Redactify

Redactify auto-finds PII in PDFs (en/de/fr/it/es), lets you tweak or add boxes, then burns redactions locally with an AES‑GCM key file for lossless restore—no uploads, privacy by design.

Comment

Inspiration

  • Keep sensitive PDFs private by redacting entirely in-browser—so legal, medical, and financial docs never leave the device.

What it does

  • Auto-detects PII (names, phones, emails, addresses, IBAN/AHV/SSN, policy/claim IDs, credit cards) across English, German, French, Italian, and Spanish.
  • Lets users review/toggle highlights and draw manual boxes.
  • Burns black rectangles into the PDF and issues an AES-GCM–encrypted key file to restore the original.

How we built it

  • React + Vite + TypeScript.
  • pdfjs-dist for text and bounding boxes.
  • Multilingual NER (@huggingface/transformers, XLM-R WASM) plus EU-tuned regex.
  • pdf-lib for writing redactions.
  • Web Crypto (AES-GCM) to encrypt redaction text and the original PDF in the key file.

Challenges we ran into

  • WASM backend quirks (threading/env guards).
  • Regex over-matching headers; tightened to value-only boxes.
  • Preventing arbitrary JSON restores—encrypted the original to bind key and file.

Accomplishments that we're proud of

  • Fully client-side pipeline: zero data leaves the browser.
  • Multilingual, EU-focused PII coverage.
  • Pixel-perfect unredaction using the encrypted original stored in the key file.

What we learned

  • Multilingual NER + domain regex improves recall with fewer false positives.
  • Precise char-to-bbox mapping yields cleaner highlights.
  • Secure redaction needs origin binding, not just per-span encryption.

What's next for Redactify

  • Optional OCR for scan-only PDFs.
  • More locales/ID patterns (Nordic, Dutch) and tax formats.
  • Inline QA view to compare detected vs. remaining text.
  • Keyboard-driven review and bulk accept/deny.

Built With

Share this project:

Updates