anonym.legal

By · Last updated 2026-04-07

Home/Desktop Docs/Protection & Privacy

Security & Privacy

How the Desktop App protects your data — vault encryption, data flow, storage policy, and recovery phrase.

Vault EncryptionData FlowWhat We StoreRecovery Phrase

Vault Encryption

Your vault is an encrypted container for all app secrets: encryption keys, presets, and user data. It uses military-grade cryptography.

Encryption Standards

  • AES-256-GCM

    All vault data is encrypted with 256-bit AES in Galois/Counter Mode.

  • Argon2id

    Your PIN is used to derive the vault key via Argon2id (memory-hard KDF).

  • BIP39 Recovery Phrase

    24-word mnemonic phrase for vault recovery. Backed by entropy from a CSPRNG.

  • Memory Zeroization

    Encryption keys are zeroed from memory immediately after use.

Access Control

  • 1

    PIN Unlock

    6-digit PIN for quick access. Derived via Argon2id, never stored in plain text.

  • 2

    Recovery Phrase

    24-word BIP39 phrase that can decrypt the vault if you forget your PIN.

  • 3

    Auto-Lock

    Vault automatically locks after inactivity or when the app is closed.

Data Flow

Understand exactly what leaves your device and what stays local.

File OpenedLocal only

Your file is opened locally. Binary content (images, formatting) stays on your device.

Text ExtractedLocal only

Text content is extracted locally from PDF, DOCX, XLSX, or other formats.

Text Sent for AnalysisText only

Only the plain text is sent over TLS 1.3 to our EU servers for PII analysis.

PII Detected & AnonymizedServer processing

Our Presidio-based engine detects PII and applies your chosen anonymization method.

Anonymized Text ReturnedLocal only

The anonymized text is returned to the app. Your original file is never uploaded.

Document ReconstructedLocal only

The app reconstructs the output file with anonymized text, preserving formatting.

Your original file content is never uploaded. Only extracted plain text is processed server-side.

What We Store

We NEVER store

  • Document content

    Neither the original nor anonymized text is stored on our servers.

  • Your files

    Files are processed in memory and immediately discarded after anonymization.

  • Encryption key values

    Encryption keys are zero-knowledge — wrapped with your KEK and unreadable to us.

  • Your vault PIN or phrase

    Vault credentials are derived locally and never transmitted.

We DO store

  • Account metadata

    Your email, plan, and account preferences — needed to run your account.

  • Preset configurations

    Preset names, entity lists, and settings — so they sync across devices.

  • Encryption key metadata

    Key names and encrypted key blobs (KEK-wrapped) for sync. We cannot decrypt them.

Recovery Phrase

Critical: Your recovery phrase cannot be recovered

If you lose your 24-word recovery phrase AND forget your PIN, your vault and all its contents are permanently lost. We have no backdoor.

Best Practices

  • Write it on paper — not in a digital file
  • Store it in a safe or locked drawer
  • Make 2 copies and keep them in different locations
  • Test recovery in a fresh install before relying on it

Never Do This

  • Store the phrase in the same app it protects
  • Take a photo of it (syncs to cloud)
  • Email it to yourself
  • Share it with anyone, including anonym.legal support

Reset Vault

If you no longer have access to your PIN or recovery phrase, you can reset the vault. This is irreversible.

Warning: Resetting the vault deletes all locally stored encryption keys, presets, and history. Your account and server-side data are unaffected.

Continue Reading

Features & Workflow

Learn about presets, encryption keys, and the full workflow.

Troubleshooting & FAQ

Find solutions to common issues and error messages.

About this page

We update this page when our platform or the law changes.

Read our founder note for how we work.

Each change shows up in the timestamp at the top.

Related reading

We follow these rules

  • GDPR (EU 2016/679).
  • ISO/IEC 27001:2022.
  • NIS2 (EU 2022/2555).
  • HIPAA safe harbor under 45 CFR § 164.514(b)(2).

Our promise

We do not sell your data.

We do not train models on your text.

We store your files in Germany.

You can delete your account at any time.

You own your work.

Where we run

Our servers live in Falkenstein, Germany.

We use Hetzner. They hold ISO 27001 certification.

All data stays in the EU.

Backups run every day.

Need help?

Email support@anonym.legal.

We reply within one business day.

How we test

We run a full check suite on every release.

Each surface gets its own sweep script and report.

Human reviewers spot-check the output each week.

We track recall and precision on a labelled set.

Bad runs block the deploy.

What we never do

  • We never sell your information to third parties.
  • We never train models on what you upload.
  • We never keep your work after you delete it.
  • We never share keys with any outside firm.
  • We never run ads inside the product.

Plans in plain words

We sell credits, not seats.

One credit covers one short job.

Long jobs use a few credits each.

You can top up at any time.

Unused credits roll over each month.

Read the plans page for current rates.

Who built this

A small team of engineers and lawyers built this.

We ship from Europe and work in the open.

Our founder note spells out why we started.

Where to start

How the parts fit

A browser add-on cleans text inside Chrome.

A Word plug-in handles drafts in Office.

A small desktop tool works on whole folders.

An agent protocol link feeds large models safely.

All four share one core engine and one rule set.

Words from our team

We started this work after a lunch about cookies.

One friend kept getting odd ads on her phone.

We asked why a court file leaked through a draft.

We sketched the first build on a napkin that week.

By month three we had a tiny demo for a friend.

She used it on her first case the next day.

Common questions we hear

Can the tool read scanned PDFs? Yes, with OCR.

Does it work on long files? Yes, in small chunks.

Can I roll my own rule set? Yes, save it as a preset.

Does it run offline? The desktop build runs offline.

Do you keep my files? No, the cloud build wipes after each run.

Will it learn from my work? No, we never train on inputs.

A short tour of the workflow

Upload a file or paste a snippet of prose.

Pick the entities you want gone from the draft.

Choose a method: replace, mask, hash, encrypt, or redact.

Press run and watch the side panel show each hit.

Skim the result and tweak any rule that misfired.

Save the cleaned file or send it to a teammate.