Catch unmasked PII before it ships.
Paste an API response, fetch a URL, or drop a file. Flags phone numbers, emails, precise location, cards, IDs & tokens — with DPDP/GDPR severity and masking fixes.
🔒 Runs 100% in your browser — nothing is uploaded.
try ·
Drop a .json / .ndjson / .log file
Fetched in your browser; the response is scanned locally — never sent anywhere else. Cross-origin URLs require the server to send CORS headers.
Custom rules — add your own regex patterns
Rules are saved in your browser only. Matches are flagged and masked as [redacted].