Pasting raw text into an AI assistant is convenient, but customer emails, support tickets, and logs are full of personal data you should not be sending to a third party. This PII redactor scans your text in the browser and replaces structured identifiers — emails, phone numbers, card numbers, IP addresses, URLs, dates of birth, and street addresses — with consistent placeholder tokens, so you can get the help you need without leaking anyone’s details.
What it detects and replaces
The tool covers the most common structured PII patterns:
| Type | Example | Token |
|---|---|---|
| Email address | [email protected] | [EMAIL_1] |
| Phone number | +44 7700 900123 | [PHONE_1] |
| Credit/debit card | 4111 1111 1111 1111 | [CARD_1] |
| IPv4 address | 192.168.1.45 | [IP_1] |
| URL | https://example.com/account | [URL_1] |
| Date of birth | 14/03/1985 | [DOB_1] |
| Street address | 12 Baker Street, London | [ADDRESS_1] |
Names are intentionally excluded. Personal names have no reliable pattern across languages and cultures, and false positives would redact genuine content. Always scan the output yourself for names before pasting into an AI.
How it works
The tool runs conservative regular expressions over your text, one per identifier type. Each unique value is assigned a stable token on first appearance and that same token replaces every subsequent occurrence of the same value within the document. This preserves relationships in the text — the AI can still see that the same email address appears in two places — while hiding the actual data.
Detection runs entirely client-side. There is no network call, no logging, and no storage, so even the original unredacted text never leaves your machine.
Worked example
Input text:
Hi team, Jane ([email protected], 07700 900123) placed order #4421.
Please cc [email protected] on the response.
After redaction:
Hi team, Jane ([EMAIL_1], [PHONE_1]) placed order #4421.
Please cc [EMAIL_1] on the response.
The same email maps to [EMAIL_1] in both positions, so the AI can still reason about the relationship. The order number is preserved because it is not a PII pattern.
Using redacted output effectively
Keep the tokens in your prompt and ask the AI to use them in its response. When you receive the answer, re-insert the real values locally before acting. This workflow means sensitive data never leaves your machine, while the AI gets enough context to help correctly.
For regulated data under GDPR, HIPAA, or similar obligations, treat this as a useful first pass and combine it with human review and a documented process — automated redaction alone is not a compliance programme.
What this tool cannot detect
Pattern-based redaction has inherent limits:
- Personal names — no reliable pattern; must be removed by hand.
- Account numbers, policy numbers, case IDs — too organisation-specific for a generic regex.
- Indirect identifiers — combinations of non-PII fields that together identify a person (for example, a rare job title in a small town). These require contextual human judgement.
- Images and PDFs — the tool processes plain text only.
Use this tool for structured identifiers in text logs, emails, and support tickets. For documents with unstructured personal information, supplement with manual review.