Define your own regex patterns — project codes, internal IDs, domain-specific identifiers caught and tokenized automatically.
Open the Custom Rules panel and define a regex pattern + label.
Paste sample text to see matched entities highlighted in real-time.
Custom matches become [CUSTOM_N] tokens, processed alongside built-in types.
![Zero-Trust PII Detection pipeline — raw document with PII passes through the PrivacyScrubber shield, producing anonymized tokens like [NAME_1] and [EMAIL_2]](/features/pii-detection-hero.png)
PrivacyScrubber's custom redaction rules processes your data 100% locally in browser memory. No server ever sees your content — verified by our Airplane Mode test. This Zero-Trust Data Sanitization (ZTDS) architecture meets enterprise security standards out of the box.
DevOps teams define regex for AWS keys (AKIA...), GitHub tokens (ghp_...), and Stripe keys (sk_live_...) to catch credentials before they reach AI debugging tools.
Banks define custom patterns for internal account numbers (e.g., XX-XXXXXX-XX) that standard PII detection doesn't cover.
Hospitals define regex for Medical Record Number formats specific to their EMR system — catching identifiers that generic PII detection would miss.
Consulting firms define patterns for internal project codes (e.g., PRJ-2026-XXXX) to prevent confidential engagement identifiers from appearing in AI outputs.
Use standard JavaScript regex syntax. For example, to catch AWS access keys: /AKIA[0-9A-Z]{16}/. The Custom Rules panel includes a real-time tester.
Custom rule definitions (patterns only, never data) can be saved locally if you enable the PRO rule persistence option. Matched data is never stored.
Custom rules are processed first (sorted by pattern length, descending) to ensure domain-specific patterns take priority over generic built-in detection.