Skip to main content

Self-hostable data sanitization app with PII detection, pseudonymization, k-anonymity, and bounded DP noise

Project description

SDSA

Secure Data Sanitization App (SDSA) is a self-hostable tool for sanitizing tabular data before it leaves a trusted environment.

It ingests CSV, delimited TXT, and single-table SQL INSERT dumps; detects likely sensitive fields; applies explicit per-column privacy policies; enforces k-anonymity; measures or enforces l-diversity for sensitive cleartext attributes; and exports a sanitized CSV with JSON and Markdown privacy reports.

SDSA upload screen showing the three-step sanitization workflow

Install

pip install sdsa
sdsa start

Open http://127.0.0.1:8000/.

What It Does

  • Serves a browser UI and REST API from one FastAPI application.
  • Detects likely PII such as email, phone, card number, government ID, date of birth, name, address, and identifier fields.
  • Supports retain, mask, hash, tokenize, redact, drop, numeric_bin, date_truncate, string_truncate, and dp_laplace actions.
  • Applies bounded Laplace noise to numeric columns when differential privacy is configured with explicit epsilon, lower, and upper values.
  • Tracks cumulative per-column DP epsilon for the uploaded session to prevent repeated noisy releases from being averaged.
  • Enforces k-anonymity over selected quasi-identifiers and can enforce l-diversity on sensitive cleartext attributes.
  • Provides preflight suppression estimates before processing.
  • Runs headlessly with sdsa process for CI/CD and data pipelines.
  • Stores uploaded data in memory with a default 30-minute session TTL.

CLI

sdsa start
sdsa start --host 0.0.0.0 --port 8000
sdsa start --random-port
sdsa start --reload

# Batch mode: no server, writes sanitized CSV + JSON/Markdown reports.
sdsa process data.csv --out-dir ./sanitized -k 5
sdsa process data.csv --policy request.json --out-dir ./sanitized

sdsa-server remains an equivalent compatibility alias. The package includes the static frontend, so no separate web build is required.

Privacy Model

SDSA produces pseudonymized microdata with optional per-column local-DP style noise. It does not claim dataset-level (epsilon, delta) differential privacy. Linkage attacks using auxiliary data may still succeed.

k-anonymity bounds prosecutor re-identification risk to at most 1/k for the declared quasi-identifier set, subject to the limits described in each generated privacy report.

l-diversity is measured by default for cleartext non-QI attributes and can be enforced with l >= 2. Homogeneous sensitive groups appear as warnings in the report when l-diversity is measured but not enforced.

Reports also include an information-loss utility score. Downloadable reports strip exact source-side cardinalities, null counts, and numeric bounds while retaining enough metadata to audit field treatment.

Deployment

For production, run sdsa start behind TLS termination and keep one SDSA process per deployment unless you replace the in-memory session store with shared infrastructure. The GitHub repository includes Docker, Compose, nginx, and CI/CD examples.

Links

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sdsa-1.2.1.tar.gz (88.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

sdsa-1.2.1-py3-none-any.whl (76.3 kB view details)

Uploaded Python 3

File details

Details for the file sdsa-1.2.1.tar.gz.

File metadata

  • Download URL: sdsa-1.2.1.tar.gz
  • Upload date:
  • Size: 88.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.12

File hashes

Hashes for sdsa-1.2.1.tar.gz
Algorithm Hash digest
SHA256 30e23e75fb7baa9b2cd62e7b5053b359d6ce1a599a2fb1773ec7c8ff5373dbac
MD5 e856f76de82f1bac7f8b4c5ac8b10e4b
BLAKE2b-256 2009cad24947e1d777771bec2492e07de22681781a82bdc47bf2aaa70a3e4c22

See more details on using hashes here.

File details

Details for the file sdsa-1.2.1-py3-none-any.whl.

File metadata

  • Download URL: sdsa-1.2.1-py3-none-any.whl
  • Upload date:
  • Size: 76.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.12

File hashes

Hashes for sdsa-1.2.1-py3-none-any.whl
Algorithm Hash digest
SHA256 888a9733defd37487fe6394b88b93c59bb0d6273ed4f3273f2c4df47e455494a
MD5 6cf05b2629c22425cc3c0ec432817d5e
BLAKE2b-256 afb088a8b43def6dcd1907c9aca82185e2933a7e265c3eb4f033f0a594cc8335

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page