Local Mode vs Cloud API: Which PII Detection Engine Should You Use?
Compare Blindfold's two detection engines: Local Mode (regex, offline, free) and Cloud API (NLP-powered, 60+ entity types). Learn what each detects and when to use which.
Blindfold ships two PII detection engines in every SDK. Local Mode runs entirely in your process using regex and checksum validation — no API key, no network calls, no cost. Cloud API adds an NLP model (GLiNER) that catches entity types regex cannot match: person names, organizations, physical addresses, and medical records.
You do not have to pick one upfront. Without an API key the SDK uses local mode automatically. Add an API key and the Cloud API runs both engines in a single call. This post covers what each mode does, what it detects, and when to use which.
Quick Comparison
| Feature | Local Mode | Cloud API |
|---|---|---|
| Engine | Regex + checksum | NLP (GLiNER) + regex |
| Entity types | 86 structured types | 60+ NLP types + all regex types |
| Names & addresses | No | Yes |
| Offline | Yes | No |
| API key | Not needed | Required |
| Speed | Sub-millisecond | ~100-300ms |
| Pricing | Free forever | 500K chars/mo free |
Local Mode
Local mode uses 86 regex patterns with checksum validation to detect structured PII: email addresses, credit card numbers (Luhn), SSNs (MOD 11), IBANs, phone numbers, passport numbers, and country-specific IDs for 30+ countries. It runs in sub-millisecond time with zero dependencies beyond the SDK itself.
This makes it ideal for CI/CD pipelines, air-gapped environments, log scanning, and any scenario where data cannot leave your machine. Since there are no API calls, there are no usage limits and no cost.
Cloud API
The Cloud API sends text to Blindfold's servers where a GLiNER NLP model runs alongside the regex engine. The NLP model detects entity types that regex cannot match — person names, organizations, physical addresses, medical records, nationalities, and more. It auto-detects 18+ languages and supports compliance policies (GDPR, HIPAA, PCI DSS).
Data is processed in your chosen region (EU Frankfurt or US Virginia) and never stored after processing. The free tier includes 500K characters per month.
Code Example
The only difference is whether you pass an API key. Without one, detection runs locally. With one, it uses the Cloud API.
from blindfold import Blindfold # Local mode — no API key, runs offline local = Blindfold() result = local.detect("SSN 123-45-6789, email john@acme.com") # Detects: SSN, Email Address # Cloud API — NLP + regex in one call cloud = Blindfold(api_key="your-api-key") result = cloud.detect("Contact John Smith at 123 Main St") # Detects: Person, Address
Which Should You Use?
If your data is structured (emails, credit cards, SSNs, IBANs), local mode covers it for free. If you are processing unstructured text where names and addresses appear in natural language, use the Cloud API. For maximum coverage, use both — the Cloud API runs the regex engine automatically, so you get everything in one call.
Full comparison
For a detailed breakdown including entity lists, architecture diagrams, and more code examples, see the Local Mode vs Cloud API comparison page.
Start protecting sensitive data
Free plan includes 500K characters/month. No credit card required.