axiomape.com

Regex Content Redaction Tool: Strip and Replace PII Patterns Locally

Paste any text, write a regular expression, and instantly sanitize matching substrings. Emails, phone numbers, SSNs, credit cards, or any custom pattern. Runs entirely in your browser.

Raw Input and Rules Engine
Regex Rules Builder
Regex Flags
Live Sanitized Output
Total Matches Found 0
Characters Removed 0
Input Length 0
Copied!
Key Terms Explained
Regular Expression (Regex)
A compact syntax for describing text patterns. A regex like \d{3}-\d{2}-\d{4} matches exactly three digits, a hyphen, two digits, a hyphen, then four digits. The JavaScript engine tests your pattern against every position in the input string.
Redaction
The deliberate removal or masking of sensitive information in a document. In this tool, redaction means replacing matched substrings with a placeholder (such as [REDACTED]) or deleting them entirely so the original data can no longer be read.
Substring
Any contiguous slice of characters within a larger string. If your full string is "Call 555-0100 now," then "555-0100" is a substring. Regex redaction targets specific substrings matching a pattern, leaving the surrounding text untouched.
PII (Personally Identifiable Information)
Any data that can be used on its own or in combination to identify, contact, or locate a specific person. Common examples include full names, email addresses, phone numbers, Social Security Numbers, and credit card numbers. Properly redacting PII reduces legal and security exposure.
Capture Group
A portion of a regex pattern enclosed in parentheses. Capture groups let you isolate sub-matches for back-referencing in the replacement string. For example, the pattern (\d{3})-(\d{4}) has two groups: the first captures the area prefix and the second captures the line number.
Global Flag (g)
A regex modifier that tells the engine to find every match in the string rather than stopping after the first. For bulk content redaction you almost always want the global flag on, since you need to catch every occurrence of a phone number or email, not just the earliest one in the text.
Syntax Error
An invalid regex pattern that the engine cannot parse. Common causes include unclosed parentheses, stray backslashes, invalid character class brackets, or quantifiers applied to nothing. This tool catches syntax errors with a try/catch block and shows a red warning instead of crashing.
Replacement String
The text that replaces each matched substring during redaction. Set it to [REDACTED], XXX, or any other marker you prefer. Leave it completely empty to delete matches without leaving any trace in the output. Back-references like $1 reference capture groups from the pattern.

The Complete Guide to Regex-Based Text Redaction and PII Sanitization

Regex redaction is the fastest way to strip sensitive patterns from raw text before sharing a document, seeding a database, or processing customer records. This guide explains the mechanics, covers the most useful patterns for real-world PII, and answers the questions that come up most often.

How to Use This Tool

Start by pasting your raw text into the left panel. Then either click a Quick-Insert Preset button to load a standard PII pattern (email, phone, SSN, or credit card), or type your own custom regex directly into the Regex Pattern field. The output panel on the right updates instantly as you type. Use the flag checkboxes to control case sensitivity and multiline behavior. Check the Telemetry bar below the panels to confirm the match count and see how many characters were removed. When the output looks correct, click Copy Sanitized Text or Download .txt to retrieve the cleaned document.

A regular expression (regex) is a sequence of characters that defines a search pattern. The regex engine scans your text from left to right, comparing each position against your pattern. When a portion of the text satisfies all the rules in the pattern, that portion is called a match. You can then replace every match with a fixed string (such as [REDACTED]) or with an empty string to delete it entirely.

For example, the pattern [0-9]{3}-[0-9]{2}-[0-9]{4} matches any text that looks like a US Social Security Number in dashes-separated format: three digits, a hyphen, two digits, a hyphen, then four digits. The engine finds every such sequence in your text and hands each one to the replacement step.

Regex patterns can include literal characters, character classes (like [a-z] for any lowercase letter), quantifiers (like + for one or more), anchors (like \b for a word boundary), and capture groups (parentheses that isolate a sub-match for back-referencing in the replacement string).

Click the Email Address preset button in the Quick-Insert Presets row. This loads the pattern [a-zA-Z0-9._%+\-]+@[a-zA-Z0-9.\-]+\.[a-zA-Z]{2,} into the Regex Pattern field and activates the Global (g) and Case-Insensitive (i) flags automatically.

Paste your text into the Raw Input area. Every string that matches the standard email format (local-part @ domain . tld) is immediately replaced in the right panel with whatever text you have in the Replacement String field (default: [REDACTED]).

If you want to delete the addresses entirely rather than replace them with a placeholder, clear the Replacement String field so it is blank. The telemetry bar will still report how many addresses were found and how many characters were removed, confirming the operation worked.

Yes. The Replacement String field controls what each match is replaced with. The default value is [REDACTED], but you can set it to anything you like, including nothing at all.

To delete matched substrings without leaving a placeholder, simply clear the Replacement String field so it is completely empty. The regex engine will then replace every match with an empty string, effectively removing it from the output while leaving the surrounding text intact.

The Telemetry panel will still report how many matches were found and how many total characters were removed, so you can verify the operation worked as expected even when the output does not show any visible replacement tokens.

Without the global flag, JavaScript's String.prototype.replace() only replaces the first match it finds in the entire string, then stops. With the global (g) flag enabled, the replace operation continues scanning from where the previous match ended and replaces every non-overlapping match in the text.

For content redaction, you almost always want the global flag on, because you need to catch every occurrence of a phone number or email address in the document, not just the first one. This tool enables the global flag by default.

You can toggle it off if you specifically need to replace only the first match for debugging or testing purposes. The Telemetry bar reflects the actual number of replacements made under whichever flag combination you have active, so you can see the difference immediately.

Yes. This tool runs entirely inside your browser. Your text is never sent to AxiomApe servers or any third-party service. The regex evaluation, string replacement, and output rendering all happen in local JavaScript memory on your own device. When you close or reload the tab, all text is discarded.

There are no cookies tracking your input content, no analytics logging what patterns you enter or what text you paste, and no network requests made after the page finishes loading. You can verify this by opening your browser's Network panel in DevTools: you will see zero outbound requests triggered by the tool while you type.

The Privacy Guaranteed badge at the top of the page reflects the same guarantee applied to every tool on AxiomApe: nothing you enter here ever leaves your computer.