AI PII Redactor — Sri Lanka NIC, Phone, Email, Card
Paste any text — customer lists, log lines, chat exports, transcripts — and get a redacted copy with NIC numbers, phones, emails, credit cards, IBANs, and IPs replaced. Detection happens in your browser; nothing is uploaded.
How it works
Every detector is deterministic. A regular expression scans the input for a candidate (a 9-digit NIC, a credit-card-shaped run, an email), then a checksum or lookup confirms the candidate is actually what it looks like before anything is flagged. No probabilistic model, no training data, no download — just specifications turned into code.
1. Sri Lankan NIC numbers
Two formats are accepted. The old format is \d{9}[VX] — nine digits followed by V (citizen) or X (non-citizen). The first two digits are the last two digits of the year of birth, the next three are the day-of-year. A day code over 500 means female (subtract 500 to get the actual day). The newformat is twelve digits beginning with 19 or 20: full year, day-of-year, four-digit serial, one check digit. Both undergo a day-of-year range check before being flagged, so numeric strings that happen to look like an NIC don't get redacted.
2. Phone numbers
Sri Lankan phones are detected by prefix lookup against the TRC Numbering Plan: mobile prefixes 070, 071, 072, 074, 075, 076, 077, 078 and landline area codes (011 Colombo, 081 Kandy, 091 Galle, 045 Ratnapura, 052 Badulla, 037 Kurunegala, and the rest). International numbers in E.164 form (+CC NSN) are also detected — the digit count after the country code must be between 7 and 15 to count.
3. Credit cards
Any 13–19 digit run with optional spaces or hyphens is treated as a card candidate. It only sticks if it passes the Luhn mod-10 checksum and matches a known Issuer Identification Number range from ISO/IEC 7812-1: Visa (4), Mastercard (51–55, 2221–2720), Amex (34, 37), Discover (6011, 622126–622925, 644–649, 65), JCB (3528–3589), Diners Club (300–305, 36, 38, 39), UnionPay (62, 81), and RuPay (60, 65, 81, 82). Long order IDs and invoice numbers stay untouched.
4. IBAN
Two-letter country code + two check digits + 10–30 alphanumerics. The length is checked against the ISO 13616-1 IBAN registry (GB=22, DE=22, NL=18, FR=27, and so on), then the standard mod-97 check is run by shifting the first 4 characters to the end and converting letters to digits (A=10, B=11, …, Z=35). Anything failing either check is left in place.
5. Email and IP
Emails follow a simplified RFC 5321 regex with a 2–24-character alphabetic top-level domain. IPv4 octets are bounded 0–255; private ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.0/8, 169.254.0.0/16) are skipped by default because they're rarely PII — flip the toggle if you need them redacted too. IPv6 supports full, leading-zero, and :: compressed forms.
6. Conflict resolution
When two detectors claim the same span, priority is NIC > credit card > IBAN > email > phone > IP. The text is rewritten right-to-left so character offsets stay valid as replacements are spliced in. A parallel verification path is exposed by verifyNicByAlternatePath() — a pure string-slice implementation that confirms the regex parser produces the same year, sex, and day-of-year. Both paths must agree before an NIC is considered valid.
Worked examples
Privacy guarantee
Every byte of input stays inside your browser tab. The detection engine is plain JavaScript — no model download, no API call, no telemetry, no logging. Open DevTools → Network and watch — when you press Redact, you'll see zero outgoing requests carrying your text.
Hash mode generates a fresh random salt each time the page loads. The salt never leaves the page; tokens are only stable within the same session. Reload the page and the same input produces a different token.
Frequently asked questions
Sources & references
- Department for Registration of Persons, Sri Lanka — NIC format
- Telecommunications Regulatory Commission of Sri Lanka — Numbering Plan
- ISO/IEC 7812-1:2017 — Issuer Identification Numbers (card IINs)
- RFC 5321 §4.1.2 — SMTP address syntax (email regex basis)
- ISO 13616-1:2020 — IBAN structure + mod-97 checksum
- RFC 791 — IPv4 address format
- RFC 4291 — IPv6 address format
The detection rules on this page were last cross-checked against the sources on 2026-05-12. They are reviewed whenever the TRC adds a new prefix or the IBAN registry publishes a length change.
Related tools
Comments & feedback
Spotted a bug or want an improvement? Tell us — our team reviews every comment, and good ideas get built. Comments are public and anonymous.
Found a false positive, a missing prefix, or a format the redactor misses?
Email me at [email protected] — fixes usually ship within a day.