Sensitive Data Cleaner
Sister tool to the Document Redactor — same detection engine, but instead of black bars we substitute readable placeholders like [EMAIL] and [CARD]. Useful for sharing logs, bug reports, or AI prompts safely.
Clean output
Custom Patterns
Add company codes, internal project names, or any keyword/regex you want masked. Up to 20 patterns.
Cleaning history
Your last 20 cleaning sessions are saved in this browser.
Common Use Cases
- Posting log output to Stack Overflow / Discord — keep customer IDs out of public threads.
- AI prompts — strip names + cards before sending to ChatGPT / Claude / Gemini.
- Bug reports — share the error, not the user.
- Newsletters / drafts — sanitise quotes before publishing.
What this tool does
Paste any block of text and this cleaner strips out the sensitive parts — emails, phone numbers, national IDs, credit cards, IBANs, IP addresses — and swaps them for safe placeholders. It's built for the moment before you share a log, a bug report, a spreadsheet row or a chat message, when you want the content without the personal data.
How to use it
- Paste the text you're about to send or post.
- Choose how matches are replaced (a label, a mask, or a generic placeholder).
- Add custom patterns for anything specific — internal IDs, project names, API tokens.
- Copy the cleaned text and share that instead of the original.
Why it matters
Most data leaks aren't dramatic hacks — they're ordinary people pasting raw text into places that keep it forever. A support ticket, a group chat, a public issue tracker, a pastebin link in an email: all of these quietly archive whatever you drop into them. Run the text through a cleaner first and the customer details, credentials and identifiers simply aren't in the copy you share.
This was a weekly occurrence across my twenty years in IT support — and over that many years, "weekly" adds up to a lot. Someone troubleshooting an API would paste a full request log into a shared ticket to ask for help, with a live bearer token sitting right there in the headers. Or a screenshot of an app error that happened to include a real customer's name, email and order in the background. The token cases were the worst: once a secret lands in a ticketing system or a chat history, you can't un-send it — you have to rotate it and hope nobody copied it first. After enough of those, I started telling everyone the same thing: scrub the paste before it leaves your screen, because afterwards is too late.
— Hill, 20 years in IT supportThe cleaning happens entirely in your browser. Your text — and everything sensitive in it — never leaves your device.
Frequently asked questions
When should I use this?
Any time you're about to paste real text somewhere it will be stored: a support ticket, a public bug report, a group chat, documentation, or an email thread. Clean it first so customer data, credentials and IDs aren't in the copy you share.
Can it remove API tokens and passwords?
It catches common patterns out of the box, and you can add custom patterns for token formats, internal IDs or project names specific to your work. Always review the output, and if a real secret was ever exposed elsewhere, rotate it.
Is my text uploaded for processing?
No. All detection and replacement run in your browser. Nothing you paste is sent to a server.
What's the difference from the document redactor?
They overlap. The cleaner is tuned for swapping sensitive values in free text for placeholders (great for logs and messages); the redactor focuses on blacking out PII. Use whichever fits the text you're sharing.