🔀 Try it now: scramble.scottslab.io — No signup required

Stop Feeding Your Secrets to ChatGPT

We've all done it.

You're debugging a customer issue at 11pm. You've got a log file full of names, emails, SSNs, and that one guy's phone number who keeps calling about his account. You need AI help. So you...

...paste the whole thing into ChatGPT.

Congratulations. You just sent John Smith's social security number to OpenAI's training data. HR would like a word.

The Problem

Public LLMs are incredible tools. But they have a dirty secret: your data might stick around. Training data. Logging. That intern at OpenAI who's definitely not reading your prompts (they are).

HIPAA doesn't care that you "really needed help with that regex." Neither does your compliance officer. Or John Smith's lawyer.

The Solution: Scrambler

I built Scrambler because I was tired of manually find-replacing "Acme Corp" with "REDACTED" like some kind of caveman.

Scrambler has two modes:

  • Text Mode — Paste text, mask PII, copy to AI, unmask response (100% browser-side)
  • PDF Mode — Upload PDFs, auto-redact PII, download clean document (NEW!)

📝 Text Masking (Browser-Side)

Here's the deal:

  1. Paste your sensitive text
  2. Click "Mask"
  3. It auto-detects PII and replaces it with fake data
  4. Copy the safe version to any AI
  5. Paste the AI's response back
  6. Click "Unmask" - originals restored

That's it. No accounts. No logins. No data leaving your browser.

What It Catches

The tool uses regex pattern matching (no AI, ironically) to detect:

  • SSNs - 123-45-6789XXX-XX-4521
  • Emails - john.smith@acme.comalex.johnson@contoso.com
  • Phone numbers - (317) 555-1234(555) 234-5678
  • IP addresses - 192.168.1.5010.0.45.12
  • Dates of birth - DOB: 03/15/1985[DOB REDACTED]
  • Medical record numbers - MRN: 12345678[REDACTED]
  • Credit card numbers - 4532-1234-5678-9012[REDACTED]
  • Driver's license - DL# A1234567[REDACTED]
  • Account numbers - Account: 9876543ACCT-000042

But What About Names?

Names are tricky. The tool can't automatically know that "John Smith" is a person and "Main Street" is not (well, it could, but that would require... AI. The irony is not lost on me).

So you manually add them:

  1. Type the name in the "Add" box
  2. Pick "Name" or "Company"
  3. Click Add

Now "John Smith" becomes "Taylor Garcia" and "Acme Healthcare" becomes "Contoso" every time.

Microsoft-style fake names. Because if it's good enough for every Microsoft demo since 1998, it's good enough for you.

📄 PDF Redaction (NEW!)

Sometimes you have an entire document that needs to be sanitized before sharing. Maybe it's:

  • A medical record you need to send to a consultant
  • A police report for a case study
  • Financial statements for an audit
  • Any document with scattered PII

Here's how it works:

  1. Click the "PDF Redact" tab
  2. Choose your redaction style:
    • [REDACTED] — Clean text labels
    • [________] — Redaction bars (looks more like traditional redaction)
  3. Drag & drop your PDF (or click to upload)
  4. Review what was found — See exactly what PII was detected
  5. Download the clean PDF — All PII replaced, document structure preserved

How It's Different From Text Mode

  • Server-side processing — PDFs are too complex for browser-only
  • Ephemeral — Files exist only in memory during processing, then deleted
  • No storage — No database, no logs, no traces
  • Layout preserved — Headers, paragraphs, structure stays intact

What Gets Redacted

Same patterns as text mode:

  • SSNs, emails, phone numbers
  • IP addresses, credit cards
  • DOB (with context like "Date of Birth:")
  • Medical record numbers (MRN)
  • Driver's license numbers
  • Account/Patient IDs

Example

Original PDF text:

PATIENT INTAKE FORM

Patient: John Smith
SSN: 123-45-6789
DOB: 03/15/1985
Phone: (317) 555-8421
Email: john.smith@acmecorp.com

After redaction (text style):

PATIENT INTAKE FORM

Patient: John Smith
SSN: [REDACTED]
DOB: [DOB REDACTED]
Phone: [REDACTED]
Email: [REDACTED]

Notice the header "PATIENT INTAKE FORM" stays intact — only the actual PII values are replaced.

The Privacy Part (It's Actually Private)

Text Mode

Everything runs in your browser.

  • No server processing
  • No data transmitted anywhere
  • No accounts or cookies
  • No logging

Open DevTools. Watch the Network tab. Nothing gets sent. Your HIPAA officer can sleep soundly.

PDF Mode

Ephemeral server processing.

  • Files uploaded, processed, returned — then deleted
  • No permanent storage
  • No database entries
  • Temp files cleaned up immediately
  • Max 5 concurrent sessions (DoS protection)
  • 10MB file size limit

The PDF has to hit a server (PDFs are complex), but it never touches disk beyond a momentary temp file that's deleted before the response finishes.

Real World Example

You have:

Patient John Smith (DOB: 03/15/1985, SSN: 123-45-6789) 
called from (317) 555-0199 regarding prescription refill.
Contact: john.smith@acme.com
Account: 98765432

Scrambler gives you:

Patient Taylor Garcia (DOB: XX/XX/1972, SSN: XXX-XX-4521) 
called from (555) 234-5678 regarding prescription refill.
Contact: alex.johnson@contoso.com
Account: ACCT-000001

Paste that into ChatGPT. Ask your question. Get your answer.

Paste the answer back into Scrambler. Click Unmask. "Taylor Garcia" becomes "John Smith" again. Magic.

When You Need This

  • Healthcare workers using AI for documentation help
  • Support teams debugging customer issues
  • Developers with production logs
  • Legal teams sanitizing documents for case studies
  • Anyone handling financial data
  • Literally anyone who values not getting fired

When You Don't Need This

  • Your grocery list (unless you're buying... suspicious groceries?)
  • That fanfic you're writing (no judgment)
  • Anything already public

Try It

scramble.scottslab.io

No signup. No payment. No tracking. Just paste and go.

One More Thing

I checked my server logs after deploying this. Found something weird:

[03:22:17] GET /api/scramble HTTP/1.1 200
[03:22:18] User-Agent: Bigfoot/1.0 (Privacy Browser; ForestOS)
[03:22:19] X-Request-Reason: "Even cryptids have HIPAA concerns"

Turns out Sasquatch has a medical condition he'd prefer to keep private. Something about chronic foot pain.

Fair enough, big guy. Your secret's safe with me.

🦶

Built with JavaScript, paranoia, and an unreasonable number of regex patterns.

Part of Scott's Lab - where security tools meet questionable Bigfoot sightings.