How it works
Local-only scrubbing, explained
This tool runs entirely in your browser. No uploads, no telemetry, no analytics. Your data never leaves your device.
Local-only scrubbing
This tool runs entirely in your browser. No uploads, no telemetry, no analytics. Your data never leaves your device.
- Scrubbing runs inside a Web Worker to keep the UI responsive.
- Input stays in memory during processing.
- Data is cleared when you refresh or close the page.
Detection approach (deterministic)
Detection uses regex, structural validation, and entropy checks. There are no AI or LLM calls.
- Default mode scrubs high-confidence matches.
- Aggressive mode expands matching at the cost of more false positives.
Scrub modes
- Redact: irreversible placeholders (e.g., [EMAIL_REDACTED]).
- Token-map: stable tokens (e.g., [[EMAIL:1]]) plus mapping.jsonl that can restore originals.
- Hash: salted SHA-256 digests for consistent, non-reversible identifiers.
Outputs
You can export:
- Scrubbed output
- report.json summary (counts, offsets, types) without original values
Token-map warning: mapping.jsonl contains original sensitive values. Treat it like the unsanitized input and encrypt it before storing or sharing.
Safety checklist
- Keep Aggressive off unless you need extra coverage.
- Use a private salt in Hash mode if you need consistent results over time.
- Encrypt mapping.jsonl before sharing or storing off-device.
- Avoid scrubbing on shared or untrusted devices.
Limitations
- Regex and heuristics are not guaranteed to catch everything.
- Always review scrubbed output before sharing externally.