Skip to main content

Self-hostable data sanitization app with PII detection, pseudonymization, k-anonymity, and bounded DP noise

Project description

SDSA

Secure Data Sanitization App (SDSA) is a self-hostable tool for sanitizing tabular data before it leaves a trusted environment.

It ingests CSV, delimited TXT, and single-table SQL INSERT dumps; detects likely sensitive fields; applies explicit per-column privacy policies; enforces k-anonymity; and exports a sanitized CSV with JSON and Markdown privacy reports.

Install

pip install sdsa
sdsa-server start

Open http://127.0.0.1:8000/.

What It Does

  • Serves a browser UI and REST API from one FastAPI application.
  • Detects likely PII such as email, phone, card number, government ID, date of birth, name, and address fields.
  • Supports retain, mask, hash, tokenize, redact, drop, numeric_bin, date_truncate, string_truncate, and dp_laplace actions.
  • Applies bounded Laplace noise to numeric columns when differential privacy is configured with explicit epsilon, lower, and upper values.
  • Enforces k-anonymity over selected quasi-identifiers.
  • Provides preflight suppression estimates before processing.
  • Stores uploaded data in memory with a default 30-minute session TTL.

CLI

sdsa-server start
sdsa-server start --host 0.0.0.0 --port 8000
sdsa-server start --random-port
sdsa-server start --reload

The package includes the static frontend, so no separate web build is required.

Privacy Model

SDSA produces pseudonymized microdata with optional per-column local-DP style noise. It does not claim dataset-level (epsilon, delta) differential privacy. Linkage attacks using auxiliary data may still succeed.

k-anonymity bounds prosecutor re-identification risk to at most 1/k for the declared quasi-identifier set, subject to the limits described in each generated privacy report.

Deployment

For production, run sdsa-server start behind TLS termination and keep one SDSA process per deployment unless you replace the in-memory session store with shared infrastructure. The GitHub repository includes Docker, Compose, nginx, and CI/CD examples.

Links

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sdsa-1.1.1.tar.gz (72.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

sdsa-1.1.1-py3-none-any.whl (63.4 kB view details)

Uploaded Python 3

File details

Details for the file sdsa-1.1.1.tar.gz.

File metadata

  • Download URL: sdsa-1.1.1.tar.gz
  • Upload date:
  • Size: 72.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.12

File hashes

Hashes for sdsa-1.1.1.tar.gz
Algorithm Hash digest
SHA256 6c1a57a80c7e9145482958c5cd953dcda6f803b8af6587c104c59061b9b05ec2
MD5 8d94f64a37271c52e75d94fcb1fe524a
BLAKE2b-256 f9a9133acab2cf74915adce78d06c2ceafb0e54de2f9b45721dc0c4802bb1a6b

See more details on using hashes here.

File details

Details for the file sdsa-1.1.1-py3-none-any.whl.

File metadata

  • Download URL: sdsa-1.1.1-py3-none-any.whl
  • Upload date:
  • Size: 63.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.12

File hashes

Hashes for sdsa-1.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 bd11467c60ff9b8fb6a842491e9551e6496cbaf447f8dba5a4a744a178908199
MD5 4684f618226dba136db0040e61b78ffa
BLAKE2b-256 220bf7e66de4bd4d7fee3e2b7e502a09d96a384db3e4c9f31f455909c2943486

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page