Back to homepage

Stript as a technical and organizational measure (Art. 32 GDPR)

The document for your internal sign-off. Introducing Stript in a firm, practice, or company means answering two sets of questions: your data protection officer’s and your IT or vendor assessment’s. This page answers both. You are welcome to adapt the text for internal use.

Note: This document is factual information about Stript’s architecture and a drafting aid. It is not legal advice. The data protection assessment of your specific case remains yours and your DPO’s.

The core statement in one paragraph

Stript is a local desktop application that detects personal data in documents and replaces it with placeholders before a text is given to an external AI tool. All document processing (analysis, anonymization, restoration) happens exclusively on the user’s device. Document content is never transmitted to the vendor or to any third party. Using Stript is therefore data minimization at the source: what leaves the device toward an AI service no longer contains real names.

Where this sits under the GDPR

Why no data processing agreement is needed for document processing

A data processing agreement under Art. 28 GDPR is required when a third party processes personal data on your behalf. With Stript, no such processing by the vendor takes place: the application runs entirely locally, like a word processor, and document content never reaches the vendor’s servers. Where no processing by a third party occurs, no processor relationship arises. This distinguishes Stript from cloud-based anonymization services (including those hosted in Germany), where the document is uploaded for processing and a DPA is therefore required.

For the few peripheral processes that have nothing to do with document content (website, purchase and licensing, optional crash reports), the vendor’s Privacy Policy applies.

Vendor-assessment answer sheet

The typical questions of a vendor or tool assessment, with the answers that apply to Stript:

Assessment questionAnswer for Stript
Where are documents processed?Exclusively on the user’s device. No upload, no cloud processing.
Where are documents stored?Locally on the device, encrypted (AES-256-GCM); keys in the operating system keychain. Deletable by the user at any time.
Which subprocessors have access to document content?None. Document content does not leave the device.
Is a DPA under Art. 28 GDPR required?Not for document processing, since no processing by the vendor takes place (see above).
Is document content transferred to third countries?No.
Which network connections does the application make?Exhaustively: a one-time download of the AI models during setup, license validation (at most every 30 days, without document data), an update check on launch, an update download only at the user’s initiative, and optional crash reports that are off by default and contain no document content. Details in the Privacy Policy, Section 2.6.
Can this be verified?Yes. After the model download Stript works fully offline; network activity can be inspected with built-in tools or Little Snitch/Wireshark. Walkthrough: How to verify our claims.
Is there telemetry or usage data?No. No usage telemetry, no content telemetry. Crash reports only after explicit opt-in, without content and without identifiers.
How is accountability supported?The application keeps a tamper-evident processing log (hash chain) containing no content data; mapping tables can be exported and demonstrably destroyed (destruction certificate).
What is the human’s role?Every detection is reviewed and confirmed by the user before anonymization; the application never decides alone.

Suggested wording for your records of processing / TOM list

“Before external AI services are used, documents are processed with anonymization software running locally on the device. Personal data is detected, reviewed by the operator, and replaced with consistent placeholders; only the cleaned text is passed to the AI service. The mapping table remains encrypted (AES-256-GCM) on the device and is not transmitted to third parties. The software transmits no document content to its vendor (local processing, verifiably able to run offline).”

Limits you should know

Honesty is part of a defensible TOM description:

As of July 2026. This document is maintained; the current version lives at this address.