Redacta for iPhone — Redact Patient Data Before AI

Redact patient data before AI — now on your iPhone.

Redacta is a free iOS app that replaces patient identifiers — names, NHS numbers, dates of birth — with reversible tokens before your text reaches ChatGPT or Claude. Everything runs on the device. Nothing leaves your phone.

Free · On-device · iPhone · iOS 16+ · by PharmaTools.AI
Download on the App Store About Redacta

01A look inside

Redact, scan, and reinstate — all on your iPhone

A raw clinical note pasted into Redacta, before redaction.

02What it is

The safe way to use AI on clinical text

Clinicians and medical writers already paste notes into ChatGPT and Claude — the tools are too useful not to. But that text is dense with identifiers, and once it leaves the device you've lost control of it. Redacta closes that gap: it finds the identifiers and replaces them with neutral tokens like [NHS_NUMBER_1] before the text reaches any AI, so the meaning stays intact and the patient doesn't.

It's a native iPhone app. Detection runs entirely on the device using the same engine that powers the Redacta skill, MCP server and libraries — there is no network connection, no account, and no analytics. Its App Store privacy label is, truthfully, Data Not Collected.

03How it works

Redact, use AI, then put the real values back

01

Redact

Paste a note — or photograph a letter — pick a mode, and tap Redact. Identifiers become tokens.

02

Use any AI

Copy the safe, tokenised text into ChatGPT, Claude, or anything else. The AI never sees real data.

03

Reinstate

Paste the AI's reply back into Redacta and the real values are restored — a complete, local round trip.

The token map that reverses a redaction is held in memory for the session only and is never written to disk — so the round trip works without anything being stored.

04What's inside

Built for real clinical work

Three modes — Clinical, General PII, and HIPAA Safe Harbor — with UK-grade detection: NHS numbers validated by the Modulus-11 checksum, National Insurance numbers, dates of birth, postcodes, hospital/MRN numbers, emails and phone numbers. Clinician names are preserved by design; only the patient's data is removed.

FEATURE · Share

Redact from any app

A Share Extension lets you select text in Mail, Safari or Notes and redact it without leaving the app.

FEATURE · Scan

Photograph a letter

On-device Apple Vision OCR pulls the text out of a photo, then redacts it. The image never leaves the phone.

FEATURE · Widget

One-tap clipboard

A Home-Screen widget and a Siri Shortcut redact whatever's on your clipboard, hands-free.

Tokens it produces

[PATIENT_NAME] [NHS_NUMBER] [DATE_OF_BIRTH] [POSTCODE] [HOSPITAL_NUMBER] [AGE] [PHONE_NUMBER] [EMAIL]

See it work

05Privacy

Nothing leaves your phone

Privacy isn't a setting in Redacta — it's the architecture. There is no networking code in the app at all, so there's nothing to switch off and nothing to trust: turn on Airplane Mode and it works exactly the same. No account, no sign-in, no analytics, no tracking.

The text you redact, the photos you scan, and the token map that reverses a redaction are all processed locally and never transmitted or stored. That's what lets the App Store privacy label read, truthfully, Data Not Collected — and why Redacta is a genuine fit for work bound by confidentiality and data-protection rules.

06FAQ

Frequently asked questions

Does any patient data leave my phone?

No. Redaction, text recognition and reinstating all run on the device. The app has no network connection and stores nothing — the redacted text and the token map that reverses it never leave your phone.

Is it free?

Yes. Redacta is free on the App Store — no account, no subscription, no in-app purchases.

What can it redact?

NHS numbers (Modulus-11 validated), National Insurance numbers, dates of birth, postcodes, hospital/MRN numbers, emails, phone numbers, and general PII such as addresses and cards. Clinician names are preserved by design.

How do I put the real values back?

After the AI replies, paste its response into the Reinstate tab and Redacta swaps the tokens back to the originals — using a token map held in memory only, never stored.

Does it support HIPAA de-identification?

Yes. A HIPAA Safe Harbor mode applies a stricter pass that removes all dates, specific ages, and the remaining HIPAA identifiers in addition to the standard set.

Which devices does it run on?

iPhone, on iOS 16 and later. The interactive Home-Screen widget requires iOS 17.

An honest note on limits. Redacta is a strong first line of defence, not a guarantee. It won't catch every possible identifier and isn't a substitute for formal data-protection processes. Always review the output before sharing text.

Redact patient data before it ever reaches AI

Get Redacta free on the App Store — or talk to us about pseudonymisation as an API, on-prem deployment, or a custom clinical workflow.

Download on the App Store Discuss integration