Data redaction is the process of removing or masking sensitive information from data streams, images, or documents. When designing your security architecture, you must choose between client-side (local browser) and server-side (cloud-based) parsing models.
Client-Side (Local) Redaction
In a client-side redaction model, data is processed locally inside the user's browser (e.g., using WebAssembly OCR engines like Tesseract.js). The raw, unredacted file is never transmitted to the cloud. Only the redacted, blacked-out file is generated and saved.
- Pros: Zero trust compliance. No risk of data interception during transit, and zero server storage overhead. Safe for highly regulated fields like healthcare and legal databases.
- Cons: Relies on the client device's CPU, which can slow down processing on older mobile phones.
Server-Side (API) Redaction
In a server-side model, raw files are sent via API to a cloud backend, where server scripts run classifiers to locate and redact sensitive properties before returning the masked payload.
- Pros: Faster processing speeds for heavy files and central rule updates.
- Cons: Increases transit vulnerability and server security liabilities.