Skip to main content
cleredact
Nothing leaves your browser

Redaction software
for clerks who can't afford a leak.

Cleredact finds and blacks out PII in public-record documents — SSNs, addresses, dates of birth, case numbers — entirely inside your browser. Your files never touch our servers, and they self-destruct after a window you choose.

Open the appHow it works ↓

Zero-upload by design

Detection and redaction run on the user's machine. Cleredact Corporation never receives the document — there is nothing for us to breach.

Self-destructing files

Uploaded and redacted files are written only to in-browser storage with a TTL. They erase themselves automatically, even from the user's own account.

Flattened JPEG-in-PDF output

Exports are rasterized page images embedded in a PDF — no underlying text, no removable overlays, no way to un-redact.

Workflow

Four steps. No round trip.

01
Pick your vertical

Government, healthcare, legal, finance, or education. Cleredact preloads the right PII detectors for you.

02
Configure detectors

Toggle each PII type on or off and choose its action — redact, flag, or ignore.

03
Upload a File

PDFs and images (PNG, JPG, HEIC) are parsed in-browser. Cleredact returns a list of findings with page numbers and location.

04
Redact & download

Approve in review mode, or skip straight to a flattened, un-recoverable redacted PDF.

Built for

Public-records workflows across regulated industries.

And anyone else — tune the detectors to your domain.

Government

FOIA, intake, public records.

Legal

Discovery, filings, redacted exhibits.

Law enforcement

Case files, incident reports, body-cam logs.

Healthcare

HIPAA-grade identifiers.

Finance

Statements, applications, KYC.

Education

FERPA-protected records.

Compliance

The standards Cleredact is built around.

Cleredact's zero-upload architecture means your documents never touch our infrastructure, which collapses the surface area you have to defend under each of these frameworks. Cleredact Corporation is not a covered entity, business associate, or processor for the document content you redact — you remain the sole custodian of those records.

  • HIPAA
    Health Insurance Portability and Accountability Act

    U.S. federal rules for protecting individually identifiable health information. Cleredact's zero-upload architecture means PHI in your documents never reaches our servers.

  • FERPA
    Family Educational Rights and Privacy Act

    U.S. federal protection of student education records. Detectors for student IDs, DOBs, and grades let schools redact records locally.

  • CJIS
    Criminal Justice Information Services

    FBI security policy for criminal-justice information. Because data never leaves the workstation, there is no third-party data path to authorize.

  • NIST CSF 2.0
    NIST Cybersecurity Framework 2.0

    U.S. NIST's voluntary framework organized around Govern, Identify, Protect, Detect, Respond, and Recover. Cleredact's controls — in-browser processing, no document persistence, least-privilege access, and a documented incident contact — are self-attested as aligned with the framework's core outcomes.

  • OWASP ASVS L1
    OWASP Application Security Verification Standard, Level 1

    Baseline web-application security controls covering authentication, session management, access control, input handling, and logging. Self-attested alignment with ASVS v4 Level 1 for the Cleredact account surface.

  • Privacy by Design
    Cavoukian's 7 Foundational Principles

    The architecture is the privacy control: redaction runs entirely in your browser by default, so the privacy-protective behavior is the only behavior. End-to-end lifecycle, full functionality, and user-centric design are baked in. Self-attested alignment.

  • GLBA
    Gramm-Leach-Bliley Act

    U.S. financial-services privacy rule covering NPI (nonpublic personal information). Account numbers, SSNs, and balances are detected and redacted in-browser.

  • FOIA
    Freedom of Information Act

    Public-records release workflows. Cleredact produces flattened raster PDFs that cannot be un-redacted by copy-paste or layer removal.

  • GDPR
    General Data Protection Regulation (EU)

    European data-protection law granting access, rectification, and erasure rights. We never receive document contents, minimizing our processor footprint.

  • CCPA / CPRA
    California Consumer Privacy Act / Rights Act

    California's consumer privacy rights. Account data is the only personal information we hold, and you can export or delete it on request.

  • SOC 2
    Service Organization Control 2

    AICPA trust-services criteria covering security, availability, and confidentiality. Cleredact has not undergone a SOC 2 audit; we self-attest that our account infrastructure follows the same control families.

  • Section 508
    Rehabilitation Act Section 508

    U.S. federal procurement accessibility standard. Cleredact aligns with Revised 508 (which incorporates WCAG 2.0 AA) for use inside federal agencies.

A breach risk we can't carry, so we removed it.

Create an account to save your detector preferences and your redaction history. The documents themselves never come with you.

Start redacting