Security Architecture
Enterprise-grade security, built from the ground up.
Zero Trust Architecture
We designed Redactorr with zero trust principles: we assume our own servers could be compromised, so we simply never have access to your data. You don't have to trust us—the architecture makes it impossible for us to see your sensitive information.
Defense in Depth
Layer 1: Local Execution
What This Means
All document processing runs in a local server on your machine. Your files never traverse the network.
Implementation
- • Standalone binary (no Docker required)
- • Runs on localhost:8765 only
- • No external API calls for processing
Layer 2: Network Egress Guard
What This Means
Even if malicious code were injected, it couldn't exfiltrate data. All outbound connections are blocked except for a strict whitelist.
Allowed Connections
- • localhost (for local API)
- • redactorr.com (license/updates only)
- • All other connections: BLOCKED
Layer 3: Encrypted Storage
What This Means
Token mappings are encrypted at rest using industry-standard encryption. The key is derived from your machine's unique identifier.
Encryption Details
- • AES-256 encryption
- • PBKDF2 key derivation (480,000 iterations)
- • Machine-bound keys
- • Secure deletion on cleanup
Layer 4: Signed Updates
What This Means
Updates are cryptographically signed. The local runtime verifies signatures before applying any update, preventing supply chain attacks.
Verification Process
- • SHA-256 checksum verification
- • Code signing (platform-specific)
- • Rollback capability
- • Update manifest pinning
What You Trust
You Trust
- •Your own machine to run the local runtime
- •Our initial binary download (signed)
- •Signed updates from our CDN
You Don't Have to Trust
- •Our servers with your document data
- •Our employees seeing your data
- •Any cloud provider with sensitive content
Compliance Ready
Because your data never leaves your infrastructure, Redactorr helps you maintain compliance with:
Security You Can Verify
Try Redactorr and see the security in action.