Redact sensitive data before it reaches the model.
Rakshiq finds names, emails, cards, national IDs, and API keys — in plain text, uploaded documents, or call transcripts — and strips them out, running inside your own infrastructure. Presidio-compatible, no Python, nothing leaves your servers.
Self-hosted · single Docker image · license key · runs on your infrastructure
User input
What people type into your prompt.
Retrieved context
RAG chunks often carry more PII than the query.
Tool results
Data agents pull back from APIs and databases.
Model output
Responses, before they land in your logs.
Not just chat text. Documents, transcripts, and secrets too.
Same detection engine, same six operators — three more places PII actually shows up in a real product, not just a prompt box.
PDF, DOCX, and TXT — redacted in place
Upload a file, get back detected entities per page or paragraph, or a fully redacted version. Never written to disk — read into memory, processed, discarded.
Call-centre and voice-AI conversations
Post an already-transcribed conversation — speaker, text, timing — and get it back redacted with every segment's timing intact. Most ASR stacks already produce text; there's no audio pipeline to stand up first.
API keys, tokens, and private keys
AWS keys, JWTs, Slack/GitHub tokens, full PEM private-key blocks, and an entropy-gated catch-all for anything else that looks like a credential — the same engine that catches a phone number now catches one pasted into a prompt.
A guardrail that sits on the hot path.
Detection in two stages, anonymization in six ways, tuned to how your organization defines sensitive.
Fast tier by default
Structured PII — emails, cards, national IDs — via regex and checksums, built for high-volume traffic.
Runs where your data is
A single static binary or container. Text is processed in memory; nothing leaves your perimeter.
Presidio-compatible
The same /analyze and /anonymize shapes. Point existing clients at a new base URL.
Six operators
Replace, mask, hash, redact, keep, and a reversible encrypt — set per entity type.
Names & places on demand
An optional NER tier adds people, locations, and organizations — including Hindi and Hinglish, not just English.
Tuned to your org
Add custom recognizers, thresholds, and allow-lists for known-safe values through one config — no code changes.
How the detect → redact workflow actually works.
No separate docs site to go read — here's the real setup and request flow, end to end.
Run the engine next to your app
Pull the Docker image or run the compiled binary inside your own network — no outbound dependency at request time. It starts a single HTTP service (default :8080) with no external calls unless you opt into multi-tenant mode.
Your app calls one endpoint — detection is automatic
You don't run a separate "check for PII" step. Send raw text to POST /anonymize and PII is detected and replaced in the same call. Prefer to see spans first and decide what to do with each? Call POST /analyze instead — it returns entity type, offsets, and confidence score per span without rewriting the text.
Pick a tier: fast, or full
Pass "tier": "fast" for regex + checksum recognizers only — emails, cards, national IDs, phone numbers — tuned for high-throughput traffic. Pass "tier": "full" to add the NER model that also catches unstructured entities: person names, locations, organizations. Fast is the default; full costs more latency for broader coverage.
Choose what happens to each entity type
Six operators, set per entity type in the request or your config: replace (a placeholder like <PERSON>), mask (partial, e.g. last 4 digits), hash, redact (removed entirely), keep (leave as-is — for an allow-listed field), and encrypt — AES-256-GCM, reversible later via POST /deanonymize if you need the original value back downstream.
Add your own regex and exceptions — no redeploy
Your organization has entities the defaults don't know: an internal employee ID format, a customer account number, a partner's national ID scheme. Add a custom recognizer — a name, a regex pattern, a confidence score — through rakshiq.toml or the dashboard's Config page, backed by GET/PUT /config. The dashboard ships preset templates (GSTIN, IBAN, passport formats, and more) so you're rarely writing regex from scratch. An allow_list on the same config marks known-safe values — a shared support inbox, a company phone line — so they're never flagged.
The same pipeline works on documents and transcripts, not just text
A file upload or a transcript segment runs through the exact same recognizers, NER model, and operators as a plain /analyze call — just extracted first (per PDF page, per DOCX paragraph, per transcript turn). Nothing new to configure per surface.
| Endpoint | Method | What it does |
|---|---|---|
/analyze | POST | Detect PII spans, return type + offsets + confidence — no rewriting |
/anonymize | POST | Detect and rewrite text in one call, per-entity operators |
/analyze-document | POST | Upload a .txt/.docx/.pdf, detect PII per page/paragraph |
/anonymize-document | POST | Same, redacted — never written to disk, in-memory only |
/anonymize-transcript | POST | Redact a {speaker,text,start_ms,end_ms}[] conversation, timing preserved |
/deanonymize | POST | Reverse an encrypt-operator field back to its original value |
/config | GET / PUT | Read or update custom recognizers, allow-list, score threshold |
/stats | GET | Request counts and latency for your deployment |
/audit-log | GET | Entity types and actions per call (never raw text) — multi-tenant mode |
/license | GET | Offline license key status: valid, expired, invalid, or absent |
/health | GET | Liveness check for your orchestrator |
Send text. Get spans. Redact.
One request detects and rewrites in a single pass. Detection runs automatically when you don't pass results.
$ curl -X POST localhost:8080/anonymize \ -d '{ "text": "John Doe · john@acme.io", "tier": "full" }'
{
"text": "<PERSON> · <EMAIL_ADDRESS>",
"items": [
{ "entity_type": "PERSON",
"start": 0, "end": 8 },
{ "entity_type": "EMAIL_ADDRESS",
"start": 20, "end": 32 }
]
}The dashboard's Playground, on a real request.
Same engine, same API — this is an actual screenshot, not a mockup.
Compatible request shape. Different runtime.
Rakshiq speaks the same /analyze / /anonymize contract as Presidio, rebuilt in Rust with a native NER runtime instead of a Python + spaCy stack. Measured on our own benchmark suite — see exactly how below, we're not hiding the methodology.
A small, hand-labeled internal benchmark: 25 sentences, 38 labeled entities across 8 types (emails, cards, SSNs, phone numbers, IP addresses, names, locations, organizations), scored by exact span-overlap and entity-type match against both engines. Presidio was tested with its default en_core_web_sm spaCy model. This is not an industry-standard dataset (like CoNLL) or a large-scale corpus — it's the same sanity-check suite we use during development. A different text mix, a bigger dataset, or Presidio's larger spaCy model will move these numbers.
One more thing worth knowing before you rely on this: the ~11x throughput and ~13MB memory figures are fast tier only — structured PII (emails, cards, IDs, phone numbers), no names or places. Turn on full tier for PERSON/LOCATION/ORGANIZATION detection (what the recall/precision numbers above reflect) and throughput drops to roughly parity with Presidio, not 11x — NER inference cost dominates regardless of which engine is running it. We'd rather you hear that from us than find it out after deploying.
Run your own sample in the Playground above, or ask and we'll share the benchmark scripts directly.
Real Indian ID formats — checksums included, not just regex shapes.
Most PII tools treat Indian IDs as an afterthought: a bare-shape regex with no validation. Rakshiq checks the actual algorithms, and understands Hindi and Hinglish, not only English.
Aadhaar
Validated against the real Verhoeff checksum — random 12-digit numbers are rejected, not just shape-matched.
PAN
The 4th character is checked against the real holder-type codes (individual, company, trust, HUF, ...), not just letters-then-digits.
GSTIN
GST registration numbers, including the embedded PAN structure.
IFSC
Bank branch codes, for payment and KYC workflows.
Vehicle registration
State + RTO code + series + number, with or without spaces.
Voter ID
EPIC numbers.
$ curl -X POST localhost:8080/anonymize \ -d '{ "text": "mera naam Rahul hai, PAN ABCPE1234F", "tier": "full" }'
{
"text": "mera naam <PERSON> hai, PAN <IN_PAN>"
}16 hand-labeled cases covering Aadhaar, PAN, GSTIN, IFSC, vehicle registration, and voter ID, plus Hinglish and Devanagari Hindi names and places: 95.7% recall, 100% precision on the current build. Dataset and scoring script are both real, runnable code (benchmark/india_benchmark.py) — run it yourself rather than take our word for it.
Honest limit: the Hindi/Hinglish NER model covers Hindi specifically, not yet Tamil, Telugu, or Bengali — the natural next model for those, ai4bharat/IndicNER, is gated behind a manual access request we haven't completed. We'd rather say that than imply broader coverage than what's actually running.
Your data never leaves your network.
Rakshiq runs where your data already lives — on-premise, in your VPC, or fully air-gapped. There is no vendor endpoint to trust.
On-prem & air-gap
Deploy as a binary or container inside your own perimeter, no outbound calls.
Delivered as an image
Ships as a signed Docker image with an offline license key — no source to manage, nothing to leak.
Audit log
Every detection recorded — entity types and actions, never the raw sensitive text.
Offline licensing
Signature-based license keys verify locally. No phone-home, ever.
Built around data protection principles, not one country's law
Privacy regulations differ by country, but the underlying principles repeat almost everywhere: minimize what you collect, control where it goes, and be able to show your work. Here's how the architecture maps to those shared principles — not a certification we're selling you, but how the system is actually built, for your own legal or privacy team to assess against whichever regulation applies to you.
Data never crosses a border it doesn't already cross
Because Rakshiq runs inside your own infrastructure, processing happens wherever you deploy it. There's no third-party service in the path making a cross-border transfer decision for you — that decision stays entirely under your control, which is the core of what most data-localization and cross-border-transfer rules ask for, whichever regulation applies to you.
In-memory processing supports minimization
Request text is processed in memory for the duration of the call and is not written to disk or logs by the engine itself (see src/main.rs, src/detectors.rs). The audit log records entity types and byte size only, never the raw text — so accountability records don't themselves become a new copy of personal data. Minimization is a core principle across nearly every modern privacy law, not just one.
Encryption you hold the key to
The reversible encrypt operator uses AES-256-GCM with a caller-supplied key — Rakshiq never stores it. If you need to prove a value was recoverable only by you, that's the mechanism.
Verify it yourself, don't take our word for it
Licensed customers evaluating this for a regulated workload can review the full source under NDA — the exact code paths above, not a summary of them.
This describes how the system is architected, not a legal opinion or a certification for any specific law. Whether Rakshiq's architecture satisfies your obligations depends on your full processing context, not just the tooling — confirm applicability with your own legal or privacy function, wherever in the world you're regulated.
How you actually receive the software.
Rakshiq ships as a fully self-contained, signed Docker image with an offline license key. Pull the image, drop in your key, and you're running inside your own infrastructure — no build pipeline, no dependency management, nothing to patch or maintain on your end.
Ready to run, out of the box
A production-ready, signed image — deploy in minutes with zero source to build, patch, or maintain.
- We hand you a built Docker image (private registry or signed tarball)
- We issue you a signed
RAKSHIQ_LICENSE_KEY - You set the env var — verification happens offline, no phone-home
Evaluate under NDA first
Regulated buyers who need to audit before committing can review the full source under a signed NDA — a one-time sales/trust step, arranged directly with us. It doesn't change what you're delivered afterward: still the licensed image, never the repository.
- Tell us your evaluation timeline in the form below
- We arrange the NDA review directly with you
- You get a working licensed deployment, not a sales deck
What teams ask first.
Do we get the source code?
You get a licensed, ready-to-run Docker image that runs entirely inside your infrastructure — nothing to build, patch, or maintain on your end, and nothing leaves your servers. Enterprise evaluators can review the full source under NDA before committing.
Does our data ever leave our servers?
No. The engine runs inside your own infrastructure — on-prem, in your VPC, or air-gapped. Text is processed in memory and never sent to any external endpoint.
How is it licensed?
Rakshiq is proprietary, delivered as a signed Docker image with an offline license key, licensed per deployment. You run it entirely inside your own infrastructure — no source to build or maintain. Enterprise evaluators can review the full source under NDA.
Can we run the dashboard on-prem too?
Yes. The dashboard deploys inside your infrastructure alongside the engine — nothing is hosted by us.
Is it really compatible with Presidio?
Yes. The /analyze and /anonymize request and response shapes match Presidio, so most clients switch with a base-URL change.
Can we add our own PII types?
Yes — custom regex recognizers and an allow-list for known-safe values, configured through rakshiq.toml or the dashboard, no redeploy needed.
Does it catch secrets, not just personal data?
Yes — AWS keys, Google API keys, Slack and GitHub tokens, JWTs, full PEM private-key blocks, basic-auth URLs, and a generic entropy-gated catch-all for anything else that looks like a credential. Togglable as one group in config if you only want personal-data detection.
Can it redact PDFs and Word documents, not just text?
Yes — POST /analyze-document and /anonymize-document accept a .txt/.docx/.pdf upload, extract text per page or paragraph, and run it through the same detection pipeline. Nothing is written to disk; a scanned/image PDF with no text layer returns a clear message rather than a crash.
Does it work with call transcripts or voice AI?
Yes for transcripts today — POST /anonymize-transcript takes an already-transcribed conversation (speaker, text, timing) and returns it redacted with timing intact. Most call-centre and voice-AI stacks already produce text, so this needs no audio pipeline. Direct audio upload is a deliberate later phase, not built yet.
Does it work with Hindi, or only English?
An opt-in Hindi NER model covers Devanagari script and Hinglish (romanized Hindi mixed with English) for names and places, alongside Aadhaar (Verhoeff-checksummed), PAN, GSTIN, IFSC, vehicle registration, and voter ID recognizers. Tamil, Telugu, and Bengali aren't covered yet — see the India section above for the honest reason why.
Tell us what you're trying to protect.
Request access, book a walkthrough, or ask a question — this goes straight to us, no ticket queue. Prefer email directly?
info@rakshiq.com