GDPR & HIPAA Document Redaction GDPR 和 HIPAA 文档脱敏
Reduce data-transfer risk by redacting supported PII patterns locally before AI or external review. 在 AI 或外部审阅前,本地脱敏受支持的 PII 模式,降低数据传输风险。
Regulations That Require Document Redaction
要求文档脱敏的法规
EU General Data Protection Regulation
欧盟通用数据保护条例
Article 5(1)(c): Data minimization — collect only what's necessary. Article 25: Data protection by design. Article 28: Data processors must be assessed. DocMask helps you remove sensitive values before sharing because the redaction workflow runs locally.
第 5(1)(c) 条:数据最小化 — 仅处理必要数据。第 25 条:隐私保护设计。第 28 条:数据处理者需被评估。DocMask 的脱敏流程在本地运行,帮助你在共享前先移除敏感值。
US Health Insurance Portability & Accountability Act
美国健康保险流通与责任法案
Safe Harbor: De-identification requires careful removal of identifier types. BAA requirement: services that receive PHI must be assessed. DocMask does not receive your documents during redaction; use custom keywords and review to fit your HIPAA workflow.
安全港:去标识化需要谨慎移除多类标识符。BAA 要求:接收 PHI 的服务需被评估。DocMask 脱敏时不接收你的文档;请结合自定义关键词和人工复核匹配 HIPAA 流程。
California Consumer Privacy Act
加州消费者隐私法案
Right to deletion: Consumers can request PII removal. Data minimization (CPRA): Collect and retain only necessary data. DocMask helps you strip PII before documents enter your data pipeline — preventing collection in the first place.
删除权:消费者可以要求删除个人信息。数据最小化(CPRA):仅收集和保留必要数据。DocMask 帮助您在文档进入数据管道前剥离个人信息 — 从源头防止收集。
Why "Local-First" Is the Compliance Shortcut
为什么"本地优先"是合规捷径
The cleanest way to reduce third-party processing risk is to redact before transfer. When you use an online PDF tool, your document travels to a server and must be evaluated as a data transfer. DocMask keeps the redaction workflow local: document content and mapping tables are not uploaded to DocMask.
降低第三方处理风险最干净的方式,是传输前先脱敏。使用在线 PDF 工具时,文档会到达服务器,需要按数据传输进行评估。DocMask 把脱敏流程留在本地:文档内容和映射表不会上传到 DocMask。
DocMask vs Online Tools: Compliance Comparison
DocMask 与在线工具:合规对比
| Requirement | 要求 | DocMask | Online PDF Tools | 在线 PDF 工具 |
|---|---|---|---|---|
| Data stays on device | 数据留在设备上 | Yes | No | |
| Vendor receives the document | 供应商接收文档 | No | Yes | |
| No cross-border transfer (SCCs) | 无跨境传输 (SCC) | Yes | No | |
| Verifiable (DevTools audit) | 可验证(DevTools 审计) | Yes | Partial | 部分 |
| Works air-gapped / offline | 支持断网/离线工作 | Yes | No | |
| Encryption at rest | 静态加密 | AES-256-GCM | Varies | 不一定 |
Industry Use Cases
行业应用场景
Healthcare (HIPAA)
医疗保健 (HIPAA)
Minimize patient-record exposure before sharing with external consultants, research collaborators, or AI-assisted tools. DocMask catches many structured identifiers out of the box (emails, phones, SSNs, account numbers, custom keywords) and lets you add domain-specific terms such as patient IDs or study codes before manual review.
在与外部顾问、研究合作者或 AI 工具共享前,降低患者记录暴露面。DocMask 开箱识别多类结构化标识符(邮箱、电话、SSN、账号、自定义关键词等),也可加入患者编号、研究代码等领域词汇后再人工复核。
Legal (GDPR / Client Confidentiality)
法律 (GDPR / 客户保密)
Redact client names and case details before using AI for contract review, legal research, or document summarization. Attorney-client privilege requires that confidential information doesn't reach third-party servers.
在使用 AI 进行合同审查、法律研究或文档摘要前,脱敏客户姓名和案件详情。律师-客户特权要求机密信息不能传输到第三方服务器。
Finance (CCPA / SOX / PCI-DSS)
金融 (CCPA / SOX / PCI-DSS)
Strip customer PII from financial reports, audit documents, and transaction records before external review or AI analysis. Data minimization is a core principle across financial regulations.
在外部审查或 AI 分析前,从财务报告、审计文档和交易记录中剥离客户个人信息。数据最小化是各项金融法规的核心原则。
Human Resources (GDPR Article 88)
人力资源 (GDPR 第 88 条)
Pseudonymize employee records, performance reviews, and compensation data before benchmarking with AI tools or sharing with management consultants.
在使用 AI 工具进行基准测试或与管理顾问共享前,对员工记录、绩效评估和薪酬数据做假名化处理。
Frequently Asked Questions
常见问题
Can DocMask support GDPR data minimization? DocMask 符合 GDPR 吗?
DocMask processes redaction on your local device and does not receive your document content or mapping table. That can support data minimization before external review or AI use. GDPR compliance still depends on your full process, legal basis, retention policy and review controls; this page is not legal advice.
DocMask 在本地设备上执行脱敏,不接收你的文档内容或映射表。这有助于在外部审阅或 AI 使用前实现数据最小化。GDPR 合规仍取决于你的完整流程、法律基础、留存政策和复核控制;本页不构成法律意见。
Can DocMask help with HIPAA compliance? DocMask 能帮助 HIPAA 合规吗?
It can help by replacing supported identifiers locally before documents are shared. It does not automatically guarantee HIPAA Safe Harbor de-identification; healthcare users should add custom keywords, review every finding and follow their organization's compliance process.
它可以在文档共享前本地替换受支持的标识符,从而降低暴露面。但它不会自动保证 HIPAA Safe Harbor 去标识化;医疗用户应添加自定义关键词、逐项复核,并遵循机构自身的合规流程。
What personal data can DocMask detect? DocMask 能检测哪些个人数据?
Built-in rules cover emails, phone numbers, Chinese ID/mobile/bank-card/landline/USCC patterns, US SSN/EIN/phone, EU IBAN, Luhn-checked credit cards, IPv4 addresses, Chinese administrative locations and user-supplied keywords. It works across PDF (.pdf), Word (.docx, .doc), and Excel (.xlsx, .xls) files.
内置规则覆盖邮箱、电话号码、中国身份证/手机号/银行卡/固话/统一社会信用代码、美国 SSN/EIN/电话、欧盟 IBAN、Luhn 校验信用卡、IPv4 地址、中国行政区划和用户自定义关键词。支持 PDF (.pdf)、Word (.docx、.doc) 和 Excel (.xlsx、.xls) 文件。
How is DocMask different from online redaction tools for compliance? DocMask 与在线脱敏工具在合规方面有何不同?
Online tools upload your file to their servers, creating a third-party processing relationship to evaluate. DocMask's desktop redaction workflow keeps document content local, so DocMask does not receive the data you are redacting. You should still evaluate your wider workflow and legal obligations.
在线工具会把文件上传到其服务器,形成需要评估的第三方处理关系。DocMask 的桌面脱敏流程让文档内容留在本地,因此 DocMask 不接收你正在脱敏的数据。你仍应评估完整流程和法律义务。