Anonymizer Guide
Transform detected PII using various anonymization methods
After the Analyzer detects PII entities, the Anonymizer transforms them using operators like replace, mask, hash, or encrypt. Choose the right operator based on your use case.
Anonymization Operators
Choose the right operator based on your needs:
Replace
Replaces the entity with a placeholder text. The original value is lost.
Best for: Human-readable anonymized text
Mask
Partially hides the entity while keeping some characters visible for context.
Best for: Maintaining partial readability
Redact
Completely removes the entity from the text, leaving no trace.
Best for: Complete removal of sensitive data
Hash
Creates a one-way cryptographic hash. Same input always produces the same output, but cannot be reversed.
Best for: Data analysis while preserving uniqueness
EncryptReversible
Encrypts the entity using AES-256-GCM. Can be reversed using the same encryption key.
Best for: Temporary anonymization with future restoration
Operator Comparison
| Operator | Reversible | Preserves Format | Consistent Output | Use Case |
|---|---|---|---|---|
| Replace | No | No | Yes | Sharing anonymized documents |
| Mask | No | Partial | Yes | Customer support, logs |
| Redact | No | No | Yes | Legal documents, FOIA |
| Hash | No | No | Yes* | Data analysis, deduplication |
| Encrypt | Yes | No | Per-key | Temporary anonymization |
* Hash produces consistent output for the same input value
Using the Anonymizer
Step 1: Analyze First
Before anonymizing, you must analyze your text to detect PII entities. The anonymizer works on the results from the analyzer.
Step 2: Select Entities
Review and select which detected entities you want to anonymize:
- Use checkboxes to select/deselect individual entities
- Unselected entities will remain unchanged in the output
- Click entity type badges to bulk select/deselect by type
Step 3: Choose Operator
Select the anonymization method:
- Global operator: Applies the same method to all selected entities
- Per-entity operator: Set different methods for different entity types
Step 4: Configure Options
Each operator has configuration options:
Replace Options
new_value- The replacement text (default:[ENTITY_TYPE])
Mask Options
masking_char- Character to use for masking (default:*)chars_to_mask- Number of characters to maskfrom_end- Mask from end instead of beginning
Hash Options
hash_type- Algorithm to use (default:sha256)
Encrypt Options
- Requires an encryption key configured in Settings
- Uses AES-256-GCM encryption
Step 5: Run Anonymization
- Click the Anonymize button
- Review the anonymized output
- Copy or download the result
Encryption & Deanonymization
The Encrypt operator enables reversible anonymization. You can restore original values using the same encryption key.
Setting Up an Encryption Key
- Go to Settings → Security
- Under "Encryption Keys," click Add Key
- Enter a name and your secret key (32+ characters recommended)
- Save the key securely - it's required for deanonymization
Key Security
Your encryption key is stored encrypted in your account. If you lose the key, encrypted data cannot be recovered.
Deanonymizing Text
- Go to the Deanonymize tab
- Paste text containing encrypted entities (e.g.,
[ENC:a3f2b1c4...]) - Select the encryption key used during anonymization
- Click Deanonymize
- The original values are restored
Token Costs
Anonymization operations consume tokens based on:
Cost = 1 + 0.2 × ops_count + 0.8 × encrypt_count + 0.1 × entities + 0.2 × text_k
Final = ceil(Cost × 0.5)
Where:
ops_count= number of anonymization operationsencrypt_count= number of encryption operations (higher cost)entities= number of entities processedtext_k= text length in thousands of characters
| Operation | Typical Cost |
|---|---|
| Anonymize (apply only) | 1-5 tokens |
| Anonymize (full) | 2-15 tokens |
| Deanonymize | 1-4 tokens |
Best Practices
Related Documentation
Last Updated: February 2026