Privacy-first · Local only · No cloud calls

Local Financial Redactor

A desktop tool for redacting PII from financial documents — built for teams that handle sensitive data but cannot afford to send it to the cloud.

View on GitHubDiscuss a privacy-first workflow

Why we built it

The problem with cloud AI and financial data

Financial documents are full of PII: names, SINs or SSNs, account numbers, credit card details, and dates of birth. Modern AI tools can help analyze that data, but most require uploading documents to third-party servers.

If you are a small accounting firm, freelance CFO, or finance team, you may handle client documents that legally and ethically cannot leave your control. The thesis is simple: strip the PII first, locally, then hand only the sanitized data to an LLM.

Zero data egress

All processing runs on the user’s machine. Nothing is sent anywhere.

Multi-format support

PDF, DOCX, XLSX, CSV, and TXT files are handled through one pipeline.

Built for small teams

Packaged as a Windows installer so firms can share one .exe internally.

Clean AI-ready exports

Redacted JSON, CSV, and Markdown outputs are safe to paste into AI tools.

How it works

A five-stage redaction pipeline

Every document passes through layered controls. Regex catches deterministic patterns, NLP catches contextual entities, and an optional local LLM pass reviews anything subtle before export.

1

Extraction

Text is pulled from the file using format-specific parsers. PDFs use PyMuPDF, spreadsheets use openpyxl, and Word docs use python-docx.

PyMuPDFopenpyxlpython-docx
2

Regex redaction

Deterministic patterns catch high-confidence PII: SSNs/SINs, credit cards, phone numbers, and email addresses.

SSN / SINCredit cardsPhone numbersEmails
3

NLP entity recognition

spaCy and Microsoft Presidio identify names, organizations, and locations that regex cannot reliably catch on context alone.

spaCyPresidioPERSON · ORG · GPE
4

LLM pass (optional)

If Ollama is running locally, an open-source model reviews the redacted text for contextual misses without leaving the machine.

OllamaLlama 3.1QwenMistral
5

Validation and export gate

The sanitized document is scored LOW / MEDIUM / HIGH for residual PII risk. HIGH blocks export; MEDIUM requires explicit approval.

Risk scoringExport gateAudit ledger

Under the hood

Architecture: Electron + PyInstaller

The Python backend is bundled by PyInstaller into a self-contained executable. Electron wraps it in a native window, spawns the backend as a hidden subprocess, waits until it is ready, then displays the interface in a chromeless browser window.

Electron shell

Chromium window with no browser chrome. Spawns and kills the Python backend automatically.

PyInstaller bundle

Python 3.11, spaCy, Presidio, and Streamlit are bundled. No Python install required.

NSIS installer

A standard Windows setup wizard. One .exe can be shared with the team.

Open source on GitHub

MIT licensed · Windows · Python 3.11 · Electron 31

nickhilster/local-financial-redactor