Privacy, Security & Anonymisation

How we keep your documents private: local open-source tools, anonymisation before analysis, and clear controls over what is kept and for how long.

Our privacy pipeline at a glance

A four-step flow designed so that third parties see as little as possible while you still receive a clear, useful summary.

1
Secure intake

In the live system you upload documents over HTTPS straight to the operator’s own machine. Files are stored locally, not on generic consumer cloud platforms.

2
Local organisation & anonymisation

The system organises and reads your documents locally. Identifiers are stripped or replaced with pseudonyms before any automated analysis is allowed to run.

3
Anonymised analysis & research

Only the anonymised text and structured tables are used for downstream processing and research, so external tools never see real names, addresses or account numbers.

4
Controlled retention & GDPR tools

Retention rules and a dedicated GDPR module govern how long data is kept. You can request exports or deletion in the live system, and the operator can evidence what happened to each document.

1. Local, open-source tooling

Orgo-Guide is built entirely on an open-source software stack running on your operator's own machine. We do not use Microsoft Presidio, Microsoft cloud services, or generic consumer cloud storage such as OneDrive, Google Drive or Dropbox for client documents in the live deployment.

Core components include Python, Flask, SQLite, spaCy, scrubadub, pdfplumber, pytesseract and other open-source libraries. This keeps the data path predictable, auditable, and under the operator's control.

2. Anonymisation before any AI processing

Before any document is sent to an external AI model, it passes through a dedicated anonymisation stage. This stage runs locally and is designed specifically for UK legal and financial paperwork.

Names, full addresses, National Insurance numbers, sort codes, account numbers, email addresses and phone numbers are replaced with consistent pseudonyms such as Person A, Property 1, [NI-REF-001] or [BANK-ACCT-001]. Dates and monetary amounts are kept, because they are needed to understand timelines and financial positions.

3. Mapping files kept off the cloud

The link between pseudonyms and real details is stored in a small mapping file for each job (for example mapping/OG-2025-001_mapping.json). These mapping files never leave the operator's machine and are explicitly excluded from any cloud backup process.

That means an external provider or cloud backup service never sees the full picture of who the data belongs to, even if they could see anonymised text.

4. Minimal, reversible actions

Every significant action in the dashboard — accepting a job, excluding a document, changing a status — is logged and designed to be reversible where possible. This makes it easier to correct mistakes and to evidence what happened to a client's data.

5. Your rights and how to exercise them

Under UK GDPR you have the right to access your data, correct it, or ask for it to be deleted. The live system includes a dedicated Data & Privacy form so you can make these requests quickly.

This static demo does not submit real requests, but the live deployment logs and tracks each request through to completion in the same database that powers the dashboard.

Questions about how we handle data?

If you would like more detail than this page provides, you can ask directly and we will explain our setup in plain language.

Email the operator