You paste client data into AI every day.
You know you shouldn't. Here's what it looks like when you don't have to choose.
Attached is the project brief for Meridian Consulting. Please review before our call on Tuesday.
The contact on their side is Thomas Richter (thomas.richter@meridian.de). His assistant Jana can be reached at +49 170 882 4410.
Best,
Alex
Click “Protected” — watch the names disappear. Click back — they return.
Your Tuesday without dropredact
A client sends you a 12-page brief. You need AI to summarize it, draft a response, pull out the action items.
The brief has 6 people's names in it. Two email addresses. A phone number. An invoice address. A tax ID.
You paste it into ChatGPT anyway. You know it's a GDPR risk. You do it because the alternative is doing everything by hand.
Your Tuesday with dropredact
You drag the brief into the app. Two seconds later, every name, email, phone number, address, and tax ID is replaced with a token.
You paste the clean version into ChatGPT. It summarizes perfectly — it knows [CLIENT_1] is the decision-maker and [COLLAB_2] handles finances. It just doesn't know their names.
When you're done, one click — every name comes back. You send the real version to the client. They never know.
The difference
Other tools delete. This one lets you undo.
Typical redaction
Client: ████████████
Email: ████████████████
Names gone. Context gone. Can't tell who's who. Can't undo.
dropredact
Client: [CLIENT_1]
Email: [EMAIL_1]
Names gone. Context intact. AI understands relationships. Fully reversible.
The Token Register
Every token maps to every original. Encrypted. Persistent across documents and sessions. One register per client — your worlds never bleed.
Three drags. No cloud. No account.
Download the app. Drag a file in. Get a clean version out. That's it.
Drag your document in
PDF, Word, HTML, or plain text. The app detects the language and finds every piece of personal data.
Send the clean version to AI
Names replaced with tokens. The AI understands the structure — who reports to whom, who handles what. It just doesn't know the names.
Get the names back
One click. Every token snaps back to the original. Format preserved. Send the real version to whoever needs it.
A real document. Every entity caught.
Names, emails, phone numbers, addresses, tax IDs, IBANs — all replaced with consistent tokens. All reversible.
Client: Lisa Bergmann, Founder of Nomad Studio
Email: lisa@nomad-studio.co
Phone: +49 151 220 8837
Address: Schillerstraße 41, 50674 Köln
Tax ID: DE 814 237 561
IBAN: DE89 3704 0044 0532 0130 00
Brand designer: Cem Yılmaz (cem@typewerk.de)
Accountant: Petra Hofmann at Hofmann & Krause Steuerberatung
Lisa wants the rebrand finished before the launch event. Cem handles type and logo, I handle web + copy. Send drafts to lisa@nomad-studio.co and CC Petra on anything with numbers.
If you handle other people's data, this is for you.
You run client briefs through AI to draft proposals. The brief has 8 people's names in it.
Your team pastes customer emails into ChatGPT for quick replies. Every paste is a GDPR transfer.
You translate contracts using AI. The contracts have addresses, tax IDs, and bank details.
You summarize therapy session notes with AI. Those notes are Article 9 health data.
You build n8n workflows that process incoming documents. Some of those documents have PII you never asked for.
You're a DPO and you need to prove your team handles data correctly. You need an audit trail, not a promise.
Not magic. Math.
Names use a neural model trained on 7,600+ European names across 27 countries. Everything else uses checksums, validated patterns, and curated lists. No LLM. No GPU. No cloud. Runs on any laptop with 2GB of RAM.
| What it catches | How |
|---|---|
| Person names | Neural NER — German compounds, Polish declensions, Finnish agglutination, Scandinavian patronymics |
| Emails | Pattern matching — 99.7% precision |
| Phone numbers | Google libphonenumber — per-country validation |
| Addresses | Postal code + street lists + city validation |
| National IDs | Checksum-validated — Steuer-ID, BSN, CPR, PESEL, personnummer, DNI, codice fiscale (10 countries) |
| IBANs | mod-97 checksum — real validation, not regex |
| Credit cards | Luhn algorithm |
10 EU languages. Auto-detected per document. DA DE EN ES FI FR IT NL PL SV.
Legally anonymous. Not just “we take privacy seriously.”
In 2025, the EU Court of Justice ruled in EDPS v SRB: pseudonymized data is anonymous to anyone who can't access the key.
Encrypt the register. Keep it on your machine. What reaches any AI provider is legally anonymous under EU law. Not because we say so — because the court does.
GDPR fines: up to €20M or 4% of revenue. EU AI Act: up to €35M. This runs on your machine.
Free to use. Pay when your business uses it.
The full engine is free for personal use. Commercial licenses fund model updates and keep accuracy sharp.
Free
€0
forever
Full desktop app. All 10 languages. All file formats. Token register + de-redaction. One file at a time.
Not a trial. The full engine.
Commercial
€149/yr
up to 5 seats
Batch processing. Watch folder. REST API for n8n/Make/Zapier. Encrypted registers. Annual model updates.
Less than one hour of a DPO consultant.
Team
€299/yr
unlimited seats
Everything in Commercial. Every laptop, every workstation, every new hire. One license for the whole team.
Software works forever. License is for commercial use, not access. Not SaaS.
Stop choosing between AI and compliance.
10 EU languages. Reversible tokens. Encrypted registers. Your machine. Free.