Open-source, Automated PII Redaction.
Regex-first PII detection.
500+ patterns. Free, open-source. Self-host for full control.
Try it out
See It In Action
Real examples of how OpenRedaction detects and redacts PII from different types of text
Email & Phone Number
Address & SSN
Credit Card Number
Why Choose OpenRedaction?
Focus on what matters - we handle the complexity of PII detection
Regex-Based Redaction
Transparent, deterministic detection using 500+ tested regex patterns for detecting names, emails, SSNs, phone numbers, and more. Fast, reliable, and fully auditable.
Comply with GDPR Instantly
Automatically detect and redact PII to meet GDPR, HIPAA, and CCPA requirements. Our 500+ tested regex patterns handle it all with deterministic, transparent results.
Protect Customer Data Automatically
Real-time PII detection ensures sensitive information never leaves your system unprotected.
Simple npm Install
Install via npm and use directly in your application. Self-host for complete control.
Self-Hosted Control
When self-hosted, you control all logging and data handling. Track PII detections with detailed reporting for compliance and security reviews.
Zero Data Retention
When self-hosted, your data is processed in-memory and never stored. No persistent databases. You maintain complete control over your data.
Why Pattern-Based Detection?
Fast, transparent, and privacy-preserving PII detection built for developers
Deterministic & Transparent
Same input always produces the same output. Patterns are visible and testable - no black box AI.
Fast Processing
Processes in milliseconds with no external API calls. No waiting for third-party AI services.
Runs Locally
No data leaves your environment. Process everything on your infrastructure for maximum privacy.
Privacy-Preserving
No third-party AI models. No data sent to external services. Complete control over your data.
Easy to Audit
Patterns are visible and testable. Perfect for compliance reviews and security audits.
Predictable Costs
No per-token pricing. Self-hosted version has zero variable costs. Predictable and affordable.
How It Works
Simple, transparent, and privacy-aware PII redaction
Regex detection
We run our hardened regex patterns over your text. This is the default and primary detection method - fast, deterministic, and transparent.
Redact
Detected spans are redacted in memory by the OpenRedaction engine. All processing is local; nothing is sent to external services.
Text is processed in memory and discarded — we store nothing.
Getting Started
Get started in 3 simple steps
Try the Playground
Test OpenRedaction with our free playground. No signup required - see how it works instantly.
Install the Library
Install via npm: npm install openredaction. Use directly in your Node.js application.
Deploy Self-Hosted
Self-host on your infrastructure for complete privacy and control. Contribute on GitHub to help improve the library.
Use Cases
Simple Installation
Install the open-source library and start detecting PII in minutes
npm install openredaction
import { redact } from 'openredaction';
const result = await redact('Your text here');
console.log(result.redacted_text);Secure PII Detection for Self-Hosted Deployments
Self-hosted security with zero data retention
Self-Hosted Control
Self-hosted deployments give you complete control. Processes text in memory, never stores raw input. No persistent databases by default. Your data never leaves your environment.
Deploy Anywhere
Open-source library works with Node.js and can be integrated into any application. Self-host on your infrastructure for complete privacy.
Self-Hosted Logging
When self-hosted, you manage all logging. Complete detection logs with entity types, positions, and timestamps. Perfect for compliance reporting.
Loved by Developers Worldwide
See what our users are saying
"OpenRedaction saved us weeks of development time. The open-source library is transparent and easy to integrate. Self-hosting gives us complete control over our data."
"We needed HIPAA-compliant PII detection and OpenRedaction delivered. The self-hosted option gives us complete control, and the regex patterns are transparent and auditable."
"The regex-first approach is perfect for our needs. We can audit all patterns, and self-hosting ensures our data never leaves our environment. The open-source community is helpful."
Our Open-Source Tools
OpenRedaction offers open-source solutions for PII detection and redaction
OpenRedaction (npm library)
Open-source regex library, developer-friendly, available via npm. Use directly in your Node.js applications. Self-host for complete privacy and control.
View on GitHub →OpenRedaction-site (this site)
Playground where users can try redaction in the browser, with no storage. Free demo of the library capabilities.
Try Playground →Disclosurely.com
A separate whistleblowing platform with compliance features and advanced auditing. Uses OpenRedaction for PII protection.
Visit Disclosurely.com →Open Source, Self-Hosted
The OpenRedaction library is free and open source. Use it locally or self-host with no fees.
For enterprise support, custom deployments, or SLAs, contact us.
Self-Hosted OpenRedaction
One-time setup
- • No per-request fees
- • Only infrastructure costs
- • No usage limits
- • Open-source and free
AWS/Google Cloud
Variable pricing
- • Pay per character/token
- • Costs scale with usage
- • 1M requests: $100s-$1000s
- • Proprietary and vendor-locked
Why OpenRedaction vs. AWS/Google?
Open source, self-hostable, and privacy-first - data never leaves your environment
| Feature | OpenRedaction | AWS/Google |
|---|---|---|
| Open Source | ✓ Yes | ✗ Proprietary |
| Self-Hostable | ✓ Yes | ✗ Cloud-only |
| Data Retention | ✓ None | ⚠ May log data |
| Account Required | ✓ No | ✗ Yes |
| Pricing Model | ✓ Predictable | ⚠ Per-token |
| Compliance Setup | ✓ Simple | ⚠ Complex |
| Data Control | ✓ Full control | ✗ Vendor-dependent |
With self-hosted OpenRedaction, your data never leaves your environment.Complete privacy and control.
Frequently Asked Questions
Using Node or another backend?
Install the open-source library and run redaction in your own environment. For enterprise support or custom deployments, get in touch.
Transparency & Community
OpenRedaction is open source. Audit the code, contribute patterns, and help improve the library.
Report Issues
Found a bug or have a suggestion? Open an issue on GitHub and help us improve.
View Issues →Contribute Patterns
Share new regex patterns or improve existing ones. The community helps maintain and expand pattern coverage.
Contribute →How to Contribute
Fork the repository, make your changes, and submit a pull request. We welcome contributions from the community.
View on GitHub →Self-Host OpenRedaction
Install the open-source library and deploy on your infrastructure for complete privacy and control
Installation
npm install openredaction
Basic Usage
import { redact } from 'openredaction';
const text = "Contact John Doe at john@example.com";
const result = await redact(text);
console.log(result.redacted_text);Deployment Options
- Node.js server - Run directly in your Node.js application
- Docker - Containerize and deploy on any infrastructure
- On-premise - Deploy on your own servers for maximum control
For detailed self-hosting instructions, configuration options, and deployment examples, see our documentation or the GitHub README.
Limitations & Best Practices
Important information about using OpenRedaction effectively
Best-Effort Redaction
Redaction is best-effort, not perfect. OpenRedaction uses regex patterns and optional AI to detect PII, but it may miss some entities or produce false positives. Always manually review output when handling highly sensitive data.
Structured vs Unstructured Data
Regex patterns work best on structured data (forms, databases, JSON, well-formatted text). Messy or unstructured input may still leak sensitive information. The optional AI layer may help with messy text but is slower, costlier, and not guaranteed to catch everything.
Manual Review Recommended
For legal documents, compliance-critical content, or highly sensitive data, always manually review the redacted output. Automatic redaction should be used as a first pass, not a final solution.
Self-Hosted Responsibility
When self-hosting, you are responsible for your own infrastructure, security, compliance certifications, and data handling. OpenRedaction provides the tools, but you maintain full control and responsibility.
Ready to Get Started?
Try the playground, install the library, or contribute on GitHub
Security & Privacy
Stateless Processing
All processing happens in memory. No persistent storage of your data.
No Raw Text Stored
Your input text is processed and immediately discarded. We don't log or store it.
Fully Offline
All detection runs locally. No external APIs or third-party services.