Free PII redactor
Paste text or drop a file to find and remove personal data: emails, phone numbers, credit cards, SSNs, IBANs, IP addresses, and API keys. The text is scanned on your device and never uploaded, which is the whole point of redacting it in the first place.
Detection is pattern matching, so it finds identifiers with a predictable shape. It will miss personal information written in free text, such as a name, a job title beside an employer, or an unusual identifier format. Read the highlighted preview before you share the result.
Copied to clipboard
How the PII redactor works
Paste text or drop a file
A .txt, .csv, or .json file is read with the browser's FileReader API. It is opened on your machine, not uploaded to ours.
Choose what to catch
Each type has a toggle. Card numbers are checked with the Luhn algorithm and IBANs with the mod-97 checksum, so ordinary long numbers are left alone.
Copy or download the result
Mask the value, keep a fragment of it, or swap it for a stable token. Then copy the text or save it as a file. Nothing leaves your device.
Private by design: nothing leaves your browser
Text that needs redacting is, by definition, text that should not be handed to a stranger's server. Uploading a customer transcript to an online redaction service to make it safe to share has already shared it. This tool is built so that trade never comes up:
100% client-side
Matching is JavaScript regular expressions running in your tab, and files are read with FileReader. The page makes no request with your text in it, so there is nothing on a server to breach or subpoena.
Nothing stored or logged
There is no account and no analytics on what you paste. The text, the detections, and the pseudonym mapping live in memory and are gone when you reload.
Checksums, not guesses
Candidate card numbers must pass the Luhn check and IBANs the ISO 13616 mod-97 check before anything is touched, so a 16-digit order reference is not shredded along with the real data.
What this does not claim
- Pattern matching finds structured identifiers. It does not understand your text, so a name, an employer, or a rare medical detail written in prose will pass straight through.
- This is not GDPR anonymisation and it is not HIPAA Safe Harbor de-identification. Both have requirements a regex pass does not meet.
- Treat the output as reduced exposure, not as proof of compliance. Review it before you send it anywhere.
Built for developers and privacy-conscious teams
Anyone who has to share text that carries data it should not carry. BlockSurvey takes the same position on research data with zero-knowledge surveys, where responses are encrypted before they ever reach a server.
Developers
Scrub a production log or a stack trace before pasting it into a ticket, a chat, or a model prompt, and catch the API key someone left in it.
Support & ops teams
Strip card numbers and addresses out of a customer transcript before it goes to a vendor, and keep the ticket readable while you do it.
Researchers & analysts
Swap identifiers for stable tokens so open-ended responses can still be grouped and counted per person without the person being in the file.
Building something that handles sensitive data?
BlockSurvey runs on zero-knowledge surveys, so the responses you collect are never sold or mined. Responses are encrypted on the respondent's device, so the server stores nothing readable.
More free privacy tools
Browse all privacy toolsThese tools run in your browser because that is how we build everything. The same idea, applied to research: privacy-first surveys with end-to-end encryption.