PII Detector & Redactor
Detect and redact emails, phones, SSNs, cards (Luhn), IPs, IBANs, JWTs, API keys, cookies, and sensitive fields. JSON / CSV / HTTP-header / .env / log aware. Runs locally — no upload.
Daily Developer Tools
Free, browser-based utilities for everyday developer workflows
How to use the PII Detector & Redactor
Paste any text, JSON, CSV, HTTP headers, .env, XML, or log snippet, pick a preset, and click Detect & redact. The tool detects emails, phone numbers, SSNs, credit cards, government IDs, tokens, JWTs, API keys, cookies, internal hostnames, and sensitive field names — then produces a sanitized copy you can copy, download, or hand off to another tool. Useful for sharing logs in tickets, attaching samples to bug reports, sanitizing data before pasting into ChatGPT or Claude, and reducing accidental data leakage. Runs entirely in your browser.
How to use it
- Paste your text, JSON, CSV, log lines, headers,
.env, or XML into the input. - Pick a preset that matches your context (LLM-prompt safe, ticket/PR, log share, screenshot prep).
- Choose a redaction mode: replace, mask, format-preserving, remove, pseudonymize, or hash.
- Click Detect & redact. Review the findings list and the sanitized output side by side.
- Toggle off any false positives, then copy or download the sanitized version.
- Send the sanitized output to another tool via the handoff menu.
What it detects
- Personal data: emails, phone numbers, dates of birth, names / addresses / IDs by field context.
- Government IDs: US SSN & EIN; India Aadhaar, PAN, GSTIN (pattern-based); IBAN; passport / driving-licence by field name.
- Financial: credit / debit cards (Luhn-validated), CVV / expiry, IFSC, UPI handles, account / routing numbers by field name.
- Secrets & credentials: JWT, Bearer, Basic auth, AWS keys, GitHub / Stripe / Slack / Google / OpenAI keys, generic API keys, private-key PEM blocks, SSH keys, JDBC / database URLs, cookies, CSRF tokens, high-entropy strings.
- Network identifiers: IPv4 (public & private), IPv6, MAC, IMEI-like, URLs with secrets in the query string.
How it redacts
- Replace with a typed placeholder (
[EMAIL_REDACTED]). - Mask the value with asterisks.
- Format-preserving mask that keeps shape (
j***@example.com,411111******1111,203.0.113.xxx). - Remove the value entirely.
- Pseudonymize consistently — the same value maps to the same fake value during this session (great for debugging).
- Hash the value with a local non-crypto digest (for de-duplication only — not anonymization).
Workflow handoffs
Once your output is sanitized, hand it off to JSON Formatter, CSV Viewer, HAR Sanitizer, HTTP Headers Parser, Security Headers Analyzer, XML Inspector, JWT Toolkit, Base64, URL Parser, .env Converter, Text Diff, or Line Tools — the next tool will receive the sanitized copy, not the raw input.
Tips & pitfalls
- Pattern-based detection can produce false positives (e.g. UUIDs flagged as high-entropy) and false negatives (e.g. unusual phone formats). Always review findings before sharing externally.
- This tool is not a certified DLP / compliance scanner. Use it to reduce accidental exposure before pasting into tickets, chat, AI prompts, or screenshots.
- For HAR files, the dedicated HAR Sanitizer handles request and response bodies, replay packs, and entry-level audit.
- Pseudonymization is not anonymization — if you share the pseudonym map, original values may be re-identifiable.
- Toggle Luhn validation off if you only want to flag card-shaped runs without arithmetic checks.
FAQ
- Does this upload my data? No. Detection, redaction, pseudonymization, hashing, reports, and handoffs all happen in your browser. No network calls.
- Is this compliance-grade? No. This is a local developer helper. For GDPR / CCPA / HIPAA / PCI workflows, use it for hygiene only — not as a control.
- Can it redact JSON without breaking it? Yes — JSON values are scanned, sensitive fields are masked / removed / pseudonymized, and the output is re-serialized as valid JSON.
- Can it redact CSV columns? Yes — CSV header names are matched against sensitive-field patterns, and the entire column is masked. Cells are also scanned for value patterns.
- How do I redact data before pasting into ChatGPT? Choose the “LLM prompt safe mode” preset, scan, then copy the sanitized output.
Runs locally in your browser. No uploads. No analytics on pasted content.