Self-hostable data sanitization app with PII detection, pseudonymization, k-anonymity, and bounded DP noise
Project description
SDSA
Secure Data Sanitization App (SDSA) is a self-hostable tool for sanitizing tabular data before it leaves a trusted environment.
It ingests CSV, delimited TXT, and single-table SQL INSERT dumps; detects
likely sensitive fields; applies explicit per-column privacy policies; enforces
k-anonymity; and exports a sanitized CSV with JSON and Markdown privacy reports.
Install
pip install sdsa
sdsa-server start
Open http://127.0.0.1:8000/.
What It Does
- Serves a browser UI and REST API from one FastAPI application.
- Detects likely PII such as email, phone, card number, government ID, date of birth, name, and address fields.
- Supports
retain,mask,hash,tokenize,redact,drop,numeric_bin,date_truncate,string_truncate, anddp_laplaceactions. - Applies bounded Laplace noise to numeric columns when differential privacy is
configured with explicit
epsilon,lower, anduppervalues. - Enforces k-anonymity over selected quasi-identifiers.
- Provides preflight suppression estimates before processing.
- Stores uploaded data in memory with a default 30-minute session TTL.
CLI
sdsa-server start
sdsa-server start --host 0.0.0.0 --port 8000
sdsa-server start --random-port
sdsa-server start --reload
The package includes the static frontend, so no separate web build is required.
Privacy Model
SDSA produces pseudonymized microdata with optional per-column local-DP style
noise. It does not claim dataset-level (epsilon, delta) differential privacy.
Linkage attacks using auxiliary data may still succeed.
k-anonymity bounds prosecutor re-identification risk to at most 1/k for the
declared quasi-identifier set, subject to the limits described in each generated
privacy report.
Deployment
For production, run sdsa-server start behind TLS termination and keep one SDSA
process per deployment unless you replace the in-memory session store with
shared infrastructure. The GitHub repository includes Docker, Compose, nginx,
and CI/CD examples.
Links
- Source: https://github.com/defai-digital/sdsa
- Documentation: https://github.com/defai-digital/sdsa/blob/main/README.md
- Deployment guide: https://github.com/defai-digital/sdsa/blob/main/docs/deployment.md
- Privacy model: https://github.com/defai-digital/sdsa/blob/main/docs/privacy-model.md
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file sdsa-1.1.1.tar.gz.
File metadata
- Download URL: sdsa-1.1.1.tar.gz
- Upload date:
- Size: 72.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6c1a57a80c7e9145482958c5cd953dcda6f803b8af6587c104c59061b9b05ec2
|
|
| MD5 |
8d94f64a37271c52e75d94fcb1fe524a
|
|
| BLAKE2b-256 |
f9a9133acab2cf74915adce78d06c2ceafb0e54de2f9b45721dc0c4802bb1a6b
|
File details
Details for the file sdsa-1.1.1-py3-none-any.whl.
File metadata
- Download URL: sdsa-1.1.1-py3-none-any.whl
- Upload date:
- Size: 63.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
bd11467c60ff9b8fb6a842491e9551e6496cbaf447f8dba5a4a744a178908199
|
|
| MD5 |
4684f618226dba136db0040e61b78ffa
|
|
| BLAKE2b-256 |
220bf7e66de4bd4d7fee3e2b7e502a09d96a384db3e4c9f31f455909c2943486
|