DocuPipe Logo

DOCUPIPE

    Solutions

    Resources

    Pricing

DocuPipe Redaction

Automated redaction, deployedon your terms

Pixel-perfect redaction that runs where your documents must stay - in our SOC 2 certified cloud, in your own cloud account, or on machines you own, air gap included.

DocuPipe cloud

Your cloud account

Your own hardware

Talk to sales

SOC 2 · ISO 27001 · HIPAA · BAA available

Policy in plain language

Redact by policy, not by keyword.

Real redaction policies are more precise than "find all names." One role may be protected while another stays public; one number may be sensitive while another is just a reference. DocuPipe takes the policy the way you'd say it out loud, reads the context on the page, and applies one set of rules to every document in the queue.

"Redact customer names. Keep staff names."

"Redact private people. Keep public officials."

"Redact account numbers. Keep invoice numbers."

Role-aware detection

The same name can be protected in one role and public in another. Detection reads who each name belongs to - patient or provider, witness or officer - and redacts by role, not by string.

Lookalikes, told apart

A nine-digit number might be an SSN, a phone number, or an account number. Detection reads the label and the sentence around it, so the right numbers go black and the rest stay legible.

Handwriting included

Margin notes, signatures, handwritten intake forms - the OCR layer reads handwriting, so a scrawled phone number gets the same treatment as a typed one.

The review room

Fully automated. Human reviewable.

Anyone who has redacted by hand knows the feeling: the file is out the door, and you're still wondering whether you caught every instance. DocuPipe does the reading at scale - and your reviewers step in exactly as much as the release demands. Approve every box on a court filing, spot-check a trusted feed, or let clean documents flow straight through. The demo above is the real review room - approve a box, reject one, draw your own.

claim-file-0042.pdf

12 proposed · 1 added · 1 rejected

added by reviewer

Proposed redactions

541-72-6688

SSN

Margaret A. Whitfield

Name

(503) 555-0142

Phone

handwritten note, p.2

Added by reviewer

Drag on the page to add your own.

Approve or reject every box

Each proposal carries its category, confidence, and the original text. Clear a page item by item, or approve it all at once.

Add your own

Drag across anything detection didn't flag. Boxes snap to the words underneath, so hand-drawn redactions come out as clean as proposed ones.

Prompt it to do better

Rules are plain sentences: "redact patient names, keep the treating physician's." Adjust the instructions and re-run until the proposals match your policy.

One policy for the whole queue

Categories and instructions apply across every document in a workflow - the same rules govern file one and file ten thousand.

Preview the release copy

Flip every box to solid black and see exactly what leaves the building - before it does.

Nothing under the box

The download is a newly built, image-only PDF. Black is painted into the page pixels, the text layer is stripped, and hidden document internals never make it into the release copy. Nothing under a box can be copied, searched, or scraped back out - and the original file never changes.

Deployment

Runs wherever your documents reside

The documents being redacted are, by definition, the most sensitive ones your organization holds. For many hospital systems, insurers, and public agencies the data-handling rule is simple: it does not cross our boundary. DocuPipe is the redaction platform built for that rule - pick the boundary, and the whole pipeline moves inside it.

Start today

DocuPipe cloud

No procurement cycle. SOC 2 and ISO 27001 certified, HIPAA compliant, BAAs on paid plans, data residency options in the US, Europe, Canada, or Australia - and documents are never used to train models.

Full containment

Your cloud account

The entire platform - API, OCR engine, models, workers, storage - installs into an AWS, Azure, or GCP account you own. Install is a single command, and it ends with a live end-to-end test. Nothing phones home.

No cloud at all

Your own hardware

The same stack runs on machines you own - a server room, a rack in your data center, an air-gapped network with no internet path. If your machines can run containers, they can run DocuPipe.

Same product in all three - the review screen in the demo above is exactly what your team gets inside your boundary, from a SOC 2 and ISO 27001 certified vendor.

Talk to sales about private deploymentRead the security overview →

Beyond one file

Runs at any scale

API-first

Generate, review, and download redactions programmatically - wire it into the systems your records already move through.

Built for volume

Redaction is one capability of a document pipeline that classifies, splits, and extracts at scale - point it at the queue, not the file.

Rules in plain language

"Redact everyone's SSN except the primary applicant's." No regex, no templates, no per-form setup - the rule you can say is the rule it applies.

Multilingual, right to left included

Detection follows the language on the page, including right-to-left scripts - and the review room renders them correctly.

Three calls, start to finish

POST /document

upload the file

POST /document/{id}/redactions

{"guidelines": "also redact vehicle plate numbers"}

GET /redaction/{id}/download

the burned-in, flattened PDF

The same three calls in every deployment - our cloud, your cloud, or your rack.

Redact for all purposes

Teams with a mandate, not a one-off

The same categories and review flow, tuned to the release your team is on the hook for.

HIM / release of information

Producing records means telling the protected patient apart from the treating physician on the same page - plus other patients, family members, MRNs, DOBs, and member IDs in the margins.

FOIA and public records

Personal-privacy withholdings on responsive records: requester-adjacent names, home addresses, personal phone numbers, and identifiers - before anything hits the reading room.

DSAR and privacy teams

Producing one person's data means removing everyone else's. Third-party names and contact details are the default categories for a subject-access response.

Claims teams

Claim files shared with outside counsel, reinsurers, or vendors carry other claimants' details. Redact them by category before the file leaves the team.

Litigation and discovery

Produce responsive documents with personal identifiers removed - and a burned-in file you can stand behind, not a cosmetic box.

Before you bring this to security review

FAQ

Can it tell a protected name from a public one?

Yes. Policies are role-aware: redact the patient's name but keep the treating physician's, redact junior staff but not the agency head. Detection reads who each name belongs to on the page and applies the rule you wrote - the same rule, across the entire queue.

Is the text really removed, or just covered?

Removed. The redacted download is flattened - the masked regions are rendered out of the page image itself and the text layer is stripped, so nothing can be copied, searched, or scraped out from underneath.

Can it run with no internet connection at all?

Yes. Private deployments run entirely inside your network: your machines, your storage, no outbound calls. That includes air-gapped environments that never touch the public internet.

Does it work on scans, faxes, and photos?

Yes. Documents run through our OCR layer first, so detection lands on the exact word positions even in scanned files - the boxes sit on the pixels, not on a guess.

Does it read handwriting?

Yes. The OCR layer reads handwriting, so handwritten names, numbers, and margin notes are detected, reviewable, and burned exactly like typed text.

What does automated detection miss?

Anything automated can miss things. That is what the review room is for: approve every box when the release is high-stakes, spot-check when a flow has earned trust. Your reviewer makes the release call with the original text in front of them.

Can reviewers change what the AI proposed?

Yes. Approve or reject each box, add word-snapped boxes of your own by dragging on the page, and steer detection itself with plain-language instructions. Policies apply across the whole queue, not per file.

Does the original file change?

Never. The burned release copy is a separate, newly built file - the original stays untouched in storage.

How is it priced?

On usage, not per seat - your whole records team works in one workspace without per-user fees. Cloud plans are self-serve. Private deployments - your cloud account or your own hardware - are annual enterprise agreements; talk to sales and we'll scope it with you.

Do you sign BAAs? Where is the security documentation?

Yes - BAAs are executed on paid plans, and early in evaluation for serious prospects. SOC 2 and ISO 27001 reports are self-serve at trust.docupipe.ai.

Is there an audit trail?

Every processing action is logged as a job: what ran, when, on which document, and with what result. Your release history is reconstructable, not anecdotal.

Which languages does detection support?

Detection follows the language of the document, including right-to-left scripts. English and Hebrew carry the deepest policy tuning today - if your queue runs in another language, bring sample files to the evaluation and we'll run them live.

See it on your documents, in your environment

Tell us what you release, at what volume, and where it's allowed to run. We'll show you the same product you just tried - deployed your way.

Talk to sales

Prefer to keep exploring? The free redactor stays free.