PII Masker for AI Prompts

Scrub names, emails, phone numbers, SSNs, credit cards, IBANs, and IP addresses out of your prompt before pasting into ChatGPT, Claude, or Gemini. Runs entirely in your browser — nothing is uploaded.

Paste the text you want to send to ChatGPT, Claude, or Gemini0 / 12,000 chars

Detection layers

Regex + on-device NERCatches names, organisations, and locations in addition to structured PII.Regex onlyEmails, phones, SSN, cards, IBANs, IP addresses. No AI model download.

How It Works

Paste your prompt

Drop in your draft email, support ticket, log snippet, or any prompt — up to 12,000 characters. Nothing is sent anywhere.

Pick your layers

Regex + NER catches names, organisations, and locations on top of structured PII. Regex-only mode skips the model entirely.

Mask locally

A deterministic regex layer runs first (Luhn-checked cards, mod-97-checked IBANs). BERT NER then runs in a Web Worker for the AI layer.

Copy, prompt, restore

Copy the masked text, run it through ChatGPT/Claude/Gemini, then paste the reply into the Restore panel to recover the real values.

What the PII Masker Detects

The masker runs two cooperating layers, both entirely in your browser. The deterministic regex layer runs first and catches structured PII with high precision. The optional on-device NER layer then catches unstructured PII like personal names that no pure regex can reliably recognise.

Category	Layer	Placeholder	Validation
Email addresses	Regex	`[EMAIL_n]`	RFC 5322 lookalike
Phone numbers	Regex	`[PHONE_n]`	International + national formats
US Social Security Numbers	Regex	`[SSN_n]`	`###-##-####`
Credit card numbers	Regex	`[CARD_n]`	13–19 digits + Luhn checksum
IBANs	Regex	`[IBAN_n]`	Mod-97 checksum (ISO 13616)
IPv4 / IPv6 addresses	Regex	`[IPV4_n]` / `[IPV6_n]`	Octet / hextet range checks
URLs	Regex	`[URL_n]`	`http(s)://` prefix
Person names	BERT NER	`[NAME_n]`	CoNLL-2003 PER class
Organisations	BERT NER	`[ORG_n]`	CoNLL-2003 ORG class
Locations	BERT NER	`[LOC_n]`	CoNLL-2003 LOC class
Other named entities	BERT NER	`[MISC_n]`	CoNLL-2003 MISC class

How to Use the PII Masker

Paste the prompt you intend to send to an AI assistant into the input area.
Pick a detection mode: Regex + NER for maximum coverage, or Regex only for instant deterministic masking.
Click Mask PII. Detected items are replaced with stable placeholders such as [NAME_1], [EMAIL_1], and [PHONE_1].
Click Copy masked text and paste it into ChatGPT, Claude, Gemini, or any other LLM tool.
When the AI replies, open the Restore panel, paste the response and the mapping JSON, and recover the real values locally.
Click Reset when you are done — that wipes the mapping from sessionStorage so it never persists.

Key Features

Two-layer detection — deterministic regex (with Luhn and mod-97 validation) plus on-device BERT NER for unstructured names, orgs, and locations.
Stable placeholders — repeated values get the same token, so the LLM can reason about them as proper nouns.
Restoration round-trip — paste the AI reply back into the Restore panel along with the mapping JSON to recover real values locally.
sessionStorage only — the mapping is wiped when the tab closes; nothing ever lands in localStorage or hits a backend.
Offline after first load — the ~110 MB NER model is cached in IndexedDB on first use; the regex layer works offline immediately.
Regex-only fallback — skip the model download entirely if you only need to mask structured PII.

When to Use a PII Masker

Drafting customer-support replies — strip customer names, emails, and order numbers before asking ChatGPT to rephrase the reply.
Sharing log snippets — remove IP addresses, internal hostnames, and user identifiers before pasting a stack trace into Claude.
Polishing job-application materials — let an AI critique your resume content without exposing the recruiter's contact details.
Summarising private emails — keep sender / recipient identities out of an AI summarisation prompt.
GDPR / HIPAA / SOC 2 reviews — provide an auditable in-browser path for any team member who needs to use an external LLM with internal content.

Why On-Device Detection Matters

Cloud-based PII redaction services typically require uploading the very text you are trying to protect. That defeats the threat model. This tool uses Transformers.js and a Web Worker to run a quantised BERT NER model entirely on your device — the prompt never crosses the network, and the restoration mapping stays in your tab's sessionStorage. Pair it with the upcoming Prompt Secret Scrubber for AWS / GCP / OpenAI API keys, and the Document PII Redactor for full .txt / .md / .docx / .pdf files.

Validation Details

Credit cards. Numbers between 13 and 19 digits are accepted only if they pass the Luhn (mod-10) checksum, eliminating most false positives on order numbers and reference codes.
IBANs. Validated with the ISO 13616 mod-97 algorithm — a country prefix and matching checksum digits are required.
IPv4. Each octet is range-checked (0–255), so timestamp-like sequences are rejected.
NER spans. Aggregated with the Transformers.js simple strategy so multi-token entities (e.g. "Jane Doe", "Bank of America") are merged into a single placeholder.

Frequently Asked Questions

Is my text uploaded anywhere?

No. The regex layer is plain JavaScript and the NER layer runs entirely in your browser via Transformers.js and a Web Worker. The text you paste never crosses the network.

What kinds of PII does it detect?

Emails, phone numbers, US SSNs, credit cards (Luhn-validated), IBANs (mod-97-validated), IPv4 / IPv6, and URLs via the regex layer; names, organisations, locations, and miscellaneous entities via the BERT NER layer.

Can I send the masked text to ChatGPT safely?

Yes — that is exactly the workflow. Once values are replaced with [NAME_1], [EMAIL_1], etc., the prompt no longer contains the originals. Paste the AI reply back into the Restore panel with your mapping to recover them.

Where is the restoration mapping stored?

Only in sessionStorage of the current browser tab. It disappears when the tab closes and never reaches localStorage or a backend. You can also download the mapping as JSON if you want to keep it across tabs.

Why is the first masking slower?

Regex + NER mode triggers a one-time ~110 MB download of the BERT NER model and caches it in IndexedDB. Subsequent runs reuse the cache. Regex-only mode requires no model.

Will it catch every name?

No NER model is perfect. BERT-base-NER is accurate on Western personal names and known organisations but can miss nicknames, single-word names, and rare entities. Eyeball the masked text before pasting.

Does it work offline?

Yes. Once the NER model is cached you can mask text with no connection. Regex-only mode is offline-capable out of the box.

Which model powers the NER layer?

Xenova/bert-base-NER — an ONNX conversion of dslim/bert-base-NER (Apache 2.0). BERT-base fine-tuned on CoNLL-2003 for PER / ORG / LOC / MISC tagging.

Privacy & Security

Every step of detection runs locally — the regex layer in plain JavaScript and the NER layer through Xenova/bert-base-NER inside a Web Worker. The restoration mapping is held in this tab's sessionStorage only and is wiped when the tab closes. No prompt, no detection result, and no mapping ever reaches our servers or any third party.