Redact.dev
Redact.dev is a proprietary bulk-deletion client for social-media, messaging, and productivity accounts. It can filter and remove posts, comments, likes, DMs, media, and other supported activity across more than 35 services. It also offers beta data-broker removal and exposure-scanning features.
The product fills a different role from Incogni, DeleteMe, and Optery. Those services concentrate on broker and people-search opt-outs; Redact’s main product automates deletion inside accounts the customer already controls.
The architecture is attractive but not verified end to end
The social-media client behaves like a modified browser. Redact says that it signs into each platform on the platform’s own page and performs scanning, filtering, deletion, and optional archiving on the user’s device.1 This is a materially better trust shape than uploading an account archive or message history to a cloud deletion service.
The boundary is not wholly local. Redact maintains an account and subscription service and sends crash and usage diagnostics. Its data-broker and OSINT features have broader paths: some confirmation email, identity data, queries, and scan results may be processed temporarily by Redact or named third parties.2
The app is proprietary, and no current independent security assessment was found in this review. That leaves the local-processing design dependent on vendor claims and reproducible network testing.
Deletion is a best-effort platform operation
Deletion does not retract screenshots, archives, search caches, third-party datasets, or copies held by the platform. Platform rate limits and interface changes can also interrupt an integration.
Redact’s own terms are unusually explicit about this boundary: the app may delete more or less than intended and may report completion when a deletion did not actually complete. They also warn that automation may conflict with a target platform’s terms and place responsibility for checking authorization on the user.4 App Store reviews supply examples of incomplete discovery and deletion reports that users said did not match the visible account, although such reviews do not establish the general failure rate.5
The practical workflow is therefore:
- Export an independent platform archive.
- Use preview or review-and-delete mode on a narrow date range.
- Verify the result directly on the platform from another session.
- Expand the deletion only after confirming the filters and result.
- Recheck later for delayed restoration, missed content, and surviving public copies.
EU compliance narrows the need for Redact
For permanent account closure, Redact should not be legally necessary when the platform complies with EU data-protection law. The European Data Protection Board (EDPB) says that permanently leaving a social-media service is accompanied by the Article 17(1)(a) General Data Protection Regulation (GDPR) right to erasure. The provider should not create unnecessary hurdles, use an excessive grace period, or steer a person from deletion into mere deactivation.6
A compliant service may retain a minimal subset under an Article 17(3) exception, for example when necessary for a legal obligation, freedom of expression, or legal claims. The EDPB says that such retained data should remain internal and does not justify keeping the public account active. An erasure request can also require reasonable steps to notify other controllers about links or copies, but it does not guarantee removal of every independent republication. EU and Swedish data removal rights explains these limits.
Redact does not strengthen that legal right. It operates the service’s user-facing deletion path and therefore cannot certify erasure of server-side metadata, backups, lawfully retained records, or copies controlled by someone else. A formal request to the platform remains the appropriate route when the objective is full account erasure or an auditable response from the controller.
Redact retains a narrower convenience case: bulk-selective or scheduled housekeeping while keeping an account active. GDPR requires controllers to facilitate erasure rights, and the EDPB treats deleting a particular profile field as a possible exercise of those rights, but EU compliance does not necessarily require one cross-platform interface for deleting years of posts by keyword, date, or recurring schedule.
The service should therefore be evaluated as workflow automation, not as a remedy for non-compliance. Native platform tools and a direct GDPR request are preferable when they already achieve the intended scope.
Commercial lesson
Redact validates demand for cross-platform digital-footprint maintenance. Its free tier covers recent activity on a small set of major platforms; paid plans add older history, more services, scheduling, and higher account limits.7
For Privacy competitors and inspirations, the interesting wedge is not merely another deletion script. It is a verifiable deletion workflow: local processing, minimal or optional telemetry, export before destruction, platform-by-platform evidence, and a result report that distinguishes requested, attempted, confirmed, and externally surviving data. That evidence model connects directly to Privacy trust and governance.
-
Redact.dev official product and policy pages preserves the company’s architecture description and associated policy pages. ↩
-
Redact privacy policy, last updated 10 March 2026. ↩
-
User network-capture report and Redact responses, 26 June to 6 July 2026. ↩
-
Redact terms, effective 17 February 2026, sections 1A and 1D. ↩
-
Redact in the Apple App Store, accessed 16 July 2026. ↩
-
EDPB deceptive design patterns in social media guidelines, especially sections 3.4 and 3.5. ↩
-
Redact pricing, accessed 16 July 2026. ↩