Redact sensitive data. 60× faster than manually.
Docuflair Redact
Automatically redact personal data in seconds instead of minutes — using OCR and a learning rule engine. 9 PII categories, PDF/A export, GDPR compliance workflow, document versioning. Review in the viewer, train rules and selectively export per recipient. One project, unlimited versions. On-premises.
What is Docuflair Redact?
Docuflair Redact is a redaction software for businesses and government agencies that automatically detects personal data in documents and irreversibly redacts it. Unlike manual redaction in PDF editors, Docuflair Redact works project-based: you import your documents once, define intelligent rules via a learning rule engine and export as many redacted versions as needed — customised per recipient. The system automatically recognises 9 categories of personal data including email addresses, personal names, postal addresses, IBAN, phone numbers, dates, social security numbers and tax IDs via OCR and processes over 70 file formats. Export in PDF 1.7, PDF/A-1b, PDF/A-2b or PDF/A-3b. All processing takes place on-premises — no data ever leaves your organisation.
Docuflair Redact in Action
See how easy automatic redaction works
Try it yourself — free, no signup required
Upload a PDF, Word, Excel or PowerPoint document and redact sensitive data directly in your browser. No registration, no installation, no account needed.
Note: The sandbox demo runs on a publicly accessible test instance. The production solution Docuflair Redact runs on-premises or in your dedicated private cloud — never public cloud. No data ever leaves your organisation.
Redaction reimagined — project-based and intelligent
From single-document redaction to a professional redaction platform
Project-based workflow
Collect documents, define rules, export selectively — everything bundled in one redaction project.
Intelligent dictionary
From simple terms to context-based rules: when "union" is found → automatically redact logo and defined page zones.
Viewer with control
Visually review, manually re-redact, draw zones and add words to the dictionary with a single click.
Selective exports
From the same document set: version for Person A, version for Person B, combined version A+B — depending on recipient and purpose.
How a redaction project works
Five steps from document import to redacted export
9 categories of personal data — automatically detected
Intelligent PII recognition goes far beyond simple pattern matching
Email Addresses
Regex detection with automatic name extraction from the local part (e.g. john.smith@company.com → recognises "John Smith").
Personal Names
Dictionary with approximately 500 first names plus relation-based detection. Recognises first and last names including compound names.
Postal Addresses
Pattern-based detection of street names and house numbers in common European address formats.
ZIP Codes + Cities
Automatic detection of postal codes (DE 5-digit, AT 4-digit) with city name mapping.
Phone Numbers
4 regex patterns covering international formats: +49/+43, 0xxx, (0xxx), with or without spaces and hyphens.
IBAN
European bank account numbers (DE/AT/CH and others) reliably detected via regex.
Date Formats
Detects dd.mm.yyyy, dd/mm/yyyy — recognises dates of birth, contract dates and more. Configurable (off by default to avoid false positives).
Social Security Numbers
DE format (12 characters) and AT format (10 digits) reliably detected.
Tax IDs
4 formats: DE VAT ID (DE123456789), AT VAT ID (ATU12345678), DE tax number (123/456/78901), AT tax number (12-345/6789).
Fully configurable
Each PII category can be individually enabled or disabled per project. Date detection is off by default to minimise false positives. Combine automatic PII detection with your custom dictionary rules for maximum precision.
Intelligent redaction rules
From simple terms to context-based automation
Pattern recognition
- IBAN, credit cards, social security numbers
- Phone numbers, email addresses, dates of birth
- Predefined + custom regex patterns
Context rules
- Term found → redact page zone as well
- Logo detection and automatic redaction
- Word combinations and fuzzy matching
Active Directory & SQL
- Automatically extract personal data from AD
- SQL databases as redaction source
- No manual dictionary maintenance required
Barcode & QR Code
- Automatic detection of machine-readable codes
- Barcodes, QR codes, Data Matrix
- Reliably protect encoded information
Metadata cleansing
- Automatically remove PDF/Office metadata
- Author, edit history, comments
- Reliably cleanse hidden data
Precision control for every redaction
Three area trigger modes and false-positive handling for maximum accuracy
3 Area Trigger Modes
Define exactly when and where area redactions are applied:
- All: Redact the zone on every page of the document
- Match: Redact only on pages where a dictionary hit is found
- Specific: Redact only on a specific page number
Redaction Exclusions
Handle false positives with precision:
- Mark OCR dictionary hits as "do not redact"
- Toggle semantics: mark again to remove the exclusion
- Precise control over automatic redactions
- No more over-redaction of legitimate content
Dictionary import & export
Export your entire rule set as JSON and import it into other projects or repositories. Define rules once, reuse across all your redaction projects.
Define rules — visually and intuitively
Create redaction rules with a click — no programming required
-
If-then logic
Term found? Then automatically redact zone, logo or text.
-
Style per rule
Blackout, whiteout or colour — individually configurable per rule.
-
Unlimited rules
Combine as many rules as needed — individually for each redaction project.
Full control in the integrated viewer
Review, post-process and approve — all in one interface
-
Train words
Click a word → add it directly to the dictionary with a rule. Shift+click for global adoption across all documents.
-
Draw zones
Draw free rectangles over images, logos, signatures or tables. Pixel-precise at 300 DPI with rotation support.
-
Choose redaction colour
Black for GDPR, white for proposals, colour for classification — individually configurable per rule.
-
Zoom & navigation
Continuous zoom (25%–400%), page rotation, thumbnail bar, keyboard navigation and in-document search.
-
Approval workflow
Configurable approval stages. Export is only enabled after authorisation by approved staff.
Six redaction styles — one click
Choose the right style for every use case
Between the company Smith & Partners Ltd, represented by Dr. Maria Smith, Managing Director, Address: 42 High Street, EC1A 1BB London
— hereinafter referred to as "Controller" —
VAT number: GB 298 173 542, IBAN: GB29 NWBK 6016 1331 9268 19
The monthly fee amounts to 12,500.00 GBP net. Contact: +44 20 7946 0958, m.smith@example.co.uk
Export in 4 PDF formats — including PDF/A for long-term archiving
Choose the right output format for every compliance requirement
PDF 1.7
Standard PDF for general use. Maximum compatibility with all PDF viewers.
PDF/A-1b
Basic long-term archiving. Meets statutory retention obligations. ISO 19005-1 compliant.
PDF/A-2b
Modern archiving with JPEG2000 compression and transparency support. Better compression rates.
PDF/A-3b
Archiving with embedded attachments. Store original documents as appendices within the PDF.
Advanced export options
Preserve folder structure or export as flat list. Filter by approved documents only. Apply OCR layer for searchable PDFs. Export directly to UNC network paths with domain authentication. Choose to overwrite or skip existing files at the destination.
One document set. Unlimited versions.
Export different redacted versions — depending on recipient and purpose
On 15/03/2026 a meeting took place between Mr Miller (Department Head) and ████████████ (Works Council). The topic was the transfer of Mr Miller to the ████████ office.
████████████ pointed out that Mr Miller has been with the company since 2019. The salary of ██████ GBP was discussed.
On 15/03/2026 a meeting took place between ████████████ (Department Head) and Ms Schmidt (Works Council). The topic was the transfer of ████████████ to the ████████ office.
Ms Schmidt pointed out that ████████████ has been with the company since 2019. The salary of ██████ GBP was discussed.
On 15/03/2026 a meeting took place between ████████████ (Department Head) and ████████████ (Works Council). The topic was the transfer of ████████████ to the ████████ office.
████████████ pointed out that ████████████ has been with the company since 2019. The salary of ██████ GBP was discussed.
Practical example: GDPR subject access request
A former employee requests all personal data under Article 15 GDPR. HR imports 500 emails into the project. Docuflair Redact automatically redacts third-party data (colleagues, supervisors) using Active Directory. Different exports for different recipients — from the same document set.
Complete GDPR compliance workflow
From data markers to deletion request tracking — everything built in
GDPR Data Markers
Explicitly mark documents as "contains personal data" with full traceability:
- Data categories per document (e.g. health data, financial data)
- Affected persons (name/info of the data subject)
- Full audit trail: who marked when
Deletion Request Workflow
Track GDPR deletion requests from receipt to completion:
- Request: Record data subject name, email, reason for deletion
- Assign: Link affected documents to the deletion request
- Track: Status workflow: Pending → In Progress → Completed
- Complete: Processor, timestamp and notes documented
GDPR Right of Access: Article 15 GDPR
Companies are obligated to provide data subjects with a copy of all personal data upon request — within one month.
The Deadline: 1 Month
Under Article 12(3) GDPR, companies must respond to subject access requests without undue delay, and within one month at the latest. For complex requests, the deadline may be extended to a maximum of 3 months — but only with justification.
- Standard deadline: 1 month from receipt
- Extension: Maximum 2 further months
- Obligation to provide reasons for delays
- Fines possible for missed deadlines
Redaction Requirement for Third-Party Data
Article 15(4) GDPR stipulates that the rights of third parties must not be affected by the disclosure. This means: personal data of other individuals must be redacted — a complete refusal is not permitted.
- Redact names of colleagues
- Remove third-party email addresses
- Protect trade secrets
- Anonymise third-party assessments
Practical Case: Departing Employees
A common scenario: An employee is dismissed or leaves the company under dispute. On their solicitor's advice, they submit a subject access request under Article 15 GDPR. The company must now provide all emails, personnel files, appraisals and internal notes — but must correctly redact all data of other employees. With thousands of emails, this is an enormous effort without an automated solution.
Legal Framework in the EU
The key regulations requiring professional redaction
Art. 15 GDPR
EU RegulationThe right of access gives data subjects the right to a copy of all personal data. Deadline: 1 month. Third-party data must be redacted.
Professional Secrecy
Criminal LawBreach of professional confidence: Doctors, solicitors and other professionals bound by confidentiality commit a criminal offence if they disclose information without authorisation.
Procurement Law
ProcurementFile inspection in procurement procedures: Bidders have inspection rights — but trade secrets must be protected.
Freedom of Information (FOIA)
Statutory LawDocuflair Redact supports the FOIA-style workflow used worldwide: US Freedom of Information Act, UK FOIA 2000, German IFG, Austrian AuskunftspflichtG and the EU environmental information directives. Authorities must disclose public records but redact personal data and exempt content.
Use Cases for Docuflair Redact
Professional redaction for every industry and application
Human Resources & HR
GDPR subject access requests from employees
- Personnel files with redacted third-party data
- Anonymise email correspondence
- Appraisals without other assessors' data
- Payslips without comparison data
Healthcare
Patient records & medical documentation
- Redact diagnoses when sharing with third parties
- Anonymise medical letters for insurers
- Studies with anonymised patient data
- Expert reports without sensitive findings
Public Sector
Government & administration
- File inspection under Freedom of Information
- Decisions with redacted third-party data
- Minutes for public inspection
- Anonymise procurement documents
Law Firms & Legal
Client files & court documents
- Prepare briefs for opposing parties
- Evidence with protected passages
- Anonymise client documents
- Contracts without confidential clauses
Proposals & Tenders
Redacting prices, protecting terms
- Remove proposal prices when sharing
- Anonymise calculations for references
- Procurement documents for file inspection
- Framework agreements without terms
Insurance & Finance
Claims files & customer data
- Anonymise claims notifications
- Redact expert reports for settlement
- Customer data for internal audits
- Contracts without personal data
Professional document management built in
Version control, collaboration and organisation for your redaction projects
Document Versioning
- Unlimited versions per document
- SHA-256 hash per version for integrity
- Download any previous version
- Automatic processing of new versions (OCR, PDF, thumbnails)
Check-In / Check-Out
- Lock documents during editing
- Prevent parallel editing conflicts
- Admin override for locked documents
- Full audit trail of lock/unlock actions
Comments & Annotations
- Thread-based comments with replies
- Page-precise annotations (X/Y position)
- "This page needs re-review" directly in context
- Soft delete with recovery option
Saved Searches
- Full-text, tags, date range, file type, metadata
- AND/OR logic for tag filters
- Share saved searches with team members
- Fuzzy search and hit highlighting
Compliance features for regulated industries
Legal holds, retention policies and tamper-proof audit trails
Legal Holds
Lock documents for legal proceedings — no one can delete them, even if the retention period has expired:
- Prevent deletion during litigation
- Multiple holds per document possible
- All holds must be released before deletion
- Complete audit trail (who, when, reason)
- Release only by authorised users
Repository Deletion Policies
Three configurable deletion policies per repository:
- NeverDelete: Documents can never be deleted (strictest revision safety)
- RetentionPeriod: Deletion only after configurable retention period (e.g. 10 years)
- ImmediateWithAudit: Immediate deletion permitted, but audit-proof logged
- Legal Holds override all policies
Organise, classify and find documents instantly
Metadata, tags and recycle bin for complete document control
Custom Metadata
Define custom metadata fields per repository: String, Integer, Decimal, Date, Boolean. Required fields and default values supported. Fully searchable.
Colour-Coded Tags
Classify documents with colour-coded tags. Multiple tags per document, AND/OR filtering in search. Visual classification for large document sets.
Recycle Bin
Two-stage deletion: soft delete moves to recycle bin, permanent delete requires authorisation. Recover accidentally deleted documents at any time.
Multi-Tenancy
Completely isolated tenants on a single installation. Separate database per tenant — no data mixing. Ideal for service providers, law firms and IT departments managing multiple clients.
Enterprise security built in
Security is not an add-on — it is the foundation
SHA-256 hash chain
Every entry contains timestamp, action, document ID and user ID. Blockchain-like chaining: each entry references the previous hash. Manipulation at any point breaks all subsequent entries. Immutable append-only log starting from "GENESIS".
AES-256 encryption
Optional encryption of all stored documents at rest. Master key via configuration.
Granular permissions
Read, create, modify, delete, manage — individually combinable at folder and tag level.
Complete audit trail
Immutable record of all actions with user, timestamp and details. Automatic chain verification detects any tampering.
Docuflair Mask: Use AI, Protect Data
Replace personal data with consistent pseudonyms — ideal for safely sharing documents with external AI tools
AI-Ready
Send pseudonymised documents to ChatGPT, Claude, Copilot or DeepL — without GDPR risk.
Reversible
After external processing, pseudonyms are restored to original data using the replacement table.
Consistent replacement
Same person = same pseudonym across all documents. Consistent across batches.
GDPR Art. 4(5)
Pseudonymisation is explicitly defined in the GDPR and recommended as a data protection measure.
Further Reading
Deepen your knowledge on redaction
Relevant for these industries
Docuflair Redact is particularly valuable for the following audiences
Data Protection Officers
GDPR Article 15 requests automated across 9 PII categories.
View industry pageLaw & Notaries
GDPR-compliant case file inspection while protecting client privilege.
View industry pageFrequently Asked Questions
Answers to the most important questions about Docuflair Redact
What is redaction software?
Redaction software permanently removes personal data such as names, addresses and IBAN numbers from documents — irreversibly and GDPR-compliant. Unlike manual redaction in PDF editors, Docuflair Redact works project-based with an intelligent rule engine that automatically detects 9 categories of personal data.
How does automatic redaction work?
Docuflair Redact detects personal data via OCR text recognition and dictionary matching automatically and redacts it in 5 seconds per document — 60× faster than manual redaction (based on customer project data from 200+ implementations since 2004). The system recognises 9 PII categories: email addresses, personal names, postal addresses, ZIP codes with cities, phone numbers, IBAN, date formats, social security numbers and tax IDs.
Is Docuflair Redact GDPR-compliant?
Yes. The software runs 100% on-premises on your server. No data ever leaves your organisation. It includes a complete GDPR compliance workflow with data markers, deletion request tracking and an immutable audit trail for compliance evidence.
Which file formats are supported?
Over 70 file formats: PDF, Word, Excel, PowerPoint, TIFF, JPG, PNG, email (MSG/EML) and many more. All formats are automatically converted to PDF and text-recognised via OCR. Export is available in PDF 1.7, PDF/A-1b, PDF/A-2b and PDF/A-3b for long-term archiving.
How much does Docuflair Redact cost?
Docuflair Redact starts at EUR 399/month (Basic, 12,000 pages/year, unlimited users, EUR 4,788/year billed annually). A 7-day money-back guarantee is included. View all pricing editions.
What is a redaction project?
A redaction project bundles all documents relating to a case (e.g. GDPR subject access request). You import the documents, define redaction rules and export different redacted versions depending on the recipient. This way you maintain oversight and can redact the same document set in multiple different ways.
Can I export different redacted versions of the same document?
Yes. From the same document set you can create as many exports as needed: one version with Person A's data redacted, another for Person B, and a combined version. Ideal for GDPR subject access requests involving multiple data subjects.
How does the intelligent rule engine work?
The rule engine goes far beyond simple dictionaries: define context-based rules (e.g. "if union found, then redact logo"), use pattern recognition for IBAN, phone numbers or credit cards, and automatically integrate Active Directory data. Rules can be exported and imported as JSON for reuse across projects.
What redaction styles are available?
Six styles are available: Blackout (black bars, permanent and irreversible), Whiteout (invisible removal, ideal for proposals), Colour (selectable colour, e.g. red for confidential), Blur (soft focus), Highlight (readable but colour-highlighted) and Original (no change, comparison view). The style is individually configurable per rule.
Is the redaction permanent and irreversible?
Yes. On export, sensitive content is physically destroyed — it cannot be extracted or reconstructed. Original documents remain unchanged in the project; the redaction is only irreversibly applied on export.
Complementary Products
Discover additional solutions that pair perfectly with Docuflair Redact
Docuflair Scan
Digitise documents in high quality — the foundation for precise redaction.
Learn moreDocuflair Archive
Archive redacted documents in revision-proof PDF/A format for long-term storage.
Learn moreDocuflair Print
Print redacted documents securely and with control — with watermarks and audit trail.
Learn moreAutomate Data Protection
See in 15 minutes how redaction projects are professionally implemented — from the intelligent rule engine to selective export.