Built for GDPR-focused workflows

Redact sensitive data
in seconds. GDPR-compliant by design.

Upload, detect, and redact personal data from any document — securely and in line with GDPR. Your files are processed for redaction only and never stored afterwards.

Start free See how it works

No credit card · 4 free pages · Metadata stripped · Deleted after processing

Before · detected patient_record.pdf

Patient intake — visit 04/12

Patient: Lotte van der Meer, born 14 March 1987.

Address: Keizersgracht 212, 1016 DX Amsterdam.

Contact: +31 6 2481 9033 · l.vandermeer@protonmail.com

BSN: 294 817 653 · Insurer: ZilverenKruis

Presenting complaint: recurring migraine, suspected linked to hypertension medication.

After · redacted patient_record_redacted.pdf

Patient intake — visit 04/12

Patient: █████████████████, born ████████████.

Address: ██████████████████████████████.

Contact: ██████████████ · ████████████████████████

BSN: ███████████ · Insurer: ZilverenKruis

Presenting complaint: recurring migraine, suspected linked to hypertension medication.

Sample data — not a real person

Example output. Sensitive data detected and blacked out irreversibly — original never stored.

How it works

Upload, detect, and redact

Three simple steps. No setup, no integrations, no learning curve.

1

Step one

Upload your document

Drag in a PDF, DOCX, image, or scan. Redacto handles OCR automatically for non-text files — no format juggling.

2

Step two

Detect sensitive data

AI detects 50+ entity types: names, addresses, IBANs, BSNs, phone numbers, and more. Hidden document metadata (author, timestamps, GPS, camera data) is also flagged for removal.

3

Step three

Review and download

Review each match, adjust if needed, then download your redacted file. Originals are deleted immediately.

Features

Everything you need to redact safely

Designed around the way GDPR-conscious teams actually work with documents.

AI-powered detection

Detects 50+ entity types — people, IDs, addresses, financial, medical, and special-category data — trained on real GDPR documents.

Manual review

Approve or reject each match before anything is applied. Draw custom redactions by hand — you stay in full control of the output.

GDPR-focused workflow

Entities are grouped by GDPR article so you can see exactly what personal data is in a document — and act on it compliantly.

Import from anywhere

Import documents directly from Dropbox, Google Drive, or OneDrive — no download-and-reupload needed. Connect your cloud storage and redact files where they already live.

Audit certificate

Every redaction ships with a downloadable PDF certificate — SHA-256 hashes of both files, entity counts, and a full audit trail for compliance.

All document types

PDFs, Word, PowerPoint, images, and scans — with automatic OCR for any non-text input.

Metadata stripping

Documents carry hidden data beyond their text — author names, creation dates, GPS coordinates, camera models, and embedded XMP metadata. Redacto detects and removes it all automatically.

Fast processing

Most documents are redacted in a minute or two. Upload and download without waiting around.

Audit trail

Every redaction comes with proof.

Every redaction generates a tamper-proof audit certificate with SHA-256 hashes, entity breakdown, timestamp, and legal basis. Share it with auditors, attach it to a DPIA, or let recipients verify authenticity independently — no account required.

Verify a certificate Start free

Tamper-proof with SHA-256 hashes
GDPR legal basis & processing location recorded
Public verification URL anyone can check

Redacto

Redaction certificate

Certificate ID: df06c8bd-b61e-4d25-92e1-c5e3afe27420
Performed by: A verified Redacto user
Redacted at: 2026-04-08 14:32 UTC
Document type: Employment contract (en)
Items redacted: 14 detected + 2 manual
Breakdown: 3× Name

4× Email address

2× Phone number

5× IBAN
Original SHA-256: a3f5c8e1…9b2d4f7c
Redacted SHA-256: 7e1c2d8a…4b9f6e3a
Legal basis: Art. 6(1)(f) GDPR
Location: EU (Frankfurt)

Redacto v1.0.0 · redacto.co Sample · illustrative only

Privacy by design

Your documents don't hang around.

Redacto is built so that the fewest people and systems touch your data. We process documents for redaction only — and delete them the moment the job is done.

Privacy policy Data Processing Agreement

Upload

AI Processing

Review

Download

Auto-Delete

Every redaction ships with a downloadable audit certificate — SHA-256 hashes of the original and redacted files, entity breakdown, timestamp, and the operator's identity. Compliance proof you can attach to a DPIA or hand to a procurement team.

GDPR Compliant SOC 2 · Coming soon ISO 27001 · Coming soon

Try it

Try it yourself — no signup required

Toggle entity types below to see Redacto in action on a sample document.

Invoice #INV-2024-0418 · Vendor statement

Billed to: Sander de Vries, CFO

Company address: Herengracht 471, 1017 BS Amsterdam

Phone: +31 20 556 9200

Payment to IBAN: NL91 ABNA 0417 1643 00

Amount due: €14,820.00 · Due date: 30/04/2026

Terms: Net 30. Late payments subject to 1.5% monthly interest per signed agreement.

Ready to redact your own documents? Start free

Pricing

Simple, transparent pricing for secure document redaction

Start free. Upgrade when you need more pages.

We do not store your documents. Files processed securely and deleted after.

Free

Try Redacto — no credit card required

€0 forever

4 pages per month
All file types (PDF, DOCX, images, scans, email)
AI-powered detection (50+ entity types)
Manual review before redaction
Audit certificate

Start free

Pro

For regular redaction needs

€19 / month

Everything in Free, plus:

100 pages per month
Faster processing
Email support

Upgrade to Pro

Business

For teams and higher volume

€99 / month

Everything in Pro, plus:

1,000 pages per month
Priority processing
Priority support

Upgrade to Business

All plans include: 100% EU processing · Documents deleted after redaction · Metadata stripping · GDPR-compliant by design

Need custom volume or on-premise deployment? Contact us

See full pricing details

Compare

How Redacto compares

See how Redacto compares to doing it manually, using Adobe, or pasting documents into ChatGPT.

	Redacto	Manual Redaction	Adobe Acrobat	Generic AI Tools
AI detection (50+ entity types)	✓	✗	Limited	Varies
Manual review before redaction	✓	✓	✓	✗
Documents never stored	✓	N/A	Local only	✗
100% EU-hosted	✓	N/A	✗	✗
Audit certificate (SHA-256)	✓	✗	✗	✗
Metadata stripping	Automatic	✗	Manual	✗
OCR for scans & images	✓	✗	Paid add-on	✗
DPIA reporting dashboard	✓	✗	✗	✗
Cloud import (Dropbox, Drive, OneDrive)	✓	✗	✗	✗
Free tier	✓	Free but slow	✗	Varies

FAQ

Frequently asked questions

Do you store my documents?

No. Your original upload is processed for redaction and then deleted. We only keep the redacted output that you download, and even that you can delete from your account at any time.

How is my data secured in transit?

All traffic to and from Redacto is encrypted with HTTPS. Uploaded documents live only in isolated processing workspaces and are deleted as soon as redaction is complete.

What file types are supported?

PDF, Word, Excel, PowerPoint, ODT/ODS/ODP, RTF, plain text, Markdown, CSV, emails (EML/MSG), and images including PNG, JPG, TIFF, BMP, GIF, WEBP, HEIC, and HEIF.

What is a redaction certificate?

Every redaction generates a PDF certificate containing SHA-256 hashes of the original and redacted files, the entity breakdown, timestamp, legal basis, and processing location. Each certificate has a unique ID that anyone can check at app.redacto.co/verify — no account required. Attach it to a DPIA, hand it to procurement, or let recipients confirm authenticity themselves.

Can I review detected entities before redaction?

Yes. Every detected entity is shown on the review page before anything is redacted. You decide what gets removed — and you can draw custom redactions by hand if you need to.

Does Redacto remove document metadata?

Yes. Redacto automatically detects hidden metadata in your documents — including author names, creation and modification dates, software producer info, GPS coordinates, camera model data, and embedded XMP metadata. You can review each metadata field before redaction and choose which ones to strip. All checked fields are permanently removed from the output file.

What happens if the AI misses something?

Every detected entity is presented for manual review before redaction is applied. You stay in full control — and you can draw custom redactions on anything the AI didn't flag.

Do you offer an API?

Not yet — Redacto is a web app today. A REST API for programmatic redaction is on the roadmap. If you'd like early access, drop us a line.

Is Redacto built for GDPR workflows?

Yes. We detect entity types grouped by GDPR article (personal data, contact, identifiers, financial, medical, special category, etc.), we don't store the original documents, and we publish a Privacy Policy, DPA, and Acceptable Use Policy.

Do all plans include a DPA?

Yes. Our standard Data Processing Agreement applies to all plans — Free, Pro, and Business. You can review it at redacto.co/dpa.html. Business customers can request a custom DPA with negotiated terms tailored to their organization.

Can I start for free?

Yes. The Free plan gives you 4 pages with no credit card required. Upgrade only if and when you need more volume.

Ready to redact safely?

Start free with 4 pages. No credit card. Upload, detect, redact — in minutes.

Start free Talk to us

We do not store your documents. Processing only.

Redact sensitive data in seconds. GDPR-compliant by design.