Zero-Trust, Local-First
PII Redaction at the Edge.
SentryPaste is a local-first agent that intercepts sensitive data before it leaves your clipboard. No cloud scanning. No latency. No "Shadow AI" risk.
Trusted by security-forward engineering teams.
Architecture of Trust
All redaction happens inside the user's device. Only clean payloads leave the boundary.
Raw Logs (Dirty)
12026-02-14 ERROR: Login failed for user dev-lead@fintech-alpha.io.2Internal Key: sk_live_51Px992...3Ref: 192.168.1.45
SentryPaste Output (Clean)
12026-02-14 ERROR: Login failed for user [EMAIL_1].2Internal Key: [API_KEY_1]3Ref: [IP_ADDR_1]
Security Guarantee
Designed for zero-trust orgs that can't risk cloud scanning.
100% On-Device
A local enclave keeps raw clipboard data off our servers.
Sub-10ms Latency
Sensitive data is masked instantly with zero cloud round-trips.
Deterministic Tokenization
Stable placeholders preserve LLM context without exposing PII.
How it Works
The Interceptor
Watches clipboard and input surfaces before paste events fire.
The Engine
Scans for high-risk patterns and replaces them deterministically.
The Vault
Keeps mappings in local memory for safe rehydration when needed.
Join the Design Partner Program
Help shape the local-first security standard for your team.