Getting Started with Secure Redact

Welcome to Secure Redact — Sensitive Data Detection & Redaction.

Effective Date: April 12, 2026

---

What is Secure Redact?

Secure Redact is a sensitive data detection and redaction tool that identifies and redacts personal information, credentials, financial data, and system identifiers from text. The app uses signature-based detection with contextual analysis to find patterns like email addresses, passwords, API keys, IP addresses, credit card numbers, SSNs, and more — all processed 100% offline on your device. Your data never leaves your device.

---

Key Features

• Multi-Category Detection — Detect 20+ types of sensitive data across identity, credentials, financial, and system categories
• Customizable Policies — Choose which data types to detect and redact (Secrets, Balanced, Standard, Enhanced)
• Local Redaction — All redaction happens on your device with no server transmission
• Audit Logs — Local logs show which policies were used and detection statistics
• Custom Threat Feeds — Bring Your Own Feed (BYOF) to add domain blocklists or other threat data
• 100% Offline redactions — No internet connection required for redactions, no analytics, no tracking.
• Cross-Platform — Available on iOS, iPadOS, macOS, and Windows

---

Navigating the App

When you open Secure Redact, you'll find the main sections:

Redact — Your starting point. Paste text, select a redaction policy, and redact sensitive data instantly.

Threat Feeds — Manage custom threat feeds (BYOF). Add, enable, disable, or test external threat sources.

Audit & Analytics — View local logs of redaction operations, detected signatures, and performance metrics.

Settings — Switch theme (Light/Dark).

---

How to Redact Your First Document

Step 1 — Paste Your Text

Tap Redact and paste or type text containing sensitive data. This can be:

• Code snippets with API keys
• Log files with IPs and credentials
• Documents with personal information
• Network configuration files
• Any plain text document

Step 2 — Choose a Redaction Policy

Select one of four built-in policies:

Secrets
Detects: API keys, JWTs, session IDs, passwords, database connection strings, private keys.

Balanced
Detects: Credentials + identity data (emails, phone numbers, IDs, contextual passwords).

Standard
Detects: Credentials + identity + financial data (credit cards, IBANs, SWIFT codes, crypto addresses).

Enhanced
Detects: Credentials + identity + financial + system identifiers (IPs, MAC addresses, UUIDs, URLs, file paths, VINs).

Step 3 — Review Redaction Results

Tap Redact to process. You'll see:

• Original Text (left panel) — Your input unchanged
• Redacted Text (right panel) — Data redacted based on your Partial Mode setting:
  • Partial Mode OFF: Shows full redaction labels like [REDACTED], [IP_REDACTED], [MAC_REDACTED]
  • Partial Mode ON: Shows asterisks **** replacing sensitive parts (e.g., 192.168.*****, [MAC_00:1A:2B:***])
• Detection Count — How many sensitive signatures were found and redacted
• Policy Used — Which redaction policy was applied

Step 4 — Verify & Copy

Review the redacted text carefully to ensure all sensitive data is hidden. Then:

• Copy — Copy redacted text to clipboard

---

Redaction Modes

Secure Redact offers two redaction display modes:

Partial Mode OFF
Replaces sensitive data with descriptive labels: [REDACTED], [IP_REDACTED], [MAC_REDACTED], etc.

Partial Mode ON
Replaces sensitive portions with asterisks, preserving data structure: 192.168.*****, [MAC_00:1A:2B:***]

Toggle between modes in the redaction interface based on your needs.

---

What Each Policy Detects

Secrets Policy

• API Keys
• JWT Tokens
• Session IDs
• Contextual Passwords
• Database Connection Strings
• Cryptographic Private Keys

Balanced Policy (Secrets +)

• Email Addresses
• Phone Numbers
• US Social Security Numbers
• Device IDs (IMEI/MEID)
• Contextual IDs
• GPS Coordinates

Standard Policy (Balanced +)

• Credit Cards
• IBANs
• SWIFT/BIC Codes
• Cryptocurrency Addresses

Enhanced Policy (Standard +)

• IP Addresses
• MAC Addresses
• UUIDs
• URLs
• File Paths
• Vehicle IDs (VINs)

Customization

On Pro plan, you can create custom policies by:

• Enabling/disabling individual detection types
• Setting custom redaction characters (e.g., *** instead of [REDACTED])
• Saving your custom policy for reuse

---

Working with Threat Feeds (BYOF)

Secure Redact allows you to add custom threat feeds — your own blocklists of domains, IPs, or other identifiers.

Step 1 — Add a Threat Feed

Tap Threat Feeds > Add Web Feed and enter:

• Feed Name — Label for your feed (e.g., "Phishing Domains")
• Feed URL — HTTP endpoint serving your feed data (JSON, CSV, or plaintext)
• Threat Type — Category (phishing, malware, botnet, etc.)
• Update Schedule — How often to refresh (hourly, daily, weekly)

Step 2 — Test the Feed

Tap Test to verify the feed is:

• Accessible and returns data
• In a supported format
• Parsing correctly

Step 3 — Enable & Use

Once validated, the feed is automatically imported and stored locally on your device. Enable it to include the data in threat detection operations.

Step 4 — Manage Feeds

You can:

• Refresh — Manually update feed data
• Disable — Turn off without deleting
• Delete — Remove feed and data
• Schedule — Set automatic refresh intervals

Important Notes on Threat Feeds

• You own the risk — You are responsible for feed accuracy, legality, and compliance with feed provider terms
• Local storage — All feed data is stored on your device only
• No updates from us — Klexaro Labs does not manage, maintain, or verify external feeds
• Your responsibility — You must ensure you have rights to use the feed data

---

Understanding Redaction Results

Detection Accuracy

Secure Redact uses signature-based detection, which means:

• Matches known patterns — Detects data that matches recognized formats (credit card numbers, IP addresses, email patterns, etc.)
• Not foolproof — May miss data in non-standard formats or natural language (e.g., "my password is hunter2")
• Context-aware — Looks for surrounding context to reduce false positives
• Plain text only — Works on text; cannot extract or process images, PDFs, or binary files

What Gets Missed

Signature-based detection may NOT catch:

• Sensitive data written in natural language ("my SSN is..." without the actual number)
• Intentionally obfuscated information ("p@ssw0rd" variations)
• Regional ID formats not in the detection database
• Full names and postal addresses (too many legitimate variations)
• Encoded or encrypted data (unless the encoding itself has a signature, like JWT)

Always Verify

You are responsible for reviewing redaction results. Do not assume all sensitive data is detected. Common practice:

1. Redact with Secure Redact
2. Manually review the output
3. Look for any obvious sensitive data that wasn't redacted
4. Apply additional redaction manually if needed
5. Consult compliance professionals for regulatory requirements

---

Local Audit Logs

What Audit Logs Contain

Secure Redact stores local logs showing:

• Texts Scanned — Number of redaction operations performed
• Characters Processed — Total text volume redacted
• Sensitive Signatures Found — Count of detected data instances
• Signature Types — Breakdown by category (identity, credentials, financial, system)
• Policy Usage — Which redaction policies were used
• Processing Time — Average time per operation
• Success Rate — Percentage of successful redactions

Where Logs Are Stored

• Device Only — All logs are stored locally on your device
• Never Sent to Servers — Klexaro Labs never receives audit log data
• Deleted on App Removal — Logs are deleted when you uninstall the app

Accessing Logs

Tap Audit & Analytics to view:

• Overview Tab — Summary statistics and risk distribution
• Audit Logs Tab — Detailed transaction log
• Analytics Tab — Charts and metrics over time

---

Limitations & Important Disclaimers

What Secure Redact Does NOT Guarantee

• 100% Accuracy — Signature-based detection is not foolproof
• Regulatory Compliance — Does not automatically ensure GDPR, CCPA, HIPAA, or other compliance
• Complete Coverage — May miss sensitive data in non-standard formats
• Legal Protection — Using this tool alone does not guarantee protection against data breaches or regulatory liability

Your Responsibility

You assume full responsibility for:

• Verifying all redaction results before sharing or publishing
• Ensuring sensitive data is actually removed
• Understanding the limitations of signature-based detection
• Consulting legal and compliance professionals for regulatory guidance
• Implementing additional security controls (encryption, access controls, etc.)

When NOT to Rely on Secure Redact Alone

• Regulated data (HIPAA, PCI DSS, etc.) — Consult compliance professionals
• Large-scale data protection — Combine with encryption and access controls
• Critical infrastructure — Use in conjunction with additional security tools
• Unknown data formats — Manually verify output before sharing

---

Frequently Asked Questions

Is my data secure on Secure Redact?
Yes. All processing happens on your device. Nothing is sent to our servers. Your text never leaves your device.

Does Secure Redact detect all sensitive data?
No. It uses signature-based pattern matching, which is not 100% accurate. Always manually verify redaction results before sharing sensitive documents.

Can I use this to meet GDPR/CCPA compliance?
Not alone. Secure Redact is a technical control only. Regulatory compliance requires data governance, encryption, access controls, and professional legal guidance. Consult a compliance expert.

What if Secure Redact misses something?
Manually review all output. If critical data is missed, redact it yourself. Consider combining Secure Redact with other security tools.

Can I add my own detection patterns?
On Pro plan, yes. You can add custom threat feeds.

What happens to my logs if I delete the app?
All local logs are deleted automatically when you uninstall.

Can I export redacted documents?
Yes. Simply copy to clipboard.

Does Secure Redact work offline?
Yes — all redactions happen 100% offline on your device. No internet connection required for redacting text. An internet connection is only needed if you choose to fetch custom threat feeds (BYOF).

Can I use custom threat feeds?
Yes. Add any HTTP feed serving JSON, CSV, or plaintext data. You are responsible for feed accuracy and legality.

Is there a free trial?
Yes. On iOS and macOS, download and try free for 7 days with full Pro access. On Windows, a free trial is available directly from the Microsoft Store.

What payment methods do you accept?
Apple In-App Purchases and RevenueCat for iOS/macOS. Microsoft Store for Windows. We don't store payment info directly.

Does my Pro license work on both Windows and Apple devices?
No. Pro licenses are platform-specific — your Apple license works on iOS/macOS and your Windows license works on Windows. This is by design to guarantee 100% offline privacy, as we do not require user accounts.

---

Subscription Plans

Secure Redact uses a Freemium model:

Free Plan

Permanent, always-free access to:

• Credentials detection (API keys, JWTs, session IDs, passwords, connection strings, private keys)
• Identity detection (emails, phone numbers, SSNs, device IDs, contextual IDs, GPS coordinates)
• Unlimited redaction operations
• Basic audit logs

Pro Plan — iOS & macOS

Monthly or annual subscription via Apple In-App Purchases:

• Everything in Free, plus:
• All 4 redaction policies (Secrets, Balanced, Standard, Enhanced)
• Financial data detection (credit cards, IBANs, SWIFT codes, crypto addresses)
• System identifier detection (IPs, MAC addresses, UUIDs, URLs, file paths, VINs)
• Custom threat feeds (BYOF)
• Detailed audit logs with analytics
• Custom redaction patterns
• Priority support
• 7-day free trial included

Pro Plan — Windows

Available from the Microsoft Store — includes a free trial:

• Everything in Free, plus:
• All 4 redaction policies (Secrets, Balanced, Standard, Enhanced)
• Financial data detection (credit cards, IBANs, SWIFT codes, crypto addresses)
• System identifier detection (IPs, MAC addresses, UUIDs, URLs, file paths, VINs)
• Custom threat feeds (BYOF)
• Detailed audit logs with analytics
• Custom redaction patterns
• Priority support

Note: Pro licenses are platform-specific and do not sync between Windows and Apple devices. This is by design — Secure Redact requires no user accounts to guarantee 100% offline privacy.

---

Troubleshooting

Feed Not Updating

• Check internet connection (feeds need HTTP access)
• Verify feed URL is correct and accessible
• Try Refresh manually in Threat Feeds
• Check feed format (JSON, CSV, or plaintext supported)

Text Not Redacting

• Ensure you selected a policy before tapping Redact
• Check that the policy includes the data type you're trying to redact
• Verify data matches known signature patterns
• Manually review — the tool may need manual confirmation

Audit Logs Not Appearing

• Perform a redaction operation (logs appear after you copy redacted text)
• Check that logs haven't been manually cleared
• Restart the app and try again

Windows License Not Activating

• Ensure you are signed in to the Microsoft Store with the account used to purchase
• Try the Verify License option in the upgrade dialog
• If the issue persists, it is likely a Microsoft Store issue — contact Microsoft Support at https://support.microsoft.com/

---

Contact Support

Questions or issues? We're here to help.

Email: support@klexarolabs.com

Mailing Address: Klexaro Labs Pte. Ltd. Singapore UEN: 202543042C

Website: https://www.klexaroredact.com/

---

Legal & Compliance

• Privacy Policy — https://www.klexaroredact.com/privacy
• Terms & Conditions — https://www.klexaroredact.com/terms
• Data Processing — All data stays on your device. See Privacy Policy for details.

---

© 2026 Klexaro Labs Pte. Ltd. All rights reserved.