On-Premises vs. Cloud Redaction: Data Sovereignty for Sensitive Documents

When employee records, client files or government documents need to be redacted, a fundamental question arises: are these documents allowed to leave your network at all? For many organisations, the answer is a clear no.

Cloud-based redaction software may be convenient — but when it comes to sensitive documents, cloud processing quickly conflicts with legal requirements. The GDPR, professional secrecy obligations and industry-specific regulations set strict boundaries. Transferring documents containing personal data to a cloud service automatically creates a data processing relationship — with all associated obligations and risks.

This article compares on-premises and cloud redaction from the perspective of IT managers and data protection officers. We examine when on-premises is the only defensible option, when cloud redaction may be acceptable and which criteria should drive the decision.

What Does On-Premises Mean for Redaction Software?

Full control over data, software and infrastructure

With an on-premises solution, the redaction software is installed on servers in your own data centre or on local workstations. Documents never leave your corporate network — neither for processing nor for storage.

Software on Your Own Server

The entire processing pipeline — OCR recognition, PII detection, redaction and export — runs on hardware under your control. There is no external service receiving, processing or temporarily storing your documents.

No Data Leaves Your Network

Sensitive documents remain within your network boundaries. There are no uploads, no API calls to external servers and no telemetry data that could reveal information about your document contents.

No Internet Connection Required After Installation

After the initial installation and licence activation, the software can operate entirely offline. This enables deployment in air-gapped networks — isolated environments with no internet connectivity, as commonly used by government agencies and defence organisations.

Full Control Over Updates and Access

You decide when updates are applied, who has access to the software and which security policies are enforced. There are no vendor-forced updates that reach your production environment without review.

Comparison: On-Premises vs. Cloud Redaction

All relevant criteria at a glance

Criterion	On-Premises	Cloud
Data Location	Your own server, your own data centre	Provider's data centre
Data Sovereignty	100% under your control	Dependent on provider (sub-processors)
GDPR Compliance	Simplified — no data processor required	DPA required, audit obligations
Internet Connection	Not required (air-gap possible)	Mandatory
Schrems II / Third-Country Transfer	No risk	Risk with US providers (CLOUD Act)
Performance	Depends on your own hardware	Depends on provider infrastructure
Maintenance	Your IT team	Provider
Scalability	Hardware upgrade required	Flexibly scalable
Cost Model	Monthly or annual subscription	Monthly subscription
Audit Trail	Full control over audit trail	Dependent on provider

Why On-Premises Is Critical for Redaction

Legal and regulatory reasons that argue against cloud processing

Professional Secrecy Obligations

Lawyers, doctors, tax advisors and notaries are bound by legally protected professional secrecy (in Germany: Section 203 of the Criminal Code). Transmitting client or patient data to a cloud provider can constitute a disclosure under the law — even if the provider technically cannot access the data. Without explicit consent from the data subjects, cloud processing of such documents is legally highly problematic.

Government and Public Administration

Many government agencies at federal and state level have explicit cloud restrictions or strict requirements for processing official documents. The BSI IT-Grundschutz framework and related standards set high bars for data processing. Classified information must generally not be processed in cloud environments.

GDPR Article 28: Data Processing

Transferring personal data to a cloud service makes you the controller of a data processing operation under Article 28 GDPR. This means: you need a Data Processing Agreement (DPA), must regularly audit the cloud provider and are liable for their data protection violations. With on-premises, this entire chain of obligations is eliminated — the data stays with you.

Schrems II and the CLOUD Act

The Schrems II ruling by the CJEU invalidated the legal basis for data transfers to the US. Even US cloud providers with EU data centres are affected: the US CLOUD Act compels American companies to hand over data to US authorities on request — including data stored in the EU. With an on-premises solution from an EU provider, this risk does not exist.

Insurance and Banking (Financial Regulation)

Financial institutions and insurance companies are subject to strict regulatory requirements for outsourcing IT services (e.g., EBA Guidelines, DORA). Processing customer data through cloud redaction services requires extensive risk analyses, outsourcing agreements and notification to the supervisory authority. On-premises processing avoids this regulatory burden entirely.

When Cloud Redaction Is Acceptable

Scenarios where cloud processing can be a viable option

Cloud redaction is not categorically excluded. There are scenarios where it represents a pragmatic option:

Only non-sensitive or public documents: If the documents to be redacted contain no personal data or are already publicly available, cloud processing is unproblematic from a data protection perspective.
EU data centres with certification: If the cloud provider guarantees that processing occurs exclusively in EU data centres and holds ISO 27001 certification, the risk is reduced — though not eliminated entirely.
No industry-specific requirements: Organisations without special regulatory obligations (no professional secrecy, no financial regulation, no government security standards) generally have more flexibility.
Testing and evaluation: For evaluating redaction software with test data (no real personal data), cloud processing is perfectly suitable.

Important: Even with cloud redaction using EU data centres, the obligation to establish a Data Processing Agreement (DPA) remains. As the controller, you are liable for the GDPR compliance of the entire processing chain — including your cloud provider's sub-processors.

Checklist: On-Premises or Cloud?

Five questions to help you make the right decision

Not every organisation faces the same situation. The following questions will help you determine the right deployment model for your redaction software:

Question	Recommendation
Do you process employee records, client files or health data?	On-Premises
Are you subject to professional secrecy obligations?	On-Premises
Does your organisation have a cloud restriction or government security requirements?	On-Premises
Do you need a complete, self-managed audit trail?	On-Premises
Do you only occasionally process non-sensitive documents without personal data?	Cloud may suffice

If you answer yes to even one of the first four questions, on-premises is the recommended deployment model. The effort involved in local installation is manageable — the legal and financial risks of cloud processing sensitive data are not.

Docuflair Redact: 100% On-Premises

Redaction software that never leaves your network

Docuflair Redact was designed from the ground up as an on-premises solution. The software runs entirely on your own infrastructure — with no cloud components, no external API calls and no telemetry.

No data leaves your network: The entire processing pipeline — OCR, PII detection, redaction, export — takes place locally.
No internet connection after setup: After installation and licence activation, the software operates fully offline. Air-gapped operation is explicitly supported.
AES-256 encryption: All processed documents are stored encrypted. SHA-256 hash chains ensure a complete audit trail.
From €399/month: No cloud subscription, no hidden costs. Transparent pricing from €4,788/year billed annually.

As an Austrian company, the manufacturer Administrator.at B2B GmbH is exclusively subject to EU law. There is no CLOUD Act, no US jurisdiction and no obligation to hand over customer data to foreign authorities.

Experience Data Sovereignty in Practice

See for yourself: in a 15-minute demo, we show you how Docuflair Redact processes sensitive documents directly on your server — no cloud, no compromises on data sovereignty.

Request Free Demo Discover Docuflair Redact

Frequently Asked Questions

Answers to the most important questions about on-premises redaction

Does Docuflair Redact require an internet connection?

No. After the initial installation and licence activation, Docuflair Redact does not require an internet connection. The software runs entirely on your local server — even in air-gapped networks with no external connectivity.

Can I run redaction software in an air-gapped network?

Yes. Docuflair Redact is specifically designed for operation in isolated networks. Installation is performed via a local installation package, and updates can be applied manually. No service communicates externally — ideal for government agencies and organisations with classified information requirements.

What certifications does Docuflair hold?

Docuflair is GDPR-compliant and supports the requirements of BSI TR-RESISCAN for replacement scanning. The software uses AES-256 encryption for stored data and SHA-256 hash chains for complete audit trails. As an Austrian company, the manufacturer is exclusively subject to EU law.

Is on-premises more expensive than cloud?

Not necessarily. Docuflair Redact is available from €399/month (€4,788/year billed annually) — significantly cheaper than comparable cloud subscriptions charging €50–200 per user per month. Over a 3-year period, the on-premises solution is typically more cost-effective. Additionally, you avoid the administrative burden of managing data processing agreements and auditing cloud providers.

On-Premises vs. Cloud: Redaction Software and Data Sovereignty