The token→original map lives in RAM only. Page close = instant, permanent wipe. No localStorage. No cookies. No traces.
When you scrub text, the sessionMap object is created in JavaScript memory.
Reverse Scrub reads the RAM map to restore originals. No disk access.
Close tab = RAM released. No recovery possible. Zero forensic footprint.
![Zero-Trust PII Detection pipeline — raw document with PII passes through the PrivacyScrubber shield, producing anonymized tokens like [NAME_1] and [EMAIL_2]](/features/pii-detection-hero.png)
PrivacyScrubber's session-only memory processes your data 100% locally in browser memory. No server ever sees your content — verified by our Airplane Mode test. This Zero-Trust Data Sanitization (ZTDS) architecture meets enterprise security standards out of the box.
Auditors need proof that no PII is stored. Session-only memory means there's nothing to find — no database, no localStorage, no cookies. The 10-second airplane-mode test proves it.
CISOs evaluating AI tools need zero-trust guarantees. PrivacyScrubber's architecture passes the strictest data residency requirements because data never leaves browser RAM.
Healthcare organizations require PHI to be processed ephemerally. Session-only memory ensures patient data exists only during the active browser session.
Law firms cannot risk client data appearing in any persistent storage. Session memory ensures privileged information vanishes the moment the browser tab closes.
No. PrivacyScrubber uses zero localStorage, zero cookies, zero IndexedDB, zero sessionStorage. The only storage is a JavaScript object in RAM that is garbage-collected when the tab closes.
No. JavaScript runtime memory is released by the browser and cannot be recovered by any forensic tool. There is nothing to recover.
Open DevTools → Application tab → inspect Storage (localStorage, sessionStorage, cookies, IndexedDB). All will be empty. Then disconnect Wi-Fi and confirm the tool still works — proving zero server dependency.