Drop a PDF, DOCX, or paste text. AI finds names, emails, phone numbers, SSNs, and credit cards. You choose what to redact. Nothing leaves your device.
Anyone who needs to share documents without sharing the sensitive parts.
Share patient files with researchers. Remove names, doctors, hospitals. HIPAA Safe Harbor de-identification in seconds, not hours.
Prepare documents for discovery or opposing counsel. Strip names and locations from transcripts, contracts, case files.
Anonymize employee complaints, performance reviews, or investigation reports before sharing with external consultants.
Remove client names, account numbers, and SSNs from financial documents before audit or regulatory submission.
Anonymize student records for research or reporting. FERPA compliance without manual redaction.
If you can't send unredacted documents to the cloud, but you need AI-quality redaction — this is how.
Every alternative sends your data somewhere. ZeroEgress doesn't.
| ChatGPT / Claude | AWS Comprehend | Presidio / CaseGuard | Manual (Adobe) | ZeroEgress | |
|---|---|---|---|---|---|
| Data stays on device | ✗ | ✗ | ✓ (needs server) | ✓ | ✓ |
| AI-powered detection | ✓ | ✓ | ✓ | ✗ | ✓ |
| No installation needed | ✓ | ✗ | ✗ | ✗ | ✓ |
| Cryptographic audit trail | ✗ | ✗ | Partial | ✗ | ✓ |
| Memory clearing (NIST) | ✗ | ✗ | ✗ | ✗ | ✓ |
| Verifiable (DevTools) | ✗ | ✗ | ✗ | ✗ | ✓ |
| Cost per document | API fees | API fees | License | 3+ hours | Free |
For the security team. Everything your CISO will ask about.
The AI model runs locally via WebAssembly. During processing, zero outbound requests. Verify: open DevTools → Network tab.
VerifiableAES-256-GCM via SubtleCrypto API. Keys are non-extractable — JavaScript cannot read them. They exist only in hardware.
SubtleCryptoAfter every operation, plaintext is overwritten with a 3-pass NIST SP 800-88 sequence. XOR bit-difference verification confirms the wipe.
NIST SP 800-88Every step — encrypt, decrypt, infer, wipe — is logged to an HMAC-SHA256 chain. Export as JSON or CSV for regulatory compliance.
HMAC-SHA256Decrypted data cannot exist in memory beyond a configurable T_max. If exceeded, emergency wipe triggers automatically.
T_max enforcedCOOP/COEP headers prevent Spectre-class side-channel attacks. WASM runs in a sandboxed execution environment.
COOP/COEPAll seven steps execute inside the browser. The model never sees a server. The audit chain records every step with cryptographic integrity.
Paste text or drop a document. First load downloads the model (~250MB, cached after).