Local-first secrets & PII redaction for engineers

Local-only processing

All scanning and redaction runs on-device. The only outbound call is license verification — your data never touches a server.

Secrets & PII detection

Detect API keys, OAuth tokens, passwords, JWTs, private keys, email addresses, phone numbers, credit cards, and more.

Custom detection rules

Extend detection with your own org-specific patterns. Add a regex, a name, and a replacement placeholder — done in minutes.

Safe for LLMs

Get paste-ready output with labelled placeholders so you can share logs and configs with ChatGPT, Claude, or Gemini without leaking secrets.

MDM-friendly deployment

Distribute at scale via Jamf, Intune, or any MDM. Pre-provision licenses so engineers have the tool on day one — no manual setup.

Built for MSPs & MSSPs

Designed for client-based work where sensitive data must never leave the managed environment. Supports compliance with GDPR, HIPAA, and SOC 2.

1Drop in your content

Paste a snippet or select a file: code, logs, configs, JSON, CSV — anything that might contain sensitive values.

2Scan locally

30+ built-in patterns plus your custom rules run on-device in milliseconds. No internet required after first sync.

3Share safely

Get redacted output with labelled placeholders. Paste into any LLM, ticket system, or Slack thread without risk.

For individual engineers

For large organisations

Redact Secrets and PII Before Pasting Into ChatGPT

Every time you paste a log file into an LLM you risk leaking API keys and customer data. Here's how to stop it.

PII Redaction for MSPs: A Practical Compliance Guide

GDPR, HIPAA, and SOC 2 all require controls around client data. Here's the practical approach.

How AWS Access Keys End Up in Log Files

AWS keys are among the most dangerous secrets in logs. Learn how they get there and how to catch them.