Everything you need to know about how it works, data protection and licensing.
redact.al automatically recognises personal data (names, addresses, IBANs, case file numbers, etc.) in your texts and replaces them with consistent pseudonyms such as [PERSON_A] or [IBAN_B]. This lets you share anonymised texts with AI services such as ChatGPT without breaching your duty of confidentiality.
No. All text processing - recognition, anonymisation and the mapping table - takes place exclusively in your browser. Neither the original texts nor the recognised entities are sent to our servers. You can verify this at any time using your browser's network console (F12).
redact.al combines two techniques: an NER model (Named Entity Recognition, based on multilingual BERT) recognises persons, organisations and locations. In addition, rule-based patterns identify structured data such as IBANs, tax numbers, court file numbers, phone numbers and email addresses. The two sets of results are then merged.
The Vault is the local mapping table that is stored in your browser's IndexedDB. It contains the mapping between the original data and the pseudonyms (e.g. "Max Mustermann" <-> [PERSON_A]). This allows you to translate AI responses that contain pseudonyms back into the original names later. The Vault never leaves your browser.
Yes. After the application and the NER model have been loaded for the first time, redact.al can be used entirely without an internet connection. Only sign-in and licence verification require a connection.
redact.al is designed so that document contents never leave the user's browser. The entire anonymisation process - including the recognition of personal data by the language model - takes place locally in the browser. cilku.io does not transmit, store, process or log any document contents on its servers and at no point gains knowledge of the contents you process with redact.al.
This privacy-by-design architecture means that using redact.al does not result in any disclosure of client confidences or patient data to cilku.io or third parties. Whether and how you use redact.al in the context of your professional obligations remains, however, a matter for your own assessment.
Note: The above statements describe the technical workings of redact.al and do not constitute legal advice. The assessment of admissibility in any specific case is a matter for the professional concerned and, where applicable, their legal counsel.
Since the personal data of your clients is processed exclusively locally in your browser and is never transmitted to our servers, no processing on behalf within the meaning of Art. 28 GDPR takes place. In our assessment, a DPA is therefore not required. We only process your account data (name, email) for licence administration.
redact.al is for businesses (B2B) only. We invoice under the reverse-charge procedure at 0% VAT. With a VAT ID it is checked automatically. Without one (e.g. as a small business or a doctor with VAT-exempt treatments), you provide your Steuernummer instead; your business status is then verified manually. In both cases you are responsible for accounting for the VAT on the service in your own country.
On our servers we store only:
We do not store any texts, entities, pseudonyms or Vault contents.
Because the Vault is stored in your browser's IndexedDB, it is lost when you clear your browser data. Export the Vault regularly using the export function to create a local backup. You can re-import this file later.
redact.al currently recognises the following categories:
The trial phase is tailored to law firms and tax advisory practices and is subject to several checks. If no email arrives after 24 hours, this is usually due to one of the following reasons - for data protection reasons, we do not tell you which one applies:
If you believe you should have received an email, please get in touch via our contact form - not every filter signal is 100% accurate, and we are happy to help personally.
Please use our contact form.