Self-hosted PII engine

Redact sensitive data before it reaches the model.

Rakshiq finds names, emails, cards, national IDs, and API keys — in plain text, uploaded documents, or call transcripts — and strips them out, running inside your own infrastructure. Presidio-compatible, no Python, nothing leaves your servers.

Self-hosted · single Docker image · license key · runs on your infrastructure

POST /anonymize
6 ms 0 entities detecting…
01

User input

What people type into your prompt.

02

Retrieved context

RAG chunks often carry more PII than the query.

03

Tool results

Data agents pull back from APIs and databases.

04

Model output

Responses, before they land in your logs.

One engine, every surface

Not just chat text. Documents, transcripts, and secrets too.

Same detection engine, same six operators — three more places PII actually shows up in a real product, not just a prompt box.

Documents

PDF, DOCX, and TXT — redacted in place

Upload a file, get back detected entities per page or paragraph, or a fully redacted version. Never written to disk — read into memory, processed, discarded.

Transcripts

Call-centre and voice-AI conversations

Post an already-transcribed conversation — speaker, text, timing — and get it back redacted with every segment's timing intact. Most ASR stacks already produce text; there's no audio pipeline to stand up first.

Secrets

API keys, tokens, and private keys

AWS keys, JWTs, Slack/GitHub tokens, full PEM private-key blocks, and an entropy-gated catch-all for anything else that looks like a credential — the same engine that catches a phone number now catches one pasted into a prompt.

What it does

A guardrail that sits on the hot path.

Detection in two stages, anonymization in six ways, tuned to how your organization defines sensitive.

Fast tier by default

Structured PII — emails, cards, national IDs — via regex and checksums, built for high-volume traffic.

Runs where your data is

A single static binary or container. Text is processed in memory; nothing leaves your perimeter.

Presidio-compatible

The same /analyze and /anonymize shapes. Point existing clients at a new base URL.

Six operators

Replace, mask, hash, redact, keep, and a reversible encrypt — set per entity type.

Names & places on demand

An optional NER tier adds people, locations, and organizations — including Hindi and Hinglish, not just English.

Tuned to your org

Add custom recognizers, thresholds, and allow-lists for known-safe values through one config — no code changes.

Documentation

How the detect → redact workflow actually works.

No separate docs site to go read — here's the real setup and request flow, end to end.

01

Run the engine next to your app

Pull the Docker image or run the compiled binary inside your own network — no outbound dependency at request time. It starts a single HTTP service (default :8080) with no external calls unless you opt into multi-tenant mode.

docker run -p 8080:8080 rakshiq/engine
02

Your app calls one endpoint — detection is automatic

You don't run a separate "check for PII" step. Send raw text to POST /anonymize and PII is detected and replaced in the same call. Prefer to see spans first and decide what to do with each? Call POST /analyze instead — it returns entity type, offsets, and confidence score per span without rewriting the text.

POST /anonymize → redacted text back in one round trip
03

Pick a tier: fast, or full

Pass "tier": "fast" for regex + checksum recognizers only — emails, cards, national IDs, phone numbers — tuned for high-throughput traffic. Pass "tier": "full" to add the NER model that also catches unstructured entities: person names, locations, organizations. Fast is the default; full costs more latency for broader coverage.

04

Choose what happens to each entity type

Six operators, set per entity type in the request or your config: replace (a placeholder like <PERSON>), mask (partial, e.g. last 4 digits), hash, redact (removed entirely), keep (leave as-is — for an allow-listed field), and encrypt — AES-256-GCM, reversible later via POST /deanonymize if you need the original value back downstream.

05

Add your own regex and exceptions — no redeploy

Your organization has entities the defaults don't know: an internal employee ID format, a customer account number, a partner's national ID scheme. Add a custom recognizer — a name, a regex pattern, a confidence score — through rakshiq.toml or the dashboard's Config page, backed by GET/PUT /config. The dashboard ships preset templates (GSTIN, IBAN, passport formats, and more) so you're rarely writing regex from scratch. An allow_list on the same config marks known-safe values — a shared support inbox, a company phone line — so they're never flagged.

06

The same pipeline works on documents and transcripts, not just text

A file upload or a transcript segment runs through the exact same recognizers, NER model, and operators as a plain /analyze call — just extracted first (per PDF page, per DOCX paragraph, per transcript turn). Nothing new to configure per surface.

EndpointMethodWhat it does
/analyzePOSTDetect PII spans, return type + offsets + confidence — no rewriting
/anonymizePOSTDetect and rewrite text in one call, per-entity operators
/analyze-documentPOSTUpload a .txt/.docx/.pdf, detect PII per page/paragraph
/anonymize-documentPOSTSame, redacted — never written to disk, in-memory only
/anonymize-transcriptPOSTRedact a {speaker,text,start_ms,end_ms}[] conversation, timing preserved
/deanonymizePOSTReverse an encrypt-operator field back to its original value
/configGET / PUTRead or update custom recognizers, allow-list, score threshold
/statsGETRequest counts and latency for your deployment
/audit-logGETEntity types and actions per call (never raw text) — multi-tenant mode
/licenseGETOffline license key status: valid, expired, invalid, or absent
/healthGETLiveness check for your orchestrator
The API

Send text. Get spans. Redact.

One request detects and rewrites in a single pass. Detection runs automatically when you don't pass results.

request
$ curl -X POST localhost:8080/anonymize \
  -d '{
    "text": "John Doe · john@acme.io",
    "tier": "full"
  }'
response
{
  "text": "<PERSON> · <EMAIL_ADDRESS>",
  "items": [
    { "entity_type": "PERSON",
      "start": 0, "end": 8 },
    { "entity_type": "EMAIL_ADDRESS",
      "start": 20, "end": 32 }
  ]
}
See it run

The dashboard's Playground, on a real request.

Same engine, same API — this is an actual screenshot, not a mockup.

Rakshiq dashboard Playground tab showing a detected PERSON, EMAIL_ADDRESS, PHONE_NUMBER and CREDIT_CARD span in a sample sentence, followed by the redacted output with each span replaced by its entity-type placeholder.
Input: "Hi, this is Priya Sharma. Reach me at priya.sharma@acme.com or +91 98765 43210. My card is 4111 1111 1111 1111." 4 spans detected · full tier
Rakshiq dashboard Playground's Document tab showing a 3-paragraph .docx file with PERSON, EMAIL_ADDRESS, PHONE_NUMBER, IN_AADHAAR, and IN_PAN detected per paragraph.
Same Playground, Document tab — a real .docx upload, India entity types included. 5 spans across 3 paragraphs · full tier
vs. Microsoft Presidio

Compatible request shape. Different runtime.

Rakshiq speaks the same /analyze / /anonymize contract as Presidio, rebuilt in Rust with a native NER runtime instead of a Python + spaCy stack. Measured on our own benchmark suite — see exactly how below, we're not hiding the methodology.

Metric
Rakshiq
Presidio
Recall (full tier)
97.4%
97.1%
Precision (full tier)
92.5%
88.1%
Throughput (fast tier)
~11x baseline
1x baseline
Memory footprint (fast tier)
~13 MB
~475 MB
How we measured this — ask us for the raw numbers

A small, hand-labeled internal benchmark: 25 sentences, 38 labeled entities across 8 types (emails, cards, SSNs, phone numbers, IP addresses, names, locations, organizations), scored by exact span-overlap and entity-type match against both engines. Presidio was tested with its default en_core_web_sm spaCy model. This is not an industry-standard dataset (like CoNLL) or a large-scale corpus — it's the same sanity-check suite we use during development. A different text mix, a bigger dataset, or Presidio's larger spaCy model will move these numbers.

One more thing worth knowing before you rely on this: the ~11x throughput and ~13MB memory figures are fast tier only — structured PII (emails, cards, IDs, phone numbers), no names or places. Turn on full tier for PERSON/LOCATION/ORGANIZATION detection (what the recall/precision numbers above reflect) and throughput drops to roughly parity with Presidio, not 11x — NER inference cost dominates regardless of which engine is running it. We'd rather you hear that from us than find it out after deploying.

Run your own sample in the Playground above, or ask and we'll share the benchmark scripts directly.

Built for India

Real Indian ID formats — checksums included, not just regex shapes.

Most PII tools treat Indian IDs as an afterthought: a bare-shape regex with no validation. Rakshiq checks the actual algorithms, and understands Hindi and Hinglish, not only English.

Aadhaar

Validated against the real Verhoeff checksum — random 12-digit numbers are rejected, not just shape-matched.

PAN

The 4th character is checked against the real holder-type codes (individual, company, trust, HUF, ...), not just letters-then-digits.

GSTIN

GST registration numbers, including the embedded PAN structure.

IFSC

Bank branch codes, for payment and KYC workflows.

Vehicle registration

State + RTO code + series + number, with or without spaces.

Voter ID

EPIC numbers.

Hinglish input
$ curl -X POST localhost:8080/anonymize \
  -d '{
    "text": "mera naam Rahul hai, PAN ABCPE1234F",
    "tier": "full"
  }'
Redacted output
{
  "text": "mera naam <PERSON> hai, PAN <IN_PAN>"
}
India benchmark — reproducible, not a claimed number

16 hand-labeled cases covering Aadhaar, PAN, GSTIN, IFSC, vehicle registration, and voter ID, plus Hinglish and Devanagari Hindi names and places: 95.7% recall, 100% precision on the current build. Dataset and scoring script are both real, runnable code (benchmark/india_benchmark.py) — run it yourself rather than take our word for it.

Honest limit: the Hindi/Hinglish NER model covers Hindi specifically, not yet Tamil, Telugu, or Bengali — the natural next model for those, ai4bharat/IndicNER, is gated behind a manual access request we haven't completed. We'd rather say that than imply broader coverage than what's actually running.

Built for regulated teams

Your data never leaves your network.

Rakshiq runs where your data already lives — on-premise, in your VPC, or fully air-gapped. There is no vendor endpoint to trust.

On-prem & air-gap

Deploy as a binary or container inside your own perimeter, no outbound calls.

Delivered as an image

Ships as a signed Docker image with an offline license key — no source to manage, nothing to leak.

Audit log

Every detection recorded — entity types and actions, never the raw sensitive text.

Offline licensing

Signature-based license keys verify locally. No phone-home, ever.

Compliance framing

Built around data protection principles, not one country's law

Privacy regulations differ by country, but the underlying principles repeat almost everywhere: minimize what you collect, control where it goes, and be able to show your work. Here's how the architecture maps to those shared principles — not a certification we're selling you, but how the system is actually built, for your own legal or privacy team to assess against whichever regulation applies to you.

Data residency & cross-border transfer

Data never crosses a border it doesn't already cross

Because Rakshiq runs inside your own infrastructure, processing happens wherever you deploy it. There's no third-party service in the path making a cross-border transfer decision for you — that decision stays entirely under your control, which is the core of what most data-localization and cross-border-transfer rules ask for, whichever regulation applies to you.

Data minimization

In-memory processing supports minimization

Request text is processed in memory for the duration of the call and is not written to disk or logs by the engine itself (see src/main.rs, src/detectors.rs). The audit log records entity types and byte size only, never the raw text — so accountability records don't themselves become a new copy of personal data. Minimization is a core principle across nearly every modern privacy law, not just one.

Any jurisdiction

Encryption you hold the key to

The reversible encrypt operator uses AES-256-GCM with a caller-supplied key — Rakshiq never stores it. If you need to prove a value was recoverable only by you, that's the mechanism.

Any jurisdiction

Verify it yourself, don't take our word for it

Licensed customers evaluating this for a regulated workload can review the full source under NDA — the exact code paths above, not a summary of them.

This describes how the system is architected, not a legal opinion or a certification for any specific law. Whether Rakshiq's architecture satisfies your obligations depends on your full processing context, not just the tooling — confirm applicability with your own legal or privacy function, wherever in the world you're regulated.

Getting Rakshiq

How you actually receive the software.

Rakshiq ships as a fully self-contained, signed Docker image with an offline license key. Pull the image, drop in your key, and you're running inside your own infrastructure — no build pipeline, no dependency management, nothing to patch or maintain on your end.

How you get it

Ready to run, out of the box

A production-ready, signed image — deploy in minutes with zero source to build, patch, or maintain.

  1. We hand you a built Docker image (private registry or signed tarball)
  2. We issue you a signed RAKSHIQ_LICENSE_KEY
  3. You set the env var — verification happens offline, no phone-home
Before you commit

Evaluate under NDA first

Regulated buyers who need to audit before committing can review the full source under a signed NDA — a one-time sales/trust step, arranged directly with us. It doesn't change what you're delivered afterward: still the licensed image, never the repository.

  1. Tell us your evaluation timeline in the form below
  2. We arrange the NDA review directly with you
  3. You get a working licensed deployment, not a sales deck
Questions

What teams ask first.

Do we get the source code?

You get a licensed, ready-to-run Docker image that runs entirely inside your infrastructure — nothing to build, patch, or maintain on your end, and nothing leaves your servers. Enterprise evaluators can review the full source under NDA before committing.

Does our data ever leave our servers?

No. The engine runs inside your own infrastructure — on-prem, in your VPC, or air-gapped. Text is processed in memory and never sent to any external endpoint.

How is it licensed?

Rakshiq is proprietary, delivered as a signed Docker image with an offline license key, licensed per deployment. You run it entirely inside your own infrastructure — no source to build or maintain. Enterprise evaluators can review the full source under NDA.

Can we run the dashboard on-prem too?

Yes. The dashboard deploys inside your infrastructure alongside the engine — nothing is hosted by us.

Is it really compatible with Presidio?

Yes. The /analyze and /anonymize request and response shapes match Presidio, so most clients switch with a base-URL change.

Can we add our own PII types?

Yes — custom regex recognizers and an allow-list for known-safe values, configured through rakshiq.toml or the dashboard, no redeploy needed.

Does it catch secrets, not just personal data?

Yes — AWS keys, Google API keys, Slack and GitHub tokens, JWTs, full PEM private-key blocks, basic-auth URLs, and a generic entropy-gated catch-all for anything else that looks like a credential. Togglable as one group in config if you only want personal-data detection.

Can it redact PDFs and Word documents, not just text?

Yes — POST /analyze-document and /anonymize-document accept a .txt/.docx/.pdf upload, extract text per page or paragraph, and run it through the same detection pipeline. Nothing is written to disk; a scanned/image PDF with no text layer returns a clear message rather than a crash.

Does it work with call transcripts or voice AI?

Yes for transcripts today — POST /anonymize-transcript takes an already-transcribed conversation (speaker, text, timing) and returns it redacted with timing intact. Most call-centre and voice-AI stacks already produce text, so this needs no audio pipeline. Direct audio upload is a deliberate later phase, not built yet.

Does it work with Hindi, or only English?

An opt-in Hindi NER model covers Devanagari script and Hinglish (romanized Hindi mixed with English) for names and places, alongside Aadhaar (Verhoeff-checksummed), PAN, GSTIN, IFSC, vehicle registration, and voter ID recognizers. Tamil, Telugu, and Bengali aren't covered yet — see the India section above for the honest reason why.

Talk to us

Tell us what you're trying to protect.

Request access, book a walkthrough, or ask a question — this goes straight to us, no ticket queue. Prefer email directly?

info@rakshiq.com