How to scan JSON for PII
To scan JSON for PII, paste your JSON into the tool. It walks every key and value, including nested objects and arrays, and uses pattern heuristics to flag values that look like personal or sensitive data, listing each one by its JSON path so you can find it quickly.
The scan runs entirely in your browser, so the JSON you are checking never leaves your device — which matters when the whole point is privacy. After reviewing the findings, you can export a redacted version where flagged values are masked, ready to paste safely into a ticket, doc, or chat.
- Paste the JSON you want to check
- Review flagged findings listed by JSON path
- Optionally redact the flagged values
- Export the redacted JSON locally
What counts as a finding
This scanner uses practical heuristics to spot common sensitive patterns: email addresses, phone numbers, IP addresses, URLs, API tokens, and secret-like strings. It is designed to catch the values people most often forget to remove before sharing a payload.
Because it is heuristic and intentionally lite, it is a fast cleanup aid rather than a compliance-grade classifier. It may flag harmless values that match a pattern, or miss unusual formats, so treat the findings as a helpful checklist to review by hand, not a legal guarantee.