All tools

Paste & Clear PII Scrubber

Security

Paste text to auto-redact emails, API keys, JWTs, webhooks, and other sensitive data.

Redaction rulesAll types enabled

All scrubbing runs in your browser. Nothing is sent to a server.

About the Handiwork Paste & Clear PII Scrubber

The Paste & Clear PII Scrubber finds and redacts sensitive information from any text you paste — emails, phone numbers, API keys, JWTs, webhook URLs, database connection strings, and more. Click Paste & scrub for a one-step workflow, or type directly and watch redaction happen automatically. Match counts show what was removed, presets let you focus on secrets or personal info, and everything runs locally in your browser so nothing is ever uploaded.

How to use the Handiwork Paste & Clear PII Scrubber

  1. Click Paste & scrub (or paste/type your text) — redaction runs automatically.
  2. Review the match counts and scrubbed output labeled Safe to share.
  3. Copy the redacted text. Adjust presets or rules if needed, then click Regenerate.

What is PII and why redact it?

PII (Personally Identifiable Information) and secrets include email addresses, phone numbers, Social Security numbers, credit cards, IP addresses, API keys, and access tokens. Accidentally sharing them in a screenshot, support ticket, log dump, or public repository can lead to spam, account takeover, or compliance violations — so removing them first is a simple but important safeguard.

What the scrubber detects

By default, all rule types are enabled: email addresses, phone numbers, SSNs, credit card numbers, IP and MAC addresses, API keys and bearer tokens, Slack and Discord webhook URLs, JWT tokens, passwords and secrets in config files (key=value), URLs and database connection strings with embedded credentials, and PEM private keys. Each category can be toggled individually under Redaction rules.

Presets for quick control

Use Everything to redact all supported types — the default for most sharing scenarios. Secrets only targets API keys, JWTs, config secrets, credential URLs, connection strings, and private keys while leaving personal identifiers like emails untouched. Personal info focuses on emails, phones, SSNs, credit cards, and IP/MAC addresses. Your rule choices are saved locally in your browser for next time.

Private by design

Because scrubbing happens entirely in your browser, the sensitive text you paste is never uploaded anywhere. That matters: a tool built to protect secrets should never transmit them. Only your redaction rule preferences are stored locally — not the text you scrub.

Frequently asked questions

What kinds of data can it detect?

It detects email addresses, phone numbers, Social Security numbers, credit card numbers, IP and MAC addresses, API keys and bearer tokens, Slack and Discord webhook URLs, JWT tokens, passwords and secrets in config files, URLs and database connection strings with credentials, and PEM private keys. Match counts show how many of each type were redacted. Always review the output before sharing — no automated tool catches everything.

Does my pasted text get uploaded?

No. All detection and redaction runs locally in your browser, so nothing is sent to a server. Only your redaction rule preferences are saved in local storage for convenience.

Do I need to click a button to scrub?

Redaction runs automatically when you paste or type text. If you change presets or individual rules afterward, click Regenerate to update the output with your new settings.

What are the presets for?

Everything redacts all supported types. Secrets only targets keys, tokens, webhooks, config secrets, credential URLs, connection strings, and private keys. Personal info targets emails, phones, SSNs, credit cards, and IP/MAC addresses. You can also fine-tune individual rules in the Redaction rules panel.