Compliance
The answers your DPO expects.
Before handing a client document to a tool, you check. Here are the answers. Precise, verifiable, limits included.
Where are documents processed?
On your machine, and nowhere else. Detection and anonymization run locally. Unplug the network: everything keeps working.
What leaves the machine?
No document, no excerpt. The first launch downloads the engine once (from our distribution space, GitHub) and the detection models (Hugging Face). On activation, your email address. That's all.
How is reversibility protected?
The mapping between fake name and real data is encrypted with AES-256-GCM, using a key derived from your passphrase via Argon2id. Without the passphrase, no one decodes it. Not even us.
Is there any telemetry?
No. No tracker, no usage stats, not a single file sent. Nothing to turn off, because there's nothing to turn on.
What does the publisher see?
The license email and, at activation, the date, the operating system and the app version. No hardware identifier, no content. The detail is in the privacy policy.
Can you verify what reads the documents?
The detection models are open (MIT, Apache-2.0), published on Hugging Face. You can see what reads your documents. The application itself is not open source, and doesn't claim to be.
What traceability for the records register?
Each run produces a report generated locally: categories, counts, exclusions, SHA-256 fingerprint, version. No personal data inside. A trace to archive.
Are updates signed?
Yes. Every update is verified by signature (minisign) before installation, and the macOS app is signed and notarized by Apple (Developer ID). On Windows, code signing is coming.
And the limits?
Automatic detection doesn't replace review. On a sensitive document, go back over the tool. It helps, it doesn't decide for you.
These answers follow the CNIL recommendations on AI and the GDPR (July 2025) and the CNB self-assessment grid for AI tools (June 2025). A question from your DPO? Write to us. See also the privacy policy.