6 Methods

Choose Your Anonymization Method

Replace, Mask, Redact, Hash, Encrypt, or Custom. Each method serves different compliance requirements and use cases. Try any method free on anonym.legal.

🔄

Replace

What it does: Substitute PII with realistic fake values using a pattern-based or dictionary lookup.

Example:
"John Smith" → "Max Mueller"
"(555) 123-4567" → "(718) 945-8273"

When to use: Testing environments, analytics, data sharing with external partners who need realistic but fictional data.

Data utility: High — data structure and relationships preserved.

Compliance fit: GDPR Art. 89 HIPAA

Fully reversible if mapping table is retained. Meets quasi-identifiers under GDPR anonymization Safe Harbor.

Try Replace
🎭

Mask

What it does: Partially obscure sensitive values by replacing characters with placeholders (* or •).

Example:
"DE12 3456 7890 1234" → "DE** **** **** 1234"
"john@example.com" → "j*@e******.com"

When to use: Customer service displays, support ticket systems, call center interactions where staff needs context but not full data.

Data utility: Medium — format and last digits preserved.

Compliance fit: PCI DSS FINRA HIPAA

Reversible if original mapping retained. Often sufficient for PCI DSS scope reduction (Credit Card masked display).

Try Mask
🚫

Redact

What it does: Complete removal or replacement with a fixed placeholder like [REDACTED], [REMOVED], or ████.

Example:
"SSN: 123-45-6789" → "SSN: [REDACTED]"
"Patient: Jane Doe" → "Patient: [REDACTED]"

When to use: FOIA responses, court document production, regulatory submissions, e-Discovery where full PII removal is required.

Data utility: Low — context only, exact value unknown.

Compliance fit: FOIA e-Discovery Legal Hold

Not reversible. Strongest de-identification under GDPR and HIPAA. Required for FOIA 200K+ annual backlog processing.

Try Redact
🔐

Hash (SHA-256 / SHA-512)

What it does: Apply one-way cryptographic hash functions. Same input always produces same output (deterministic).

Example:
"john@example.com" → "a1b2c3d4e5f6g7h8..."
"123-45-6789" → "9z8y7x6w5v4u3t2s..."

When to use: De-duplicated analytics, fraud detection, cohort analysis where you need to match same person across datasets without re-identification.

Data utility: Very High — preserves one-to-one mapping for aggregation and matching.

Compliance fit: HIPAA Safe Harbor GDPR Recital 26

Irreversible cryptographically. Deterministic hashing satisfies HIPAA "Safe Harbor" de-identification standard when salt is kept secret. Ideal for building anonymized lookup tables.

Try Hash
🔑

Encrypt (AES-256-GCM + RSA-4096)

What it does: Reversible encryption using AES-256-GCM for data, RSA-4096 for key exchange. Only authorized parties can decrypt.

Example:
"John Smith, DOB: 1990-01-15" → (encrypted blob, ~200 bytes)
Decryptable only with matching private key.

When to use: Long-term archival, regulatory retention, multi-party sharing with selective decryption rights. Supports delayed release of PII to authorized auditors.

Data utility: Maximum — decrypted data identical to original.

Compliance fit: GDPR Art. 32 HIPAA Technical Safeguards

Fully reversible. Multi-party key sharing supported. Meets encryption-at-rest + encryption-in-transit requirements. Compatible with HSM (Hardware Security Module) key management.

Try Encrypt
⚙️

Custom

What it does: Define your own anonymization logic: regex patterns, format-preserving encryption, lookup tables, conditional rules.

Example:
Custom rule: "Keep first letter + length, replace middle" for names
FPE: "Preserve credit card format while scrambling digits"

When to use: Domain-specific requirements, legacy system integration, proprietary redaction standards, industry-specific presets.

Data utility: Tunable — depends on custom logic.

Compliance fit: GDPR Art. 89 Custom Policies

108+ presets included (PCI, HIPAA Safe Harbor, FOIA, GDPR, LGPD, PIPL). Build once, apply across all 7 platforms. Shareable across teams.

Browse 108 Presets

Methods Comparison

Method Reversible? Data Utility Primary Use Case Compliance
Replace ✓ Yes High Testing, Analytics GDPR Art. 89
Mask ✓ Yes Medium Customer Support, Call Center PCI DSS, HIPAA
Redact ✗ No Low FOIA, e-Discovery, Legal FOIA, Legal Hold
Hash ✗ No* Very High Analytics, De-duplication HIPAA Safe Harbor
Encrypt ✓ Yes Maximum Long-term Archive, Multi-party Sharing GDPR Art. 32, HIPAA
Custom Tunable Tunable Domain-specific Rules Customizable

* Hash is cryptographically irreversible, but deterministic (same input = same output)

Methods by Regulation

GDPR (EU) — Article 89

  • Article 89: "Anonymization" requires irreversible de-identification. Approved: Redact, Hash (with salt secret), Encrypt with key retention.
  • Replace + Mapping: Approved if mapping table stored securely (not with data).
  • Mask (partial): Not true anonymization; still "pseudonymized" requiring special safeguards.
  • Custom rules: Must document irreversibility and quasi-identifier removal per Recital 26.

HIPAA (US) — Safe Harbor

  • Safe Harbor: Remove 18 identifiers. Hash with salt / Redact / Replace all approved.
  • Expert Determination: Any method with statistical verification of re-identification risk <0.04%.
  • Deterministic Hash: Meets Safe Harbor if salt is kept secret (not released).
  • Encrypt: Approved for limited datasets; full de-id not required if key is held.

FOIA (US) — Exemption 6 & 7

  • Exemption 6: Requires redaction of "clearly unwarranted invasion of personal privacy."
  • Required method: Redact (complete removal or [REDACTED] placeholder).
  • Precedent: DOJ guidance: Mask or Replace insufficient; must redact or heavily obscure.
  • 200K+ annual backlog: Agencies processing de-identification at scale use template redaction rules.

PCI DSS & FINRA

  • Credit Card PAN: Mask to show last 4 digits only (e.g., "****-****-****-1234").
  • Approved methods: Mask, Hash (for fraud detection), Encrypt (for storage).
  • Scope reduction: Masked data often excluded from PCI compliance scope.
  • FINRA 4530: Requires reasonable care; masking sufficient for historical data archival.

LGPD (Brazil)

  • Anonymization: Irreversible de-identification similar to GDPR Article 89.
  • CPF, CNPJ, RG: Red-flag entities under Brazilian law; Redact or Hash required.
  • Approved: Redact, Hash with secret salt, Replace with mapping kept separate.

PIPL (China)

  • Personal information: Defined strictly; Resident ID (GB 11643) primary identifier.
  • De-identification: Redact or Hash (deterministic or with salt).
  • Approved: Replace + mapping, Mask, Hash, Encrypt.
  • Cross-border: Encrypted export often preferred to avoid data localization rules.

See It In Action

Watch how anonym.legal detects and anonymizes PII in real time

Try Each Method Free

Paste text, select entities, and instantly see results for any of the 6 methods. No signup required for free tier.

Anonymize Now

Also from anonym.legal

EU GDPR Compliance Hub → Legal Document Redaction → Enterprise DLP → Developer API & MCP →

Frequently Asked Questions

Tokenization replaces PII with a random token stored in a secure vault — the original can be retrieved. Masking replaces characters with symbols (J*** D**, ****1234) — irreversible but preserves format. anonym.legal supports both via Custom and Mask methods.

Format-preserving encryption (FPE) encrypts data while maintaining its original format — a 16-digit card number encrypts to another 16-digit number. Useful when database schemas cannot change. Supported via anonym.legal's Custom method.

Differential privacy adds mathematical noise to datasets to prevent individual re-identification while preserving statistical properties. Best for analytics and ML training data. For document-level PII removal, use anonym.legal's Replace or Redact methods instead.