How to redact emails, phones & card data from a crm export before you send it out
- Step 1Export the segment from your CRM — Pull exactly the rows the third party needs — a saved view, a smart list, or a pipeline stage export. CSV, JSON, or the native
.xlsx/.xls/.odsworkbook all work. Column headers and field names don't matter to the scrubber; it inspects the *content* of each cell, not the schema. - Step 2Drop the export onto the scrubber — Drag the file into the drop area above (it accepts
.csv,.json,.txt,.mdplus.xlsx/.xls/.ods). There's no paste box — this tool works on an uploaded file. Processing is fully in-browser, so the contact list is never transmitted even though you're about to share it externally. - Step 3Run the scrubber — Press Run Email/Phone Scrubber. There are no settings — the six detectors always run in a fixed order (email, IBAN, card, SSN, NI, phone last). The IBAN and card passes apply their checksums, so a deal reference or order number that isn't a valid card is left untouched.
- Step 4Review the masked export — The scrubbed file shows in a scrollable panel with a metrics line: items redacted, bytes in/out, run time. Skim the columns — confirm the email and phone fields are now
[REDACTED_*]and that a column you want the partner to keep (region, deal stage, product) is still readable. - Step 5Download and hand off the clean file — Use Download to save it with a
-scrubbedsuffix (pipeline.csv→pipeline-scrubbed.csv). Share *that* file, never the original. Note: a spreadsheet input downloads as<name>-scrubbed.xlsxbut the content is the scrubbed JSON array of the first sheet — convert to CSV if the recipient expects an Excel workbook. - Step 6Decide what to do about names and addresses — The scrubber does not redact contact names, company names, or mailing addresses — there's no detector for free-text fields. If the recipient shouldn't see who the contacts are, replace those columns with fakes using the CSV/JSON Data Scrambler before sharing, or drop the name/address columns from the export entirely.
A CRM export, column by column — what's masked on share
How a typical contact export fares. The direct identifiers are tagged; the descriptive columns survive so the file is still useful, but names and addresses are NOT removed.
| CRM column | Example value | After scrub | Why |
|---|---|---|---|
| sue.adler@example.com | [REDACTED_EMAIL] | Email pattern match | |
| direct_phone | +44 20 7946 0958 | [REDACTED_PHONE] | Phone pattern match |
| payment_iban | GB82 WEST 1234 5698 7654 32 | [REDACTED_IBAN] | Mod-97 valid IBAN |
| contact_name | Sue Adler | Sue Adler (kept) | No name detector |
| billing_address | 12 King St, Leeds | 12 King St, Leeds (kept) | Free-text address not matched |
| deal_id | 1234567890123456 | 1234567890123456 (kept) | 16 digits but fails Luhn — not a card |
Inputs, output, and tier limits
A free-tier tool; only the file-size ceiling changes by plan. Large CRM exports may need splitting on the free plan.
| Aspect | Behaviour |
|---|---|
| Accepted input | .csv, .json, .md, .txt as text; .xlsx/.xls/.ods (first sheet flattened to a JSON array first) |
| Options | None — no toggles, no custom mask. All six detectors run every time |
| Output | Scrubbed file in the original format with [REDACTED_*] tags; downloaded as <name>-scrubbed.<ext> |
| Multiple files | Drop area accepts several, but only the first is scrubbed per run |
| Where it runs | 100% in your browser tab; a server-safe API path returns { output, redactedCount, counts } |
| File-size limit | Free 10 MB · Pro 100 MB · Pro + Media 500 MB · Developer 2 GB (oversize text throws an exceeds the … limit error) |
Cookbook
Realistic CRM-export fragments showing exactly what a recipient would and wouldn't see. All contact details below are fabricated examples.
Contact CSV for an agency brief
The everyday handoff: a contacts export where email and phone are masked but the descriptive columns stay so the agency can still segment.
Input (segment.csv): name,email,phone,region,stage Sue Adler,sue.adler@example.com,+44 20 7946 0958,EMEA,Won Jon Ek,jon+crm@mail.example.co.uk,(212) 555-0143,AMER,Open Output (segment-scrubbed.csv): name,email,phone,region,stage Sue Adler,[REDACTED_EMAIL],[REDACTED_PHONE],EMEA,Won Jon Ek,[REDACTED_EMAIL],[REDACTED_PHONE],AMER,Open Reported: 4 items redacted
Names survive — drop or scramble them yourself
The single biggest surprise for sales ops: the name column is untouched because there's no name detector. If the partner shouldn't see who the contacts are, handle names separately.
Input (leads.csv): name,email Maria Okafor,maria@acme.io Output (leads-scrubbed.csv): name,email Maria Okafor,[REDACTED_EMAIL] # 'Maria Okafor' is NOT redacted. # Drop the column, or run the file through the # CSV/JSON Data Scrambler to fake the names.
Deal IDs kept, real cards removed
Finance-touching exports often carry 16-digit references next to occasional card data. The Luhn gate keeps the deal IDs and removes the genuine card.
Input (deals.csv): deal_id,card_on_file 1234567890123456,4111 1111 1111 1111 Output (deals-scrubbed.csv): deal_id,card_on_file 1234567890123456,[REDACTED_CARD] # deal_id fails Luhn → kept # card passes Luhn → [REDACTED_CARD]
Native CRM .xlsx export comes back as JSON
Many CRMs export an Excel workbook. The first sheet is flattened to a JSON array, scrubbed, and returned as JSON — the download keeps the .xlsx name but holds JSON, not a rebuilt workbook.
Input: crm-export.xlsx (first sheet)
| Email | Mobile |
| kit@demo.org | 07700 900123 |
Download: crm-export-scrubbed.xlsx (CONTENT is JSON):
[
{
"Email": "[REDACTED_EMAIL]",
"Mobile": "[REDACTED_PHONE]"
}
]Pipeline JSON export stays valid
A JSON export from the CRM API. Emails nested in records are masked in place; the document remains parseable for the recipient's tooling.
Input (pipeline.json):
[
{ "id": 7, "owner": "alice@acme.io", "note": "call back on 0207 946 0958" }
]
Output (pipeline-scrubbed.json):
[
{ "id": 7, "owner": "[REDACTED_EMAIL]", "note": "call back on [REDACTED_PHONE]" }
]Edge cases and what actually happens
Contact and company names are still in the file
By designThe scrubber has no name or company detector — only six shaped categories. A name, company, or account_owner column passes through verbatim. If the recipient shouldn't see who the contacts are, drop those columns from the export or replace them with plausible fakes using the CSV/JSON Data Scrambler before sharing.
Mailing addresses aren't redacted
By designFree-text billing or shipping addresses don't have a fixed shape the regex can match, so they're left intact. For a contact list, that often means the recipient can still locate people. Strip address columns or scramble them separately — this tool won't touch them.
A deal/quote reference survives the card pass
PreservedCard matching requires a Luhn-valid 13–19 digit run, so deal IDs, quote numbers, and tracking references that fail Luhn are deliberately kept. That's what stops the scrub from blanking your reference columns — but a real card with a checksum-breaking typo would also be missed.
Only the first file is scrubbed from a multi-select
First file onlyThe drop area lets you pick several files, but a run scrubs only files[0]. If you exported the pipeline across multiple files, run each one separately or use the server-safe API. Check the -scrubbed filename so you don't accidentally hand over an unprocessed original.
The Excel download contains JSON, not a workbook
ExpectedFor .xlsx/.xls/.ods inputs the first sheet is converted to a JSON array of row objects, scrubbed, and returned as that JSON — the filename keeps .xlsx but the content is JSON text. If the partner expects a real Excel file, save the JSON and re-import to Excel, or export your sheet to CSV before scrubbing.
The export is bigger than your plan's limit
Rejected — over limitText exports go through the tier size gate (Free 10 MB, Pro 100 MB, Pro + Media 500 MB, Developer 2 GB). An oversize file throws File "…" is N MB — exceeds the … limit for your plan. and nothing is scrubbed. Split the export by segment, or upgrade. Spreadsheets are read directly into the tab and bounded by memory instead.
Only the first sheet of the workbook is scrubbed
First sheet onlyFor spreadsheet inputs, only the first sheet is flattened and scrubbed; additional tabs (extra segments, lookup tables) are ignored. If your contacts span multiple tabs, move them to the first sheet or export each tab to its own CSV before scrubbing.
An unusual local phone format isn't masked
May be missedThe phone detector targets common international and grouped formats with +, parentheses, and space/dot/dash separators. Internal extensions, run-together digit strings, or heavily localised formats may not match. Scan the masked file for any phone style your CRM stores that isn't a standard grouped number.
An illustrative email in a notes field gets redacted
Pattern matchAnything matching local@domain.tld is replaced, including an example or support address typed into a notes column. The scrubber can't tell a real contact from an illustrative one. If a notes column intentionally references a generic mailbox, expect it to be tagged too.
You'd rather encrypt the export than redact it
Wrong toolIf the recipient is trusted under a DPA and needs the *real* data, encrypt rather than redact: use the AES-256 Encryptor (Web Crypto AES-GCM-256, PBKDF2 100k) and share the passphrase out of band. To prove the file wasn't altered in transit, fingerprint it with the Multi-Hash Fingerprinter.
Frequently asked questions
Does it remove contact names from my CRM export?
No. There is no name or company detector — only email, phone, IBAN, card, US SSN, and UK NI. Name and company columns pass through verbatim. If the recipient shouldn't see who the contacts are, drop those columns or replace them with fakes using the CSV/JSON Data Scrambler.
Will the partner still be able to use the file?
Yes — only the matched substrings are masked, so CSV keeps its columns and JSON stays valid. Descriptive fields (region, stage, product, dates) survive, so the recipient can still segment and analyse; they just can't contact anyone directly.
Is the contact list uploaded to do the scrub?
No. The on-page tool runs every regex pass locally in your browser tab — the export and the identifiers in it never reach a server. That's what makes it safe to anonymise a GDPR/CCPA-governed list before you've even signed a DPA with the recipient. A separate opt-in API path exists for automation.
Can I choose to only mask phone numbers, not emails?
No. There's no options panel — all six detectors always run and the tags are fixed. If you want only certain tags in the shared file, find-and-replace the unwanted ones back in a text editor afterwards. There is no per-category toggle.
How does it avoid masking my deal or quote numbers as cards?
The card detector applies the Luhn checksum before redacting, so a 13–19 digit run is only tagged [REDACTED_CARD] if it passes Luhn. Most deal IDs, quote numbers, and order references fail Luhn and are kept. Real card numbers pass Luhn and are removed.
My CRM exports Excel — does it give me Excel back?
It accepts .xlsx/.xls/.ods but converts the first sheet to a JSON array of row objects, scrubs that, and returns the JSON. The download keeps the .xlsx name yet holds JSON text, not a rebuilt workbook. Export your sheet to CSV first if the recipient needs binary Excel.
What if my contacts span several tabs?
Only the first sheet of a workbook is scrubbed; other tabs are ignored. Move all the contacts to the first sheet, or export each tab to its own CSV and scrub them one at a time. Always check the output count to confirm the rows you expected were processed.
Can I scrub several export files in one go?
Not in one click. The drop area accepts a multi-file selection but a single run processes only the first file. Run each export separately, or call the server-safe API in a loop. Each run yields one -scrubbed file.
Does it validate IBANs in payment fields?
Yes — IBANs are confirmed with the ISO 13616 mod-97-10 checksum before redaction, so a structurally valid IBAN is masked as [REDACTED_IBAN] while a random country-code-shaped string is left alone. This avoids false positives on reference codes that merely look IBAN-like.
What size export can I scrub?
Text exports are gated by tier: Free 10 MB, Pro 100 MB, Pro + Media 500 MB, Developer 2 GB. An oversize text file throws an exceeds the … limit for your plan error and isn't processed. Split by segment or upgrade. Spreadsheets are read directly into the tab and bounded by memory.
How do I prove to the recipient the file was anonymised?
After each run the tool reports the total items redacted plus bytes in/out — note that figure in your handoff. For tamper-evidence, hash the shared file with the Multi-Hash Fingerprinter and include the digest so the recipient can verify they got exactly what you sent.
What if I need to redact a contract PDF instead of a CSV?
This tool is text/CSV/JSON only. For text redaction inside a PDF use the PDF PII Redactor; to burn out a signature on a document use Signature Burner. To replace whole fields with realistic fakes across a tabular export, use the CSV/JSON Data Scrambler.
Privacy first
Every JAD Security operation runs entirely in your browser. Files, passwords, and PGP private keys never leave your device — verified by zero outbound network requests during processing.