Redact PII before it ever leaves your machine.

OSSRedact is the gate between you and the closed models. Personal data is masked on the way out and restored on the way back, by a trained French-Quebec and English model that runs entirely on your own machine. The model is yours, on open weights.

Try the demo How it works

0.9964
detection recall, held-out: 1.7 ms
clean fast-path: FR + EN
Quebec + English PII

Your prompton your machine

Internal note: client file, SIN <GOVERNMENT_ID_001>, account <PAYMENT_CARD_001>, call back at <PHONE_NUMBER_001> to confirm the balance.

redact · only placeholders leave

Closed model · sees placeholders only

Internal note: client file, SIN <GOVERNMENT_ID_001>, account <PAYMENT_CARD_001>, call back at <PHONE_NUMBER_001> to confirm the balance.

rehydrate · real values restored

Back on your machineon your machine

<GOVERNMENT_ID_001>046 454 286

<PAYMENT_CARD_001>004-05581-7654321

<PHONE_NUMBER_001>514-555-0188

3 values redacted · 0 bytes left this machineNetwork: 0 requests

What is inside

A privacy gateway, not just a regex.

The deterministic floor

Always on. The guaranteed catch, with no model in the path.

Always-on secrets floor

100% of 4,365 injected secrets caught, 0 decoy false positives.

sk-live-7f3a…e1→

<API_KEY_001>

ghp_4Kd…9Z→

<TOKEN_001>

-----BEGIN KEY-----→

<PRIVATE_KEY_001>

Tier-0 structured PII

Structured categories caught deterministically.

SIN

credit card

IBAN

account

phone

postal

dates

caught deterministically · no model in the path

The on-device neural model

A trained model finds the rest, without your data ever leaving the machine.

On-device model detection

French-Quebec and English PII, on your CPU, GPU, or NPU.

CPU

GPU

NPU

~42 ms

model runs locally · no detection API call

Built for Quebec

SIN/NAS, Quebec addresses, bilingual text generic tools miss.

FRENLaw 25 aligned

SIN→

<GOVERNMENT_ID_001>

· H2X 1Y4

The round trip

Redact on the way out, rehydrate on the way back. The move nobody else has.

Stable entity map

Same value, same placeholder, so responses rehydrate losslessly.

046 454 286→

<GOVERNMENT_ID_001>

046 454 286→

<GOVERNMENT_ID_001>

same value → same placeholder, every time

Streaming rehydration

Placeholders split across stream tokens are reassembled mid-stream.

<GOV

ERNMENT_ID

_001>

→

046 454 286

split across stream tokens, reassembled|

Per-project policy

Session overrides project. The secrets floor stays on.

PII detection

Secrets flooralways on

Names (neural)

Where it fits

A gateway you own, not a hop you rent.

Most ways to scrub PII send your text to someone else's server or stop at one-way redaction. OSSRedact keeps the detection, the model, and the data on your machine.

OSSRedact

on your machine

Cloud PII / DLP

a service you rent

Where your text is scanned

On your machine (CPU / GPU / NPU)

Sent to their servers

The detection model

Open weights, yours to keep

Closed, vendor-controlled

The round trip

Redact out, rehydrate back losslessly

Redaction only, one way

French-Quebec PII

Trained on FR-Quebec and English

English-first, generic

What it sends home

Nothing. No account, no telemetry

Your text, plus telemetry

Cost to run

Free, runs locally

Per-call billing

Trust by structure

The privacy comes from what is missing.

Other tools add encryption, dashboards, and certifications. OSSRedact removes the parts that leak: the server, the account, the telemetry, the egress.

Verify it yourself

Open the demo, turn off your wifi, and redact a sample. The browser console makes no requests, because nothing has to leave.

Networkrecording

namestatussize

no requests captured

0requests

0 Btransferred

0 mson the wire

wifi connected still redacts

Run the live demo

No detection API call

The model runs on your own CPU, GPU, or NPU.

POST /detecton-device

No account, no telemetry

Nothing to sign up for, nothing phones home.

telemetryoff

No data egress

Only typed placeholders ever reach the model.

Marie Tremblay[NAME_1]

No vendor lock

Open weights, yours to keep and to run.

licenseMIT

Measured, not claimed

Higher recall, far fewer false positives.

0.9964
Detection recall: 12
False positives on clean text

See the full benchmarks

OSSRedact Microsoft Presidio

ALL-CAPS gate0.955 vs 0.779

v6 validation0.990 vs 0.759

canonical0.986 vs 0.798

Recall is the leak-prevention rate, measured on held-out Quebec FR/EN sets against Presidio on the same sets and metric.

Real values out, tokens in -- before anything is sent.

Paste your own text and watch the swap happen, with an empty Network tab.

Try the demo View on GitHub