• 

  Home Page Explainer

• 

  Detection options

• 

  Detection list

• 

  Redaction options

• 

  Redacted Document

• 

  Signature Detected

• 

• 

  Team Picture

• 

  QR Code to project

GoCalma

Local-First PDF PII Redaction For Real Documents

GoCalma is an open-source browser application that detects and redacts sensitive information in PDFs without sending document contents to any server. Everything runs locally: PDF parsing, text extraction, PII detection, OCR, redaction, and restoration. The document never leaves the user's device.

Live demo: https://gocalme.ketchalegend.me/

Why This Matters

Sensitive PDFs containing names, government IDs, medical data, and financial details are routinely uploaded to cloud redaction tools. Existing workflows either send documents to servers (privacy risk), require manual effort (error-prone), or have poor recall on real documents (unreliable).

GoCalma provides a safer path: upload a PDF locally, detect PII, review the findings, export a redacted copy, and keep an encrypted key for reversible restoration.

Core Results

• Core text-PDF macro recall: 100.00% (above the 90% challenge threshold)
• 301 automated tests (299 unit + 2 Playwright end-to-end)
• 0 production CVEs across 441 transitive dependencies
• 409ms page load, 602KB total transfer
• All 5 development phases complete and independently shippable

What GoCalma Detects

30+ PII types across six categories, all detected locally:

Multilingual support: EN, DE, FR, IT, ES documents.

How It Works

GoCalma combines six layered detection strategies:

1. Contextual regex with per-type confidence scores and mathematical checksum validators (IBAN MOD-97, Luhn, 10 European ID checksums)
2. Local NER via Transformers.js with WebGPU acceleration and automatic WASM fallback
3. Local OCR via tesseract.js with per-page routing (auto-classifies each page as text vs image)
4. Face and signature detection via canvas-based skin-tone density and ink density heuristics
5. Context scoring with proximity-based confidence adjustment and keyword-gating on broad patterns
6. Allow/deny lists with fuzzy matching for OCR error tolerance (Levenshtein distance)

Multi-pass detection runs strategies in priority order with range locking to prevent duplicate detections.

User Controls

• Allow list: Terms that should never be flagged (e.g., "Acme Corporation", "Public Info")
• Deny list: Terms that should always be flagged, even if auto-detection misses them (e.g., "Martin Muller", "ABC-12345")
• Compliance profiles: Swiss DPA, EU GDPR, Healthcare, Financial, Full Scan — each enables the PII types relevant to that framework
• Per-type redaction: Choose a different mode for each PII type (e.g., redact names, mask IBANs, synthesize addresses)
• Five redaction modes: Redact (black box), mask (random characters), hash (#### replacement), highlight (visual marker), synthesize (consistent fake data)
• Explain API: Every detection shows why it was flagged — which strategy found it, the pattern that matched, and the confidence score
• Privacy risk score: 0-100 score with severity levels and per-type breakdown, shown before export
• Face and signature toggle: Enable or disable visual PII detection independently

Secure Redaction

Simply drawing black rectangles over text in a PDF does not remove the underlying content. The text layer remains selectable, searchable, and detectable by OS features.

GoCalma's approach: Each affected page is rendered to an image, redaction regions are painted over at the exact coordinates, and the page is replaced. The original text layer is fully removed. This is pixel-level redaction — not cosmetic.

Additional security measures:

• AES-GCM encryption for all .gocalma key file payloads with optional password protection
• PDF metadata scrubbing strips author, title, and timestamps during redaction
• Consistent anonymization in synthesize mode — the same original value always maps to the same fake replacement
• Audit trail generation with entity type counts, severity classification, and redaction mode per document

Reversible Restoration

Alongside the redacted PDF, GoCalma exports an encrypted .gocalma key file containing the token mappings and optionally the original PDF. Users can restore the original document later by uploading both files. Key file versions (1.0.0 through 1.2.0) track format evolution and support backward compatibility.

Security Audit

GoCalma was independently security-audited (CSO mode):

• 0 critical CVEs across 441 transitive dependencies
• 0 production vulnerabilities in the shipping bundle
• AES-GCM encryption for all key file payloads
• Pixel-level redaction fully removes text layer
• PDF metadata scrubbing strips author, title, timestamps
• CSO audit: 15 candidates scanned, 1 design-level finding (raw key storage when no password set), 0 exploitable vulnerabilities

Development Phases

All five phases are complete and independently shippable:

Challenge Fit

GoCalma directly addresses the core challenge requirements:

• Open source — full prototype repository on GitHub
• Working redaction flow — upload, detect, review, export
• Local-first privacy guarantee — zero data transmission, all processing in-browser
• User review — every detection confirmed before export
• Reversible — encrypted key files for un-redaction
• Security-audited — 0 production CVEs, AES-GCM crypto, pixel-level redaction
• Extended capability — scanned PDFs, phone captures, face/signature detection, multilingual support

Summary

GoCalma is a practical, browser-based privacy tool with 100% core recall, 30+ PII types with checksum validation, five redaction modes with per-type configuration, user-configurable allow/deny lists, face and signature detection, a 301-test automated suite, and a security-audited zero-transmission architecture.

The document stays on the user's machine from upload to export. That is the product guarantee.

Built With

• pdf-lib
• pdfjs-dist
• react
• tesseract.js
• transformerjs
• typescript
• vite
• xenova