Last updated: April 13, 2026
By accessing or using Redacta (the “Service”), operated by Sandia Development Group, LLC, a New Mexico limited liability company (“Redacta,” “we,” “us,” “our”), you agree to be bound by these Terms of Service (the “Terms”). If you do not agree, do not use the Service. If you are using the Service on behalf of a company or other entity, you represent that you have authority to bind that entity to these Terms, in which case “you” means that entity.
Redacta is a PII (Personally Identifiable Information) scrubbing proxy that:
You must create an account to use the Service. You are responsible for maintaining the confidentiality of your account credentials and Redacta API keys. You are responsible for all activity that occurs under your account.
You must provide accurate and complete information when creating your account. You must be at least 18 years old to use the Service.
Geographic scope. The Service is offered to customers located in the United States only. By creating an account or using the Service, you represent that you are physically located in, and using the Service from, the United States, and that you will not use the Service to transfer personal data of individuals located in the European Economic Area, the United Kingdom, or Switzerland. We may block access from other regions and may terminate accounts that appear to be located outside the United States.
When you provide your LLM provider API key to Redacta, you authorize us to use that key solely for the purpose of forwarding your scrubbed requests to the provider on your behalf. You are responsible for:
We encrypt your provider API key with AES-256-GCM and never store it in plaintext. We maintain commercially reasonable administrative, technical, and physical safeguards designed to protect your data, including encryption in transit and at rest, access controls, and incident response procedures. We will notify you without undue delay, and in any event within seventy-two (72) hours of confirmation, of any confirmed security incident affecting your Customer Content. However, no security program eliminates all risk, and we cannot guarantee absolute security. You should use API keys with the minimum permissions necessary.
Redacta offers the following plans:
A “redaction” is one PII entity detected and replaced. For example, a single API request containing a name, an email, and an SSN counts as 3 redactions. Requests that contain no PII (“clean scans”) are free and unlimited on all plans.
On paid plans, if you exceed your monthly redaction allowance, additional redactions are billed at the overage rate for your plan. On the Free plan, requests that would require redaction will be rejected with a 429 status code once the limit is reached.
All payments are processed by Stripe. By subscribing to a paid plan, you agree to Stripe's Terms of Service. Subscriptions are billed monthly and renew automatically until canceled.
All self-serve plans (Developer, Team, and Business) are month-to-month. You may cancel at any time via the Settings page or the Stripe customer portal. Cancellation takes effect at the end of the current billing period. No refunds are provided for partial months.
Enterprise contracts carry an annual minimum term as agreed in the applicable order form. You may request cancellation at any time, but the contracted amount remains due through the end of the term. Enterprise renewals are annual and auto-renew unless you notify us in writing at least 30 days before the renewal date.
Each plan includes a per-API-key rate limit to ensure service stability:
Requests exceeding the rate limit will receive a 429 status code. Rate limits apply per API key, not per account. We may monitor aggregate usage patterns to detect abuse and plan capacity.
You agree not to:
No Protected Health Information (PHI). You may not submit Protected Health Information, as defined under the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”), through the Service. Redacta is not a “Business Associate” within the meaning of HIPAA, does not sign Business Associate Agreements, and the Service is not designed or intended to satisfy HIPAA safeguard requirements. If you are a covered entity, a business associate, or otherwise subject to HIPAA, do not transmit PHI through Redacta. You are solely responsible for ensuring that content you submit does not contain PHI.
Redacta uses automated pattern matching and machine learning models to detect PII. While we strive for high accuracy, we do not guarantee that all PII will be detected or that no false positives will occur. Specifically:
False-positive reporting. The dashboard includes a “Not PII” button that lets you report a detection you believe was a false positive. When you submit a false-positive report, you affirmatively send to Redacta the flagged text (up to 200 characters), the entity type our detector assigned to it, and up to 500 characters of surrounding context. Redacta stores this data for up to 365 days and uses it to update the public blocklist and fine-tune our proprietary PII detection models. Further detail is set out in Section 2.8 of the Privacy Policy.
Do not submit Customer Content containing real personal data through the false-positive reporting feature. The feature exists to correct over-detection of non-PII terms. If the flagged value or surrounding context is actually sensitive, do not submit it. You may disable false-positive reporting for your account at any time from the Settings page.
The Service, including its code, design, documentation, detection models, and blocklists, is owned by Sandia Development Group, LLC and protected by applicable intellectual property laws. Your use of the Service does not grant you any ownership rights in the Service.
Your Customer Content. You retain all rights to your own content, including the content of API requests you route through the proxy, LLM responses, and documents you upload to the scanner (collectively, “Customer Content”). We claim no ownership over your Customer Content. You grant us a limited, non-exclusive, worldwide, royalty-free license to process your Customer Content solely as necessary to provide the Service to you.
False-Positive Reports. You grant Redacta a perpetual, irrevocable, worldwide, royalty-free, transferable, sublicensable license to use, reproduce, modify, create derivative works of, and distribute any false-positive report you submit through the Service, including the flagged text and any surrounding context contained in the report, for the purposes of (a) updating and maintaining our blocklist and (b) training, tuning, and evaluating our proprietary PII detection models. This license survives termination of your account, to the extent the report has already been incorporated into our blocklist or training datasets at the time of termination.
No training use of other Customer Content. Apart from false-positive reports you voluntarily submit, we do not use the content of your API requests, responses, or uploaded documents to train or fine-tune any machine learning model, and we do not share your Customer Content with OpenAI, Anthropic, Google, or any other party for training purposes.
The Service forwards requests to third-party LLM providers (OpenAI, Anthropic, and Google via the Gemini API) using API keys you supply. Your use of those providers is governed by their respective terms of service and privacy policies, which we do not control. Redacta is not responsible for the acts or omissions of any third-party LLM provider, nor for any content generated by their models. You are responsible for complying with any applicable terms of your LLM provider.
THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. WE DO NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR COMPLETELY SECURE, OR THAT ALL PII WILL BE DETECTED. WE DO NOT WARRANT THE ACCURACY, COMPLETENESS, OR LEGALITY OF ANY OUTPUT GENERATED BY A THIRD-PARTY LLM PROVIDER AND DELIVERED THROUGH THE SERVICE.
TO THE MAXIMUM EXTENT PERMITTED BY LAW, SANDIA DEVELOPMENT GROUP, LLC SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, DATA, OR BUSINESS OPPORTUNITIES, ARISING OUT OF OR IN CONNECTION WITH YOUR USE OF THE SERVICE, REGARDLESS OF THE LEGAL THEORY AND EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
OUR TOTAL AGGREGATE LIABILITY FOR ALL CLAIMS ARISING FROM OR RELATED TO THE SERVICE SHALL NOT EXCEED THE GREATER OF (A) THE AMOUNT YOU PAID US IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM OR (B) ONE HUNDRED U.S. DOLLARS ($100).
We are not liable for any PII that is not detected by our system, or for any actions taken by LLM providers with the content forwarded through our proxy.
You agree to indemnify, defend, and hold harmless Sandia Development Group, LLC, its officers, members, employees, and agents from any claims, damages, losses, liabilities, and expenses (including reasonable legal fees) arising out of (a) your use of the Service, (b) your Customer Content, (c) your violation of these Terms, or (d) your violation of any rights of a third party, including intellectual property or privacy rights.
We may suspend or terminate your account at any time if you violate these Terms or engage in conduct that we determine is harmful to the Service or other users. You may delete your account at any time via the Settings page.
Upon termination, your right to use the Service ceases immediately. We will delete your account data in accordance with the retention schedule in the Privacy Policy, generally within thirty (30) days of a verified account deletion request. The license grant in Section 9 covering false-positive reports survives termination to the extent the report has already been incorporated into our blocklist or training datasets.
These Terms are governed by and construed in accordance with the laws of the State of New Mexico, without regard to its conflict-of-laws provisions. The United Nations Convention on Contracts for the International Sale of Goods does not apply to these Terms.
Subject to Section 17, any action or proceeding arising out of or relating to these Terms or the Service shall be brought exclusively in the state or federal courts located in Bernalillo County, New Mexico, and each party irrevocably submits to the exclusive jurisdiction of those courts. EACH PARTY IRREVOCABLY WAIVES ANY RIGHT TO A TRIAL BY JURY IN ANY SUCH ACTION OR PROCEEDING.
PLEASE READ THIS SECTION CAREFULLY. IT AFFECTS YOUR LEGAL RIGHTS, INCLUDING YOUR RIGHT TO FILE A LAWSUIT IN COURT AND TO HAVE A JURY HEAR YOUR CLAIMS.
Except as set forth below, any dispute, claim, or controversy arising out of or relating to these Terms or the Service, whether based in contract, tort, statute, fraud, misrepresentation, or any other legal theory (a “Dispute”), shall be resolved by binding individual arbitration administered by JAMS under its Streamlined Arbitration Rules and Procedures. The arbitration shall be conducted in Bernalillo County, New Mexico, or by videoconference. The arbitrator's decision shall be final and binding, and judgment on the award may be entered in any court of competent jurisdiction.
Class Action Waiver. YOU AND REDACTA AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR ITS INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS, CONSOLIDATED, OR REPRESENTATIVE PROCEEDING. The arbitrator may not consolidate more than one person's claims and may not preside over any form of representative or class proceeding.
Exceptions. Notwithstanding the foregoing, either party may (a) bring an individual action in small-claims court, and (b) seek injunctive or other equitable relief in a court of competent jurisdiction to prevent the actual or threatened infringement, misappropriation, or violation of its intellectual property rights.
30-Day Opt-Out. You may opt out of this Section 17 by sending a written notice to legal@getredacta.com within 30 days of the date you first accept these Terms. Your notice must include your name, your account email address, and a clear statement that you wish to opt out of the arbitration provision. If you opt out, Sections 15 and 16 continue to apply to any Dispute.
Confidential Information. “Confidential Information” means any non-public information disclosed by one party (the “Disclosing Party”) to the other (the “Receiving Party”) that is identified as confidential at the time of disclosure or that a reasonable person would understand to be confidential given the nature of the information and the circumstances of disclosure. Confidential Information includes, without limitation: (a) Customer Content processed through the Service; (b) Customer's API keys, account credentials, and configuration data; (c) Redacta's source code, detection logic, blocklists, model weights, and non-public technical and business information; and (d) the terms of any non-public commercial agreement between the parties.
Exclusions. Confidential Information does not include information that: (a) is or becomes publicly available through no fault of the Receiving Party; (b) was rightfully in the Receiving Party's possession before disclosure, free of any confidentiality obligation; (c) is rightfully obtained from a third party without restriction on disclosure; or (d) is independently developed by the Receiving Party without use of or reference to the Confidential Information.
Obligations. The Receiving Party will: (i) use the Disclosing Party's Confidential Information solely to perform its obligations or exercise its rights under these Terms; (ii) protect Confidential Information using at least the same degree of care it uses to protect its own confidential information of similar nature, but in no event less than reasonable care; (iii) limit access to Confidential Information to employees, contractors, and agents who need the information for the purposes above and who are bound by written confidentiality obligations no less protective than this Section 18; and (iv) promptly notify the Disclosing Party of any unauthorized use or disclosure of Confidential Information.
Compelled disclosure. The Receiving Party may disclose Confidential Information to the extent required by law, court order, or governmental regulation, provided that, where legally permissible, the Receiving Party gives the Disclosing Party prompt written notice and reasonable assistance in seeking a protective order or other appropriate remedy.
Term and return. The confidentiality obligations in this Section 18 survive for three (3) years after termination of these Terms, except that obligations relating to information that constitutes a trade secret continue for as long as such information remains a trade secret under applicable law. Upon termination, each party will, at the Disclosing Party's written request, return or destroy all Confidential Information of the Disclosing Party in its possession, except to the extent retention is required by law or by automated backup systems from which prompt deletion is impractical.
ANY CLAIM OR CAUSE OF ACTION ARISING OUT OF OR RELATED TO YOUR USE OF THE SERVICE OR THESE TERMS MUST BE FILED WITHIN ONE (1) YEAR AFTER THE CLAIM OR CAUSE OF ACTION AROSE, OR BE FOREVER BARRED, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
We will not be liable for any failure or delay in performance to the extent caused by circumstances beyond our reasonable control, including acts of God, natural disasters, war, terrorism, civil unrest, governmental action, labor disputes, internet or power outages, failures of upstream service providers (including LLM providers and cloud infrastructure), or pandemics.
You may not assign or transfer these Terms or any rights or obligations under them without our prior written consent, and any attempted assignment without consent is void. We may assign these Terms in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of our assets, without your consent, upon notice to you.
These Terms, together with the Privacy Policy, constitute the entire agreement between you and Redacta regarding the Service and supersede any prior or contemporaneous agreements, communications, or proposals, whether oral or written. In the event of a conflict between these Terms and the Privacy Policy, these Terms control as to matters of contract and the Privacy Policy controls as to matters of privacy practices. If we and you have entered into a separately signed written agreement covering the Service, the terms of that agreement control to the extent of any conflict.
If any provision of these Terms is held invalid or unenforceable, that provision will be enforced to the maximum extent permitted, and the remaining provisions will remain in full force and effect. Our failure to enforce any provision of these Terms is not a waiver of our right to do so later.
We may update these Terms from time to time. For material changes, we will notify registered users by email at least 30 days before the change takes effect. Continued use of the Service after changes take effect constitutes acceptance of the revised Terms.
For questions about these Terms of Service, contact us at legal@getredacta.com.
Sandia Development Group, LLC
New Mexico, United States