OPEN SOURCE · APACHE 2.0

PII redaction
for LLM pipelines.
Local. Free. No signup.

Redact and tokenize sensitive data before it hits any LLM API. Runs entirely on your machine, no data leaves your infra, no account required.

View on GitHub Quick Start Live demo
17 PII types
161 passing tests
0€ forever
17 PII entity types
6 compliance policies
5ms scan p50
161 tests, 83% coverage
0€ to run forever
FEATURES

Everything you need

Zero cloud dependency. Plug in and protect.

🔍
PII Detection

Regex + heuristics, precision 1.00 on validation dataset. 17 entity types across EN and FR.

🔐
Fernet AES-256 Vault

Reversible tokenization. Original values stored encrypted locally, restorable on demand.

📋
Compliance Policies

Built-in: GDPR, HIPAA, PCI-DSS, strict, moderate, permissive. Custom policies via API.

🖥️
Next.js Dashboard

Scanner, vault browser, audit log, reports, webhook config. 15 languages via next-intl.

🐍
Python SDK

Drop-in wrappers for OpenAI and Anthropic clients. Redaction is transparent to your code.

📊
Audit & Reports

Full audit trail, PDF export, compliance summaries, webhook dispatch on events.

DETECTED ENTITIES

17 sensitive data types

Covering personal, financial, medical data and credentials.

EMAIL PHONE_NUMBER CREDIT_CARD IBAN SSN PASSPORT IP_ADDRESS URL DATE_OF_BIRTH NAME ADDRESS MEDICAL_RECORD NPI API_KEY JWT_TOKEN AWS_KEY BITCOIN_ADDRESS
QUICK START

Up in 3 commands

# 1. Clone
git clone https://github.com/MAXIAWORLD/guardforge.git
cd guardforge

# 2. Configure
cp backend/.env.example backend/.env

# 3. Run
docker compose up

# → Dashboard  http://localhost:3003
# → API        http://localhost:8004
# → API docs   http://localhost:8004/docs

Honest limitations

  • Regex-only, no ML NER (Presidio, spaCy). Works well for structured PII, less so for free-form names in long text.
  • SQLite only, no PostgreSQL vault adapter yet.
  • No multi-tenant isolation, designed for single-user / team self-hosted use.
  • No streaming support, stream=True raises NotImplementedError explicitly.
  • SIREN/SIRET detection disabled by default (high false-positive rate).

Full limitations documentation →