safeclipper
A local privacy filter that OCR-scans screenshots, detects sensitive text like API keys, emails, and account numbers using an on-device AI model, and paints black redaction boxes over those regions before the image leaves your machine.
safeclipper is a local privacy filter for screenshots intended for use before sending images to AI agents, cloud services, or support workflows. The problem it addresses is that AI agents increasingly need screen context to do their work, but screenshots often contain names, email addresses, phone numbers, API keys, account numbers, and other private data that should not leave the device. safeclipper runs an OCR step to read the text in an image, then runs a local AI model to identify which spans are sensitive, then paints black masks over those regions before the image is passed anywhere.
All processing happens on the user's machine. The privacy detection model is a quantized version of OpenAI's Privacy Filter, stored as an ONNX file and run locally. OCR is handled by Apple Vision on macOS or by Tesseract on other platforms. The tool can work on plain text as well as images: for plain text input it returns the detected sensitive spans; for image input it maps those spans back to their locations in the image and outputs a redacted copy.
The repository has two main components. A Rust command-line tool handles text and image redaction and works on macOS, Linux, and Windows (image redaction requires macOS or a Tesseract installation). A native macOS app built with SwiftUI wraps the same Rust library with a graphical interface.
Performance on an Apple M3 Max is around 1.4 seconds end-to-end for a screenshot, including process startup, model loading, OCR, inference, and writing the output image. The README includes benchmark results on a dataset of 210 synthetic desktop screenshots showing that safeclipper blocked about 70% of private information while preserving 91.5% of the image's utility for a downstream question-answering task. A comparison table in the README places it ahead of two other redaction tools on overall score, and just behind a cloud-based approach that uses a much larger model.
Building requires Rust 1.88 or newer. The ONNX model files are downloaded separately via a provided script before building.
Where it fits
- Automatically redact API keys, emails, and account numbers from screenshots before passing them to an AI coding agent.
- Process screenshots in bulk to black out all personally identifiable information before uploading to a support ticket.
- Use the macOS SwiftUI app to one-click redact a screenshot before sharing it with a cloud service.
- Scan copied plain text to identify which spans a privacy model flags as sensitive before pasting into an AI chat.