How to Redact PII From Text Before Sharing

Updated 2026-06-21

To redact PII from text, paste it into a browser-based redactor that finds patterns like emails, phone numbers, SSNs, credit cards and API keys, then replaces each with a neutral label such as [EMAIL] or [PHONE]. The cleaned version is yours to copy or download. With the PII & Secret Redactor, all of this runs in your browser — no upload, no signup, no AI.

What counts as PII (and gets masked)

The redactor detects nine common entity types using deterministic pattern-matching:

• Email — addresses like john.doe@example.com
• Phone — US-style numbers including +1 and parenthesized area codes
• SSN — the 123-45-6789 format
• Card — 13 to 19 digit card numbers, gated by a Luhn checksum so a random ID or version string is not mistaken for a card
• API key — common prefixes (OpenAI sk-, AWS AKIA, GitHub ghp_, Google AIza, Slack xox) and JWT-shaped tokens
• IP — IPv4 addresses such as 192.168.1.50
• URL, Money, and Date

Each match becomes a bracketed label, so the surrounding sentence stays readable while the sensitive value is gone.

Step by step

1. Open the PII & Secret Redactor.
2. Paste your text into the input box. Matches are masked live, as you type — no button to press.
3. Use the What to mask chips to toggle entity types on or off. All nine start enabled; turn off, say, Date or Money if those are not sensitive in your context.
4. Review the result panel. It shows how many items were masked and a per-type breakdown (for example: 2 Emails, 1 SSN, 1 Card).
5. Click Copy to grab the redacted text, or Download to save it as a redacted.txt file.

A quick worked example. Paste:

Hi, I'm John Doe — reach me at john.doe@example.com or 415-555-0142. My SSN is 123-45-6789.

The output becomes:

Hi, I'm John Doe — reach me at [EMAIL] or [PHONE]. My SSN is [SSN].

Common pitfalls

• It does not catch names. Free-form names like "John Doe" have no fixed pattern, so they are left in place. Delete those by hand.
• Only US-style phones and SSNs. International phone formats and non-US national IDs may slip through. Always eyeball the result.
• Validation is intentional. Card numbers that fail the Luhn check and impossible dates (like 13/32/2026) are left untouched on purpose, to avoid false masking. If a real card is not caught, confirm the digits are valid.
• Large pastes are blocked. Because matching runs on every keystroke, an enormous paste is rejected to keep the tab responsive. Split very long text into chunks.

Why do it locally

The whole point of redaction is to keep sensitive data from leaking. A tool that uploads your text to a server reintroduces the exact risk you are trying to avoid. Here, the text never leaves the page, which makes it safe to scrub logs, support tickets, or anything you are about to paste into a chatbot.

Clean your text before you share it — open the PII & Secret Redactor and paste away.

Try the PII & Secret Redactor →