PII Scrubber

Remove personal info before sending text to AI

Input — paste text with PII

Detect

📧 Email 📞 Phone 💳 Credit card 🔢 SSN 🌐 IP address 🔑 API keys 🔗 URLs 👤 Names (beta)

Scrubbed output

📚

Learn more — how it works, FAQ & guide

Click to expand

Free PII scrubber — remove sensitive data before using AI

Toololis PII Scrubber detects and replaces personally identifiable information with placeholders — so you can safely use ChatGPT, Claude, or any AI service without leaking customer data, compliance violations, or privacy breaches. All processing is client-side.

How to use this tool

1
Paste sensitive text
Any text — emails, documents, chat logs, support tickets, customer data.
2
Review detected items
Each PII type (email, phone, SSN, etc.) is highlighted in real time with a count.
3
Copy scrubbed output
Replaces detected PII with placeholders. Ready to paste into ChatGPT, Claude, or any external service.

Why this matters in 2026

GDPR fines up to €20M or 4% of revenue for data leaks
CCPA / California: $7,500+ per intentional violation
HIPAA (US healthcare): $50K+ per violation
Enterprise contracts often forbid sharing customer data with third-party AI
Training data risk: OpenAI may use your inputs unless on zero-retention enterprise plan

What we detect

📧 Email: user@domain.tld format
📞 Phone: US (+1 555-123-4567), EU (+49 30 12345678), international
💳 Credit card: Luhn-validated 13-19 digit numbers (Visa, MasterCard, Amex, etc.)
🔢 SSN: US format XXX-XX-XXXX
🌐 IP: IPv4 and IPv6 addresses
🔑 API keys: OpenAI (sk-), Anthropic (sk-ant-), Stripe, AWS (AKIA)
🔗 URLs: http(s) links (optional — might strip too much)
👤 Names: Beta: "Dear X", "Mr./Ms. X", "by X" patterns. Not fully reliable without NLP.

Frequently Asked Questions

What is PII?

Personally Identifiable Information — data that can identify a specific person: names, emails, phone numbers, credit cards, SSN, addresses, IP addresses. Regulated under GDPR, CCPA, HIPAA.

Why scrub PII before sending to AI?

OpenAI, Anthropic, Google may use your API inputs to train models (depending on your plan). Even on zero-retention plans, you shouldn't leak customer PII to third parties. This tool lets you use AI without risking compliance violations.

What types does this detect?

Email addresses, phone numbers (US/EU format), credit cards (Luhn-validated), SSN (US), IP addresses, URLs, addresses with number+street, common name patterns ("Dear Mr./Ms. X"), API keys.

Is detection 100% perfect?

No — especially for names, which require full NLP. Regex catches structured PII reliably. Always review output before using.

Can I restore the original?

Yes — keep the original text. The scrubbed version has placeholders like [EMAIL_1], [PHONE_2] that you can map back. The tool provides a reference key.

Is my text sent anywhere?

No. 100% client-side. Regex runs in your browser. Paste confidential company data safely.

What about API keys?

We detect OpenAI (sk-...), Anthropic (sk-ant-...), Stripe, AWS AKIA keys. If you accidentally pasted one, this tool warns you.

{ }