Honest Disclosure

What PrivacyScrubber Can't Guarantee

We believe trust is built on honesty. This page explains exactly what PrivacyScrubber can and cannot do — so you can make an informed decision about when and how to use it.

Always review the scrubbed output before copying. PrivacyScrubber uses pattern-matching (regex) — it catches common PII formats reliably, but it is not a legal guarantee of complete anonymization. Human review of the output is always recommended for high-stakes use cases.

What PrivacyScrubber Reliably Detects

Email addresses — all standard formats (user@domain.tld)

US & international phone numbers — including +country-code formats

Social Security Numbers — XXX-XX-XXXX and plain 9-digit patterns

Credit card numbers — 13–16 digit sequences

English proper names — multi-word Capitalized sequences (e.g., "John Michael Doe")

What It May Miss

Lowercase or single-word names

Names like "john" or "alice" (not capitalized) are not detected. The tool requires Capitalized Word sequences. If your document contains informal text, manually check names.

Nicknames and aliases

"Bob" as a standalone name, codenames, or project aliases are not detected unless added as Custom Rules (PRO).

Non-English names

PrivacyScrubber targets English-language documents. Names in Hebrew, Arabic, Cyrillic, CJK, or other scripts are not detected.

Company names used as identifiers

"Acme Corp" may be matched as a name pattern, but "ACME" in all-caps or abbreviated company names likely won't be. Add them as Custom Rules (PRO).

Domain-specific identifiers

Patient IDs, employee numbers, case numbers, policy codes — these vary by organization and are not detectable by generic regex. Use Custom Rules (PRO) to add your own patterns.

Non-standard phone formats

Highly regional or unusual formats (e.g., extensions, formatted differently) may slip through. Standard US and E.164 international formats are covered.

What PrivacyScrubber Cannot Protect Against

Data you have already shared with AI

If you pasted sensitive data into ChatGPT last week, PrivacyScrubber cannot undo that. It only protects future submissions.

Device-level threats

Keyboard loggers, screen recorders, or malicious browser extensions that run on your device can capture text before it reaches PrivacyScrubber.

PRO access on a different browser or device

PRO status is stored in your browser's localStorage. Switching browsers or devices requires using your personal restore link (shown after payment). Get your restore link →

Legal compliance certification

PrivacyScrubber is a technical tool. Using it does not automatically make you GDPR, HIPAA, or CCPA compliant. It significantly reduces your risk, but compliance requires your own legal assessment.

What You Should Do

Always review highlighted entities in the output before copying. Entities are color-coded — quickly scan for any sensitive values the tool may have missed.

Use Custom Rules (PRO) to add organization-specific patterns — employee IDs, case numbers, client codes — that the tool doesn't know about by default.

Do not use PrivacyScrubber as your only protection for documents with known high-risk content. Use it as the first pass, then do a manual review for anything sensitive.

Bookmark your restore link after purchasing PRO — it's shown immediately after payment and lets you re-access PRO on any browser or device.

Back to PrivacyScrubber Browse All Articles