liminfo

Data Masking Tool

Free web tool: Data Masking Tool

About Data Masking Tool

The Data Masking Tool automatically detects and obfuscates personally identifiable information (PII) in any text or JSON input. It uses client-side regular expression pattern matching to find and replace five categories of sensitive data: email addresses (e.g., john@example.com → j***@e***.com), US Social Security Numbers in XXX-XX-XXXX format (→ ***-**-XXXX), credit card numbers in XXXX-XXXX-XXXX-XXXX format (→ ****-****-****-XXXX), phone numbers in common US formats (→ ***-***-XXXX), and IPv4 addresses (→ A.***.***.***). Each category is detected and counted independently, and the masked output is shown alongside a summary of how many of each type were found.

Developers, QA engineers, and data analysts use this tool to sanitize log files, API responses, database exports, and user-submitted text before sharing them with colleagues, pasting into bug trackers, or including in documentation. Data masking is a critical practice for GDPR and CCPA compliance — it allows teams to work with realistic data structures while preventing actual PII from being exposed in non-production environments.

All processing happens entirely within the browser using JavaScript regular expressions. No text is ever sent to a server, stored in a database, or logged anywhere. This makes the tool safe to use even with real customer data for testing purposes. The masked output preserves the structure and format of the original text — only the sensitive portions are replaced — so the result remains readable and contextually meaningful.

Key Features

  • Automatic email address masking: preserves first character and domain initial, masks the rest
  • US Social Security Number (SSN) detection and masking — shows only the last 4 digits
  • Credit card number masking — shows only the last 4 digits, masks all other groups
  • Phone number masking for common US formats (with parentheses, dashes, dots, or spaces)
  • IPv4 address masking — preserves first octet, masks the remaining three octets
  • Real-time detection counter showing how many of each PII type were found
  • Masked output preserves original text structure; non-sensitive content is unchanged
  • 100% client-side processing — no data ever leaves your browser

Frequently Asked Questions

What types of sensitive data does this tool detect and mask?

The tool detects and masks five categories: (1) email addresses, (2) US Social Security Numbers in XXX-XX-XXXX format, (3) credit card numbers in 16-digit grouped format, (4) US phone numbers in various formats with area code, and (5) IPv4 addresses. Each category is processed independently and counted.

Is it safe to paste real customer data into this tool?

Yes. All processing is done entirely client-side using JavaScript in your browser. No data is transmitted to any server, stored in a database, or accessible by any third party. The tool runs completely offline after the page loads. However, always use judgment and follow your organization's data handling policies.

How does the email masking work?

Email addresses are masked by keeping the first character of the local part (before @), replacing the rest with ***, then keeping the first character of the domain and replacing the rest with ***, and appending .com. For example, john.doe@gmail.com becomes j***@g***.com. The format is preserved but the identity is obscured.

How is the SSN masked?

SSNs in the format XXX-XX-XXXX are masked to ***-**-XXXX — the last 4 digits are preserved while the first two groups are replaced with asterisks. This is the standard partial masking format used in US financial and government contexts, where the last 4 digits are considered a safe identifier.

What credit card formats does the tool recognize?

The tool recognizes 16-digit credit card numbers with groups separated by spaces, dashes, or no separator. It replaces the first three groups with ****-****-**** and keeps the last 4 digits visible. This matches the PCI DSS partial display standard used by payment processors.

Can I use this to mask data in JSON files?

Yes — the tool processes plain text, which includes JSON. Paste your JSON directly into the input area. The masking is applied to the entire text content, so email addresses, phone numbers, and other PII within JSON string values will be masked. The JSON structure itself (keys, brackets, quotes) is preserved.

Does the tool handle non-US phone number formats?

The current implementation is optimized for US phone number formats: (555) 123-4567, 555-123-4567, 555.123.4567, and similar patterns with a 3-digit area code followed by a 7-digit number. International formats with country codes (+1, +44, etc.) may not be fully detected. For international use, verify the output carefully.

What is data masking used for in software development?

Data masking is used to create anonymized versions of production datasets for use in development, testing, and QA environments. It prevents real customer PII from being exposed to developers and testers who do not need it. It is also used before sharing logs with external support teams or including data examples in documentation and bug reports.