AI-Powered Redaction
SAR Portal uses artificial intelligence to automatically detect personal data (PII) in documents and help you redact it before responding to data subjects.
How AI Redaction Works
Two-Layer Detection
SAR Portal uses a dual-layer AI system for maximum accuracy:
Layer 1: Pattern Analysis
- Detects 50+ entity types
- Recognizes structural patterns
- Identifies common PII formats
- Fast initial detection
Layer 2: Contextual AI Analysis
- Contextual understanding
- Data subject identification
- Complex pattern recognition
- Nuanced entity detection
The Process
- Attach files - You attach documents through a case action (Request Info, Submit Info, or Close Case)
- Automatic detection - Redactable files are scanned automatically; both layers extract text and detect personal data
- Review Detected PII - You select which entities to redact
- Redact Selected - The confirmed items are redacted
- Review & Confirm - You review each redacted file, then attach them to the case
Starting AI Redaction
There is no separate “Analyze for PII” button. Detection starts automatically the moment you attach redactable files.
The Redaction Flow
- Attach one or more documents through a case action (Request Info, Submit Info on an Awaiting Information case, or Close Case) using the file picker
- Redactable files are scanned automatically and you are taken to the Review Detected PII screen
- Choose which detected entities to redact (see below)
- Click Redact Selected (n) to process the files
- Review the redacted output, then click Confirm & Attach to Case (n)
This flow handles a single file or many at once — there is no separate single-document vs. batch action.
Understanding Detection Results
Entity Types Detected
| Category | Examples |
|---|---|
| Personal Identifiers | Names, email addresses, phone numbers |
| Government IDs | Passport numbers, national IDs, SSN/PPS |
| Financial | Bank accounts, credit card numbers, IBAN |
| Location | Addresses, postcodes, GPS coordinates |
| Health | Medical conditions, prescriptions, diagnoses |
| Professional | Job titles, employee IDs, company names |
| Digital | IP addresses, usernames, device IDs |
| Dates | Birth dates, event dates, timestamps |
Confidence Levels
Each detection includes a confidence score:
- High (90%+) - Very likely PII, recommend redacting
- Medium (70-89%) - Probable PII, review carefully
- Low (<70%) - Possible PII, manual verification needed
Reviewing Detected PII
The Review Detected PII Screen
After files are scanned automatically, the Review Detected PII screen shows:
- One expandable panel per file
- Each detected entity with its type and confidence, and its own toggle
- The data subject’s own PII shown but not selected for you (so you don’t accidentally remove the requester’s own data)
Selecting What to Redact
Toggle individual entities on or off, or use the bulk controls:
- Select All - select every detected entity for redaction
- Deselect Subject Data - clear entities identified as the data subject’s own information
- Smart Scan - apply a recommended selection
- Skip Redaction - attach the files unchanged, without redaction
When your selection is ready, click Redact Selected (n) to process the files.
Reviewing and Confirming the Output
Review Screen
After redaction processing finishes, a review screen lets you check each file before it is attached:
- View - open the redacted file to verify what was removed
- Download - save a copy of the redacted output
- Remove - drop a file from the batch
Use this step to confirm exactly what will be removed and that no required data was lost. When you’re satisfied, click Confirm & Attach to Case (n). You can also choose Pause & Resume Later to come back to the review later.
How redactions are applied
The redaction method is selected automatically based on the file type — you don’t need to choose it:
- PDFs and images - the removed text is covered with a solid filled box and the underlying content is permanently removed (not just hidden).
- Office documents (Word, Excel, PowerPoint) - the content is removed natively from the document.
Permanent Redaction
Best Practices
Review All Detections
Don’t blindly accept all AI detections:
- Check context - is this the data subject’s information?
- Verify third-party data is redacted
- Ensure nothing required for the response is removed
Protect Third Parties
When responding to access requests:
- Redact other people’s personal data
- Redact information that would identify others
- Keep only the requesting subject’s data
Document Your Decisions
- Note why certain detections were rejected
- Record manual additions
- Create audit trail for compliance
Use Appropriate Formats
For best AI results:
- Use searchable PDFs (not scanned images when possible)
- Ensure text is selectable
- Higher quality = better detection
AI Quotas
AI features are quota-based. Your allowance is aligned to your billing period (your Stripe subscription anniversary), not the calendar month, and resets at the start of each billing period.
| Plan | Approximate capacity per billing period |
|---|---|
| Trial | Small taster, ~80 scanned pages |
| Basic | ~125 scanned pages (≈100–500 emails or ~125 documents) |
| Starter | ~1,250 scanned pages (≈1,000–5,000 emails) |
| Pro | ~5,000 scanned pages (≈5,000–15,000 emails or ~1,000–3,500 documents) |
Figures are approximate. Actual capacity varies with document length, scan quality (OCR), and how much text each page contains.
What Counts Toward Quota
- Document text extraction
- PII detection analysis
- AI recommendations
Monitoring Usage
View your AI usage on:
- Dashboard usage widget
- Billing page
- Per-document cost indicators
What Happens When AI Quota Runs Out
SAR Portal warns you early and degrades gracefully so uploads are never blocked:
- At 80% usage - A warning email is sent so you can plan ahead or upgrade.
- At 100% usage - AI features are blocked for the rest of the billing period. The system gracefully degrades: files still upload, but without AI redaction, and a warning banner is shown so you know redaction was skipped. You can still redact manually.
- Upgrading - A plan upgrade applies the new, higher limit immediately and preserves your usage to date, so AI features resume right away.
Custom Redaction Patterns
Beyond the built-in entity types, you can add your own custom regex patterns to detect business-specific identifiers — for example account numbers, claim references, or membership numbers. Custom patterns are configured in the redaction settings and are validated for safety (including ReDoS protection) before they are saved.
The number of custom patterns you can save depends on your plan:
| Plan | Custom patterns |
|---|---|
| Basic | 2 |
| Starter | 5 |
| Pro | 10 |
| Enterprise | Unlimited |
Supported Document Types
AI redaction works with over 32 file types across 7 categories:
| Format | Text Extraction | Redaction Method |
|---|---|---|
| PDF (searchable) | Yes | Visual redaction |
| PDF (scanned) | Yes (OCR) | Visual redaction |
| Word (.docx, .dotx, .docm, .dotm) | Yes | Visual redaction |
| Excel (.xlsx, .xlsm, .xltx, .xltm) | Yes | Cell-level redaction |
| PowerPoint (.pptx, .pptm, .potx, .potm) | Yes | Native redaction |
| Images (.png, .jpg, .jpeg, .gif, .bmp, .tiff, .tif, .webp) | Yes (OCR) | Visual redaction |
| Email (.eml, .msg) | Yes (headers + body) | PDF output |
| Text (.txt, .csv, .log, .md, .json, .xml, .html, .css, .js) | Yes | Text replacement |
AI Risk Assessment
SAR Portal includes AI-powered risk assessment to help you identify cases that may require special attention.
How Risk Assessment Works
The AI analyzes case details and documents to identify:
- Sensitive data categories - Health, financial, or other high-risk data
- Complexity indicators - Multiple systems, large document sets
- Compliance risks - Deadline concerns, incomplete information
- Third-party data - Data about others that needs protection
Risk Levels
| Level | Description | Recommended Action |
|---|---|---|
| Low | Standard request, minimal sensitive data | Normal processing |
| Medium | Some complexity or sensitive data present | Careful review |
| High | Complex request or highly sensitive data | Senior review recommended |
Using Risk Assessment
- Open a case with documents
- Review the AI risk summary shown on the case (the risk score, level, and reasons are produced by AI analysis)
- Follow the recommendations for your risk level
Benefits
- Prioritize high-risk cases appropriately
- Identify cases needing legal review
- Ensure proper handling of sensitive data
- Document risk-based decisions
Troubleshooting
“No PII Detected”
- Document may not contain personal data
- Check if document has extractable text
- Scanned documents may need better quality
Low Detection Accuracy
- Verify document quality
- Check language support
- Consider manual review for edge cases
Analysis Taking Too Long
- Large documents take longer
- Complex layouts require more processing
- Check document size limits