How It Works

Paste, review, copy — every scan and every redaction runs on your device, in your browser.

1

Paste or Drop

Paste text straight from your clipboard, or drop a log, JSON, CSV, or plain-text file. Nothing leaves your tab.

2

Instant Scan

Emails, phone numbers, card numbers, IBANs, JWTs, API keys, private keys, and unusually random-looking tokens are found in a fraction of a second — along with checksum-validated national IDs from the US, Canada, UK, Germany, France, Italy, and Spain.

3

Review Every Match

Toggle whole categories on or off, dismiss a single match, or allowlist a value permanently — with the exact line shown in context.

4

Copy or Download, Scrubbed

The same value always becomes the same placeholder — like <EMAIL_1> — so the result stays readable. Copy it or save a file, ready to share or paste into an AI chatbot.

Privacy Guarantee

  • Every scan and rewrite runs locally in your browser — nothing you paste or drop is ever uploaded
  • No account, no sign-up, no size limit — the free tier is the complete tier
  • Disconnect your internet after the page loads — scanning and export keep working offline

What Gets Caught

  • Personal data: emails, phone numbers, IP/MAC addresses, credit cards, IBANs
  • National IDs: US SSN, Canada SIN, UK National Insurance Number, Germany Steuer-ID, France NIR, Italy Codice Fiscale, Spain DNI/NIE — each checksum-validated, not just pattern-matched
  • Secrets: AWS/GCP/GitHub/Slack/Stripe/OpenAI/Anthropic keys, JWTs, private key blocks, database connection strings, password assignments
  • Anything unusually random: a catch-all for high-entropy tokens that look like a key or secret even without a recognizable format
  • Your call: every category can be turned off, and any single match can be dismissed or allowlisted

Frequently Asked Questions

Is any of my text or file data uploaded anywhere? +
No. Every scan and every redaction happens on your device, inside your browser. Nothing you paste or drop is ever sent anywhere — you can disconnect your internet after the page loads and it keeps working.
What kinds of sensitive data does it catch? +
Emails, phone numbers, IP and MAC addresses, credit card numbers (checksum-validated), IBANs, JWTs, and a rulepack of API keys and secrets (AWS, GCP, GitHub, Slack, Stripe, OpenAI, Anthropic, private key blocks, database connection strings, and generic password assignments), plus unusually random-looking tokens. National ID numbers are checksum-validated for the US (SSN), Canada (SIN), UK (National Insurance Number), Germany (Steuer-ID), France (NIR), Italy (Codice Fiscale), and Spain (DNI/NIE), plus a structural EU VAT number pattern you can turn on.
What does "pseudonymize" mean here? +
Instead of just blacking a value out, the same original value is always replaced with the same placeholder — e.g. every occurrence of one email becomes <EMAIL_1> everywhere in the text. That keeps the scrubbed text readable and cross-referenceable. Every category can instead be set to Redact (a plain [REDACTED] marker), Mask (********), Remove entirely, or Highlight only (flagged for your own review but left completely unchanged in the exported file).
Can I see the final result before I export it? +
Yes. "Preview Final Outcome" shows the entire document exactly as it will be exported — replaced values in green, highlighted-only values in yellow, removed values marked with a small gap indicator — built from the same logic as the actual Copy/Save, not a separate approximation.
Can I keep a specific match from being redacted? +
Yes. Every match in the review list has a dismiss action to keep that one instance as-is, and you can add a value to a permanent allowlist so it's never flagged again.
Does this work on log files, JSON, and CSVs? +
Yes — paste text directly or drop a .txt, .log, .json, or .csv file and it's scanned the same way. Structure-aware column and field detection for CSV/HAR is on the roadmap; today every format is scanned as text, which already catches the sensitive values inside them.