Free scanner — nothing uploaded

Find SSNs, card numbers, and PII in your documents.

Drop a PDF or image. We'll flag Social Security numbers, credit cards, phone numbers, and emails — all in your browser. Then redact them in one click.

Upload a file to scan

PDF, PNG, JPG, WebP · up to 50MB · stays on your device

PDFs are scanned up to 10 pages. For longer documents, use the main redactor →

Your file stays on your device. We never see it, upload it, or send any part of it to a server.
How we built it this way →

This page is a preview. The full redactor does the scan and the redaction.

When you drop a file into the main redactor, it runs the same OCR pass you see here, highlights each SSN / card / phone / email as a draggable box on the document, and also catches names, addresses, and dates of birth that this preview can't match structurally. Then it lets you paint opaque pixels over the regions and export a clean file.

Use this page for a quick “is there anything sensitive in here?” check before you decide to redact. Use the main redactor when you're ready to actually remove it.

What the scanner looks for

Seven categories of personally identifying information that have structurally verifiable shapes. The scanner is strict on purpose: every flag passes a structural check (Luhn for card numbers, SSA area-number validity for SSNs, IRS prefix validity for EINs) so false positives stay low.

Social Security Numbers

9-digit XXX-XX-XXXX shapes, rejecting ranges the SSA never issued (000, 666, 900+) and all-zero segments. ITINs (9XX-XX-XXXX) are flagged separately.

Credit / debit card numbers

13 to 19 digits with Luhn checksum validation. A random 16-digit number is almost never Luhn-valid by accident — so a hit here is almost always a real card number.

Employer Identification Numbers

XX-XXXXXXX shapes with a valid IRS campus prefix. Common on tax documents, W-9s, and business filings that get forwarded without redacting.

Phone numbers

North American Numbering Plan — 10 digits with area code, with or without parens, hyphens, or country code. Deduplicated when they overlap a card-number match.

Email addresses

Standard name@domain.tld shapes. Rarely a false positive because the @-dot-tld pattern almost never occurs in document text unless it really is an email.

US passport numbers

Only flagged when the word 'passport' appears elsewhere in the document — an alphanumeric 9-character sequence is too generic to flag without context.

What this preview does NOT catch

Honest disclosure. If you need any of the below, the main redactor handles them — this page is a quick-read preview, not a comprehensive audit.

  • Names, addresses, and dates of birth. These need context to identify (is “John Smith” PII or a public name?). The main redactor highlights candidate name, address, and DOB regions from OCR structure — this preview intentionally sticks to strictly structured numeric PII.
  • Account numbers, routing numbers, policy numbers. Too many institution-specific shapes; flagging every 9-digit number as a routing number would produce constant false positives.
  • Handwritten text. OCR reads printed characters only. Signatures and margin notes usually come back as garbled nonsense.
  • PDFs over 10 pages. We cap the preview at the first 10 pages to keep scan times bounded. Open the file in the main redactor for longer documents — it processes per page and handles up to 100 pages on paid tiers.
  • International formats. Phone numbers outside the North American Numbering Plan, non-US tax IDs, and foreign passports aren't matched. They silently pass through and won't appear in the results.

Ready to redact? Open the full tool.

The main redactor highlights the same PII patterns as boxes on the document, catches names and addresses this preview can't, and lets you paint opaque pixels over them — no text layer, annotation, or metadata survives the export. One free redaction per day, no account required.

Redact a document

Already redacted and want to double-check? Run it through /verify →

Why preview before redacting

Most people who redact a document know what they're aiming at — the SSN, the account number, the address. What they miss is the second and third occurrence on page 4, the card number buried in an attached receipt, the email on a signature block they forgot was there. The preview is for catching those, not the thing you already remembered.

The masked previews (“***-**-1234”, “**** **** **** 1111”, “m***@example.com”) show enough for you to locate each hit in your original document without this page ever rendering the full secret on screen. That's deliberate: if the scanner has to show you the SSN to be useful, the scanner itself becomes a leak risk.

Once you've confirmed the hits are real, click “Redact this file” above — the same file hands straight off to the main redactor with no re-drop, no re-upload.