GDPR & HIPAA Document Redaction GDPR 和 HIPAA 文档脱敏
Zero data transfer = zero compliance risk. Redact PII from documents entirely on your device. 零数据传输 = 零合规风险。完全在设备上脱敏文档中的个人信息。
Regulations That Require Document Redaction
要求文档脱敏的法规
EU General Data Protection Regulation
欧盟通用数据保护条例
Article 5(1)(c): Data minimization — collect only what's necessary. Article 25: Data protection by design. Article 28: Data processors must have a DPA. DocMask eliminates the processor relationship entirely — data never leaves your device.
第 5(1)(c) 条:数据最小化 — 仅收集必要数据。第 25 条:隐私保护设计。第 28 条:数据处理者必须签署 DPA。DocMask 完全消除了处理者关系 — 数据从不离开您的设备。
US Health Insurance Portability & Accountability Act
美国健康保险流通与责任法案
Safe Harbor: Remove 18 identifier types to de-identify PHI. BAA requirement: Any service that touches PHI needs a Business Associate Agreement. DocMask processes locally — no BAA needed with us. No PHI ever leaves the device.
安全港:移除 18 种标识符类型以去标识化 PHI。BAA 要求:接触 PHI 的任何服务都需要商业伙伴协议。DocMask 在本地处理 — 无需与我们签署 BAA。PHI 从不离开设备。
California Consumer Privacy Act
加州消费者隐私法案
Right to deletion: Consumers can request PII removal. Data minimization (CPRA): Collect and retain only necessary data. DocMask helps you strip PII before documents enter your data pipeline — preventing collection in the first place.
删除权:消费者可以要求删除个人信息。数据最小化(CPRA):仅收集和保留必要数据。DocMask 帮助您在文档进入数据管道前剥离个人信息 — 从源头防止收集。
Why "Local-First" Is the Compliance Shortcut
为什么"本地优先"是合规捷径
The simplest way to comply with data protection regulations is to not transfer data at all. When you use an online PDF tool, your document travels to their server — creating a data transfer governed by GDPR Article 28, requiring SCCs for cross-border transfers, and potentially triggering HIPAA BAA requirements. DocMask eliminates all of this: zero HTTP requests, zero data transfer, zero third-party processing.
遵守数据保护法规最简单的方式是根本不传输数据。当您使用在线 PDF 工具时,文档会传输到其服务器 — 产生受 GDPR 第 28 条约束的数据传输,跨境传输需要 SCC,并可能触发 HIPAA BAA 要求。DocMask 消除了所有这些:零 HTTP 请求、零数据传输、零第三方处理。
DocMask vs Online Tools: Compliance Comparison
DocMask 与在线工具:合规对比
| Requirement | 要求 | DocMask | Online PDF Tools | 在线 PDF 工具 |
|---|---|---|---|---|
| Data stays on device | 数据留在设备上 | Yes | No | |
| No DPA / BAA required | 无需 DPA / BAA | Yes | No | |
| No cross-border transfer (SCCs) | 无跨境传输 (SCC) | Yes | No | |
| Verifiable (DevTools audit) | 可验证(DevTools 审计) | Yes | Partial | 部分 |
| Works air-gapped / offline | 支持断网/离线工作 | Yes | No | |
| Encryption at rest | 静态加密 | AES-256-GCM | Varies | 不一定 |
Industry Use Cases
行业应用场景
Healthcare (HIPAA)
医疗保健 (HIPAA)
De-identify patient records before sharing with external consultants, research collaborators, or AI-assisted diagnostic tools. DocMask detects the 18 HIPAA Safe Harbor identifiers: names, dates, phone/fax numbers, emails, SSNs, medical record numbers, and more.
在与外部顾问、研究合作者或 AI 辅助诊断工具共享前,对患者记录进行去标识化。DocMask 检测 18 种 HIPAA 安全港标识符:姓名、日期、电话/传真号码、邮箱、SSN、医疗记录号等。
Legal (GDPR / Client Confidentiality)
法律 (GDPR / 客户保密)
Redact client names and case details before using AI for contract review, legal research, or document summarization. Attorney-client privilege requires that confidential information doesn't reach third-party servers.
在使用 AI 进行合同审查、法律研究或文档摘要前,脱敏客户姓名和案件详情。律师-客户特权要求机密信息不能传输到第三方服务器。
Finance (CCPA / SOX / PCI-DSS)
金融 (CCPA / SOX / PCI-DSS)
Strip customer PII from financial reports, audit documents, and transaction records before external review or AI analysis. Data minimization is a core principle across financial regulations.
在外部审查或 AI 分析前,从财务报告、审计文档和交易记录中剥离客户个人信息。数据最小化是各项金融法规的核心原则。
Human Resources (GDPR Article 88)
人力资源 (GDPR 第 88 条)
Anonymize employee records, performance reviews, and compensation data before benchmarking with AI tools or sharing with management consultants.
在使用 AI 工具进行基准测试或与管理顾问共享前,匿名化员工记录、绩效评估和薪酬数据。
Frequently Asked Questions
常见问题
Is DocMask GDPR compliant? DocMask 符合 GDPR 吗?
DocMask processes documents entirely on your local device. No personal data is transmitted, stored on external servers, or shared with third parties. Because data never leaves your machine, there is no "data processing" under GDPR Article 28 — eliminating the need for a Data Processing Agreement with DocMask.
DocMask 完全在本地设备上处理文档。个人数据不会被传输、存储在外部服务器上或与第三方共享。由于数据从不离开您的设备,GDPR 第 28 条下不存在"数据处理" — 无需与 DocMask 签署数据处理协议。
Can DocMask help with HIPAA compliance? DocMask 能帮助 HIPAA 合规吗?
Yes. DocMask runs 100% locally with zero network traffic, which means Protected Health Information (PHI) never leaves the device. This eliminates the need for a Business Associate Agreement (BAA) with DocMask. Healthcare organizations can use DocMask to de-identify patient records before sharing with external consultants or AI tools.
可以。DocMask 100% 在本地运行,零网络流量,这意味着受保护健康信息 (PHI) 从不离开设备。这消除了与 DocMask 签署商业伙伴协议 (BAA) 的需要。医疗机构可以使用 DocMask 在与外部顾问或 AI 工具共享前对患者记录进行去标识化。
What personal data can DocMask detect? DocMask 能检测哪些个人数据?
DocMask detects names, email addresses, phone numbers, physical addresses, dates of birth, social security numbers, financial account numbers, and other PII patterns. It works across PDF (.pdf), Word (.docx, .doc), and Excel (.xlsx, .xls) files.
DocMask 检测姓名、邮箱地址、电话号码、实际地址、出生日期、社会安全号码、金融账号和其他个人信息模式。支持 PDF (.pdf)、Word (.docx、.doc) 和 Excel (.xlsx、.xls) 文件。
How is DocMask different from online redaction tools for compliance? DocMask 与在线脱敏工具在合规方面有何不同?
Online tools upload your file to their servers — creating a data transfer governed by GDPR Article 28, requiring SCCs for cross-border transfers, and potentially triggering HIPAA BAA requirements. DocMask never uploads anything. Zero outbound HTTP requests, verifiable via DevTools → Network.
在线工具将文件上传到其服务器 — 产生受 GDPR 第 28 条约束的数据传输,跨境传输需要 SCC,并可能触发 HIPAA BAA 要求。DocMask 从不上传任何内容。零出站 HTTP 请求,可通过 DevTools → Network 验证。