HKDF-SHA256 Session isolationAfter every operation, plaintext is overwritten with a 3-pass NIST SP 800-88 compliant sequence. XOR bit-difference verification confirms the wipe.
NIST SP 800-88 CompliantEvery step — encrypt, decrypt, infer, wipe — is logged to an HMAC-SHA256 chain. Export as JSON or CSV for regulatory compliance.
HMAC-SHA256Decrypted data cannot exist in memory beyond a configurable T_max. If exceeded, emergency wipe triggers automatically.
T_max enforcedCross-Origin-Opener-Policy (COOP) and Cross-Origin-Embedder-Policy (COEP) headers prevent Spectre-class side-channel attacks. WASM runs in a sandboxed execution environment.
COOP/COEPSensitive comparisons use constant-time operations (bitwise, branch-free) to prevent timing side channels. Memory fences around wipe passes prevent compiler or CPU reordering. Saturating bounds checks on user-controlled indices mitigate Spectre-style speculative execution attacks. Sensitive key material is stored on 64-byte cache-line aligned buffers.
Constant-time Cache-aligned Spectre mitigationRedacted PDFs are built from scratch via new jsPDF(). The original file's bytes are never copied — only the extracted, NER-processed, redacted text is rendered into a fresh document. No author metadata, XMP streams, revision history, or embedded scripts carry through. Coverage note: extraction reads the document's text layer, comments, and form fields, and standalone image files are run through OCR — but text inside images embedded within a document is not OCR'd in place and will pass through unredacted. Extract such images as separate files to redact them.
Alongside static redaction, entities can be replaced with reusable tokens — [NAME_1], [EMAIL_1], [PHONE_1]. The tokenized text can be pasted into an external AI tool; the tool's response is then run through the local Reveal map, which restores the original entity values. The reveal map never leaves the browser and is discarded when the session ends.
Content patterns in the input — MRN numbers, IBANs, CVE identifiers, case numbers, APT indicators — select one of nine regulatory profiles (healthcare, financial, legal, legal_strict, cybersecurity, content_moderation, government, communication, default). Each profile sets a different T_max plaintext memory window. The detection runs entirely in the browser as deterministic regex matching against the extracted text, and the selection can be overridden at any time via the T_max dropdown.
Continuation patent 19/636,972Redacted documents are generated as new files — original text is never present in the output. No hidden layers, no recoverable data. Unlike pixel-burn approaches, output remains searchable and accessible — because it's real text, not a flattened image.
New file generationSOC 2, ISO 27001, and HIPAA certifications audit server-side data handling. ZeroEgress has no server-side data handling — documents never leave your device. The compliance question doesn't apply to our architecture.
For your organization's compliance work: since no data leaves the device, ZeroEgress doesn't create new compliance obligations. No DPA needed. See our Privacy Policy for details.
All seven steps — including Named Entity Recognition (NER) inference — execute inside the browser. The model never sees a server. The audit chain records every step with cryptographic integrity.
Paste text or drop a file (PDF, Word, Excel, PowerPoint, image). First load downloads the model (~250MB) from this site — no third-party CDN — cached after.