MessyMatch
Runs in your browser. File never uploaded

Remove PII from a CSV file. Fast, free, browser-only

Strip emails, names, phone numbers, Spanish DNIs/NIEs/NIFs, IBANs and credit cards from any CSV. Auto-detection pre-suggests sensitive columns. Choose redact, hash, fake or reversible pseudonymization per column.

Drop a file to anonymize

CSV, TSV, TXT or Excel. Runs in your browser, never uploaded.

Supported: .csv, .tsv, .txt, .xlsx, .xls

What counts as PII

PII (Personally Identifiable Information) is any data point that, alone or combined with others, can identify a specific person. Under GDPR this includes names, emails, phone numbers, government IDs, biometric data, IP addresses and online identifiers. Direct PII (a customer's email) is obvious; indirect PII (their postal code + birth date + employer) is sneakier.

  • Direct identifiers: name, email, phone, government ID, IBAN, credit card
  • Quasi-identifiers: city, postal code, employer, birth date (PII when combined)
  • Sensitive special categories: health, biometric, religious, political (GDPR Art. 9)
  • Online identifiers: IP, cookies, advertising IDs

Three steps to a PII-free CSV

  1. 1
    Drop the CSV
    Parsing is in your browser. The file never reaches our servers.
  2. 2
    Review detected PII columns
    Spanish DNI/NIE/NIF, IBAN, email, phone, full name and credit card patterns are auto-detected. Apply suggestions in one click.
  3. 3
    Choose method per column
    Redact for full removal, Hash for one-way irrecoverable, Faker for realistic synthetic, Pseudonymize for reversible tokens.

Removal vs. masking vs. pseudonymization

True removal (Redact) replaces the value with a placeholder. The cell is effectively empty for analysis purposes. Masking (Hash) replaces with an irrecoverable hash. Useful for joins where you only need to know two rows match.

Pseudonymization (reversible tokens) preserves analytical utility AND lets you restore originals later. Under GDPR pseudonymization, the data is still personal data but with reduced risk; full anonymization (one-way) exits the GDPR scope.

Need to restore values later?

Pseudonymize and Faker (reversible) produce a mapping file. Keep it. The reverse tool restores the original CSV from the anonymized file + mapping.

Open the reverse tool →

Related tools

Anonymize Data hubAnonymize CSV for ChatGPTGDPR pseudonymizationReverse anonymizationCompare CSV files

Frequently asked questions

Does this satisfy GDPR Article 4(5) on pseudonymization?+

Pseudonymize and Faker (reversible) produce data that's still 'personal' under GDPR but with reduced identifiability risk. Meeting Article 4(5)'s definition. Full anonymization (Hash, Redact) goes further and exits GDPR scope when truly irreversible.

Are PII detections accurate?+

The detector uses header name patterns plus value-format regex (email, DNI letter check, IBAN mod-97). It's deliberately conservative. False positives are flagged but always require your confirmation.

Can I add custom PII patterns?+

Not yet via the UI. The current heuristic covers EN and ES vocabularies for emails, names, phones, Spanish IDs, IBANs and credit cards. Custom regex column detection is on the roadmap.

How is this different from just deleting the columns?+

Deleting loses the relational structure. You can't analyze 'how many orders per customer' if you delete the customer ID. Pseudonymization preserves relationships while removing identifiability.