Last updated: April 13, 2026
Redacta is operated by Sandia Development Group, LLC, a New Mexico limited liability company (“Redacta,” “we,” “us,” “our”). Redacta is a PII (Personally Identifiable Information) scrubbing proxy that sits between your application and LLM providers (OpenAI, Anthropic, or Google Gemini). Our service detects and replaces sensitive data before it reaches any AI model, then restores it in the response. The Service is offered to customers in the United States only.
When you sign up via GitHub or Google OAuth, we receive your name, email address, and profile image from the OAuth provider. We do not receive or store your OAuth provider password.
When you create a Redacta proxy key, you provide your real LLM provider API key (OpenAI or Anthropic). This key is encrypted using AES-256-GCM and stored in encrypted form only. The plaintext key exists in server memory only during the brief moment it is used to forward your request to the provider. It is never logged, displayed, or transmitted to any third party other than the LLM provider it belongs to.
When you use the API proxy, the text content of your LLM requests passes through our servers. We scan this content for PII using automated regex pattern matching and NER (Named Entity Recognition) models. For each request we store:
If a request to the upstream provider fails after we have scrubbed the content, the corresponding token mappings remain in the database until the retention window elapses — they are not immediately deleted on upstream failure.
When you use the document scanner, the uploaded file's bytes are parsed in memory on our servers, scanned for PII, and the results are returned to you. The uploaded file itself is not persisted to disk. However, we do store a record of the scan, which includes:
Because filenames can themselves contain personal data (for example, “patient_records_Jane_Doe.pdf”), you should rename files before upload if you do not want the name stored.
Payment processing is handled entirely by Stripe, Inc. We do not receive, process, or store your credit card number, bank account details, or other payment credentials. We receive only your Stripe customer ID and subscription status.
We collect aggregated usage metrics: number of scans, number of redactions, entity type breakdowns, and latency measurements. This data is used to display your dashboard, enforce plan limits, and generate aggregated reports.
We maintain an audit log of administrative and billing events associated with your account — for example, API key creation and revocation, plan changes, retention-window changes, and billing cycle resets. Each audit log entry stores the event type, the affected resource, structured metadata describing the event, the IP address from which the event originated, and a timestamp. Audit log entries are retained for thirteen (13) months and then automatically purged. Business-plan customers may list their own audit log entries through the dashboard.
When you click the “Not PII” (false-positive) button on a detection in the document scanner, you affirmatively send the following data to Redacta and authorize us to store and use it:
We use false-positive reports to (a) update our public blocklist once a term has been reported enough times and (b) fine-tune our proprietary PII detection models. False-positive reports are retained for up to 365 days and then automatically purged. We do not share false-positive report data with OpenAI, Anthropic, or any other third party, and we do not use it to train any LLM belonging to an LLM provider.
Do not submit text containing real personal data through the Report button. The purpose of the feature is to correct over-detection of non-PII terms; if the flagged value or surrounding context actually is sensitive, do not submit it.
You may turn off false-positive reporting for your account at any time from the Settings page. When reporting is turned off, clicks on the “Not PII” button do not transmit or store any data on our servers.
Apart from false-positive reports you voluntarily submit, we do not use the content of your API requests, responses, or uploaded documents to train any machine learning model.
No security program eliminates all risk. You should use API keys with the minimum permissions necessary and rotate them promptly if you suspect compromise.
We do not sell or share your personal information, as those terms are defined under the California Consumer Privacy Act (Cal. Civ. Code § 1798.140). We do not rent your personal information to anyone, and we do not use it for cross-context behavioral advertising.
We do engage the following service providers (“sub-processors”) to operate the Service. Each receives only the data necessary for its specific purpose:
We may disclose information if required by a subpoena, court order, or other legal process, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
For business customers requiring a written data processing agreement, see our Data Processing Addendum, which is incorporated by reference into the Terms of Service for any customer who Processes personal data of individuals through the Service.
You have the right to:
To exercise these rights, contact us at privacy@getredacta.com. We will respond within 30 days of a verified request.
If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, “CCPA”), grants you specific rights regarding the personal information we collect:
To exercise a California privacy right, email privacy@getredacta.com. We will verify your request by matching the email address on file for your account.
We use a single session cookie for authentication (a NextAuth JWT session cookie). We do not use tracking cookies, advertising cookies, or third-party analytics services.
Redacta publishes a browser extension for Chrome, Edge, Firefox, and Safari that scrubs personal information in messages and file uploads on the four supported AI chat sites (claude.ai, chatgpt.com, chat.openai.com, and gemini.google.com). This section applies to the extension specifically.
Default behavior: With usage reporting turned off (the default), the extension collects nothing. Detection runs locally in your browser using regular-expression matching. The text of your messages, the contents of the files you upload, and the original PII values never leave your browser.
If you opt into usage reporting: When you toggle “Report to my account” on in the extension popup, the extension sends an anonymized aggregate to https://api.getredacta.com/api/extension/redactions after each redaction event. The aggregate contains: the provider host (e.g. “claude.ai”), a count of redactions performed, and entity-type counts (for example, { EMAIL: 2, US_SSN: 1 }). The extension never transmits message text, file contents, redacted values, or original PII values to any server.
No third parties: Data received via the reporting endpoint is used only to populate your own Redacta dashboard and to enforce the redaction limit on your plan. It is not shared with any third party, and is not used to train any machine-learning model.
Permissions and why they exist: The extension requests storage (to save your preferences in local browser storage), activeTab (to display the correct provider in the popup), and host access to the four listed chat sites plus api.getredacta.com. No other hosts are accessed.
You can turn off the extension at any time from the popup, disable reporting separately, or uninstall it from your browser's extension manager. No server-side record of the extension ever existed if you never opted into reporting.
Redacta is not intended for use by individuals under the age of 18, consistent with Section 3 of our Terms of Service. We do not knowingly collect personal information from children under 13 as defined by the Children's Online Privacy Protection Act (COPPA). If we learn that we have inadvertently collected personal information from a child under 13, we will delete it.
We may update this privacy policy from time to time. For material changes, we will notify registered users by email at least 30 days before the change takes effect. The “Last updated” date at the top of this page indicates the most recent revision.
For questions about this privacy policy or our data practices, contact us at privacy@getredacta.com.
Sandia Development Group, LLC
New Mexico, United States