Logo

MonoCalc

/

Data Masking Tool

Encode/Decode

Auto PII Detection

(Email, SSN, Credit Card, Phone, IP, API Keys)

About This Tool

🛡️ Data Masking Tool – Protect PII & Secrets Before Sharing

The Data Masking Tool lets you safely sanitize logs, API responses, database exports, and configuration snippets by replacing sensitive values with masked equivalents — while preserving the overall structure of your data. Whether you need to redact personally identifiable information (PII) before filing a bug report or generate realistic test records from production data, this tool runs entirely in your browser so your data never leaves your device.

🔍 Auto-Detected PII Types

Enable Auto PII Detection to instantly identify and mask the most common sensitive data types without any configuration:

PII TypePattern ExampleDetection Regex
Emailjohn@example.com[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,}
SSN123-45-6789\d{3}-\d{2}-\d{4}
Credit Card4111-1111-1111-1111\d{4}[- ]?\d{4}[- ]?\d{4}[- ]?\d{4}
Phone555-867-5309\(?\d{3}\)?[.\- ]?\d{3}[.\- ]?\d{4}
IPv4192.168.1.100\d{1,3}(\.\d{1,3}){3}
API Keysk-abc123...xyz[A-Za-z0-9_\-]{32,}

🎭 Masking Strategies Explained

Choose the strategy that best fits your use case. Each mode transforms matched values differently while leaving non-sensitive content intact.

Full Redaction

Replaces every character of the matched value with the mask character. Use when the data consumer must not see any portion of the original value.

john.doe@company.com********************

Partial Reveal

Keeps a configurable number of leading and trailing characters visible, masking only the middle. Ideal for UI displays where you need to confirm an identity without exposing the full value (e.g., ****@example.com).

123-45-6789 (prefix 3, suffix 4) → 123-***-6789

Format-Preserving

Replaces digits with random digits and letters with random letters while preserving all punctuation and structure. The output is structurally valid but contains no real data — perfect for generating test datasets from production records.

4111-1111-1111-11117382-5940-2817-3056

Fixed Placeholder

Replaces the entire matched value with a descriptive semantic tag regardless of the original length. Makes redacted areas self-documenting in logs and reports.

alice@example.com[EMAIL_REDACTED]

Pseudonymization

Generates a deterministic token from a user-supplied seed so the same input always produces the same masked output. Enables consistent cross-record anonymization where referential integrity matters (e.g., joining tables on a masked user ID).

John Doe (seed: mySeed42) → USR_a3f9b21c

🎯 Targeting Specific Fields

Beyond auto-detection, you can supply a comma-separated list of target field names or regex patterns to mask domain-specific sensitive values. For example, entering api_key, internal_id, employee_number will match those literal strings as patterns in your input. An exclusion listlets you whitelist fields like id, timestamp that should always pass through unmasked — even if they match an auto-detected pattern.

📊 Masking Coverage Meter

After applying masking, the tool displays a coverage percentage — the ratio of masked characters to total input characters. A low coverage (green) means only a small fraction of your data was sensitive. High coverage (red) may indicate an overly aggressive masking configuration. The Summary Table tab provides a per-occurrence breakdown showing the PII type detected, strategy applied, original value, and its masked counterpart. The Side-by-Side Diff tab shows original vs. masked output for easy visual comparison.

🔒 Privacy & Security

All masking is performed entirely in your browser using client-side JavaScript. No input data is transmitted to any server, logged, or stored anywhere beyond your browser session. This makes the tool safe for use with real production data, customer PII, and internal secrets — you remain in full control at all times.

💡 Common Use Cases

  • Bug reports & support tickets — Paste a JSON payload, mask emails and tokens, then share the sanitized version with a third-party support team.
  • Test data generation — Use format-preserving mode on a production CSV export to produce a structurally identical but anonymized dataset for staging environments.
  • Documentation examples — Replace real API keys and credentials in code snippets before publishing tutorials or README files.
  • GDPR / CCPA compliance demos — Demonstrate data anonymization workflows to auditors without exposing real customer records.

Frequently Asked Questions

Is the Data Masking Tool free?

Yes, Data Masking Tool is totally free :)

Can I use the Data Masking Tool offline?

Yes, you can install the webapp as PWA.

Is it safe to use Data Masking Tool?

Yes, any data related to Data Masking Tool only stored in your browser (if storage required). You can simply clear browser cache to clear all the stored data. We do not store any data on server.

How does the Data Masking Tool work?

The tool scans your input text or structured data for sensitive values using built-in PII patterns (emails, SSNs, credit cards, phone numbers, IP addresses) or your custom field targets. It then applies your chosen masking strategy — full redaction, partial reveal, format-preserving, fixed placeholder, or pseudonymization — and outputs the sanitized result alongside a summary of what was masked.

What masking strategies are available?

Five strategies are supported: Full Redaction replaces every character with the mask character; Partial Reveal keeps a configurable number of leading and trailing characters visible; Format-Preserving replaces digits with random digits and letters with random letters while preserving structure; Fixed Placeholder replaces the entire value with a semantic tag like [EMAIL_REDACTED]; and Pseudonymization generates a deterministic token from a seed so the same input always produces the same masked output.

Is my data sent to any server?

No. All processing happens entirely in your browser using client-side JavaScript. Your input data never leaves your device, making this tool safe for masking real production data, logs, and configuration files.

What PII types are auto-detected?

The tool automatically detects email addresses, US Social Security Numbers (SSNs), credit card numbers, US phone numbers, IPv4 addresses, and API keys/tokens using industry-standard regex patterns. You can also supply custom field names or regex patterns to target additional sensitive fields specific to your data.

What is format-preserving masking and when should I use it?

Format-preserving masking replaces digits with random digits and letters with random letters while keeping all other characters (spaces, dashes, symbols) in place. The result looks structurally identical to the original — e.g., a credit card number still looks like a credit card number — making it ideal for generating realistic test data from production records without exposing the actual values.

How accurate is the masking coverage percentage?

The coverage percentage is calculated as (number of masked characters ÷ total input characters) × 100, rounded to one decimal place. It reflects only characters that were actually replaced — structural tokens, whitespace, and unmasked fields are excluded from the numerator but included in the denominator.