Privacy by architecture, not policy
Every tool in this suite is designed so your data physically cannot leave the browser. There is no upload endpoint to compromise.
Tools in this suite
OCR Privacy Redactor
Upload a scanned document or screenshot. OCR runs locally (Tesseract.js), auto-detects PII, and exports a redacted PNG. Includes batch templates for Medical, Financial, Legal, and HR documents.
Open tool →
.env Deep Sanitizer
Paste or drop a .env, .yaml, .json, or TypeScript config and redact API keys, tokens, and secrets. Download a clean .env.example with values replaced by placeholder types.
Open tool →
JWT Debugger
Decode JWT headers and payloads, inspect claims, and verify HMAC-SHA256 signatures — entirely in your browser. Your tokens never leave the tab.
Open tool →
Redaction templates
Available in the OCR Redactor after OCR analysis. One click applies a template to the detected PII.
| Template | PII types auto-selected | Example documents |
|---|---|---|
| 🏥 Medical Record | SSN, Email, Phone, Date (DOB), ZIP Code | Discharge summaries, referral letters, insurance forms |
| 💰 Financial Document | Credit Card, SSN, Email, Phone | Bank statements, invoices, tax returns |
| ⚖️ Legal Contract | SSN, Email, Phone, ZIP Code, Passport No. | NDAs, employment contracts, court filings |
| 👤 HR Document | SSN, Email, Phone, Date (DOB), ZIP Code | Resumes, onboarding forms, performance reviews |
Always review the detected overlays before exporting — click any region to manually add or remove it from the redaction.
Ready to redact?
Start with the OCR Redactor for scanned documents, or the .env Sanitizer for config files.
🛡️ Verify zero uploads — open DevTools → Network tab
Open your browser's DevTools (F12), go to the Network tab, and use this tool. You will see zero outbound requests — all processing runs inside your browser sandbox via WebAssembly or pure JavaScript. Nothing you paste or upload is ever sent anywhere.
Frequently Asked Questions
Does anything leave my browser?
No. All tools in this suite run entirely in your browser. OCR uses Tesseract.js WebAssembly — your documents are never uploaded. The .env sanitizer uses JavaScript regex — your config values are never sent anywhere. Open DevTools → Network on any tool page to verify zero outbound requests.
What is a redaction template?
Templates are pre-configured sets of PII types matched to common document categories. 'Medical Record' selects SSN, email, phone, dates, and ZIP codes. 'Financial Document' selects credit card numbers, SSN, email, and phone. Applying a template auto-selects all detected PII of those types in one click, rather than reviewing each finding individually.
Is the OCR accurate enough for compliance use?
Tesseract.js is accurate for printed, clear text at 150+ DPI. It struggles with handwriting, low-resolution scans, and unusual fonts. For compliance use, always review the detected PII overlays before exporting — the tool shows red outlines around every detection so you can add or remove redactions manually before downloading.
What file formats are supported?
The OCR Redactor accepts PNG, JPG, and WebP images. PDF support is on the roadmap. The .env Sanitizer accepts plain text files including .env, .yaml, .json, and .ts config files.
Want unlimited access + saved history?
Pro is $9/month · 30-day money-back guarantee.