Two Ways to Anonymize Text
When you need to strip personal information from text, anonym.plus gives you two distinct anonymization operators: Replace and Encrypt. Both use the same underlying detection engine — Microsoft Presidio combined with spaCy NER models — to identify over 340 types of personally identifiable information (PII). The difference lies in what happens after detection.
Replace substitutes each detected entity with a generic placeholder such as <PERSON> or <EMAIL_ADDRESS>. The original value is gone permanently. Encrypt transforms each entity into an AES-256-GCM ciphertext token that can be decrypted later with the correct encryption key. Both operations happen entirely on your local machine — no text is ever sent to a server.
Understanding when to use each approach is critical for compliance workflows, collaboration scenarios, and data governance. This guide walks through both methods step by step and provides a detailed comparison to help you choose.
How Text Replace Works
The Replace operator is the most common anonymization method. It permanently removes PII by substituting each detected entity with a type-based placeholder. Here is the complete workflow:
- Paste your text. Open anonym.plus and paste the text you want to anonymize into the text input area. The app works entirely offline — your text never leaves your device.
- Select a detection preset. Choose from 121 built-in presets such as General PII, GDPR Compliance, HIPAA Medical, or Financial Services. Each preset defines which entity types to detect and at what confidence threshold. You can also create custom presets in Settings.
- Start analysis. Click "Start Analysis" to run the local NLP engine. Presidio and spaCy scan your text for names, email addresses, phone numbers, dates, locations, credit card numbers, IBANs, national IDs, and dozens of other entity types.
- Review detected entities. Each detected entity appears with a color-coded badge showing its type and confidence score. You can toggle individual detections on or off — useful for correcting false positives or preserving specific values you want to keep.
- Choose the Replace operator. In the operator selection panel, select "Replace" for each entity type (or set it as the default). You can customize the replacement format — for example, replace names with
<PERSON_1>,<PERSON_2>to maintain entity consistency. - Anonymize and export. Click "Anonymize" to process. The output text contains only the placeholders — original PII values are permanently removed. Copy the result to your clipboard or save it as a file.
After processing, your text might look like this: "<PERSON> submitted an invoice on <DATE_TIME> from <LOCATION>." The original names, dates, and locations are irreversibly gone.
How Text Encrypt Works
The Encrypt operator follows the same detection workflow but produces a fundamentally different output. Instead of placeholders, each PII entity is replaced with an encrypted token that can be reversed.
- Paste your text. Same as above — paste text into the input area.
- Select a detection preset. Choose the same presets as Replace mode. The detection step is identical.
- Start analysis and review. The NLP engine detects entities in the same way. Review and toggle detections as needed.
- Choose the Encrypt operator. Select "Encrypt" in the operator panel. You will need an encryption key — create one in Settings or select an existing key from your vault.
- Anonymize with encryption. Click "Anonymize." Each PII entity is encrypted individually using AES-256-GCM with a random nonce per entity. The output contains encrypted tokens like
<ENC:aGVsbG8gd29ybGQ=:iv:tag>in place of the original values. - Export and share. The encrypted document can be safely shared. Recipients see only ciphertext tokens — not the original PII. You can later decrypt the document using the Deanonymize feature with the same encryption key.
The encrypted output preserves the document structure while making PII unreadable to anyone without the key. This enables a powerful collaboration workflow: encrypt a document, share it with colleagues for editing, receive it back, and decrypt the PII — even if the surrounding text was modified.
Replace vs Encrypt: When to Use Which
The following table provides a side-by-side comparison of the two operators across the most important dimensions:
| Feature | Replace | Encrypt |
|---|---|---|
| Reversibility | Irreversible — original PII is permanently deleted | Fully reversible — decrypt with the same encryption key |
| Output format | Human-readable placeholders (<PERSON>, <EMAIL>) |
Base64-encoded ciphertext tokens |
| Best use case | Public release, permanent redaction, GDPR anonymization | Internal sharing, collaboration, temporary redaction |
| Performance | Fastest — simple string substitution | Slightly slower — per-entity AES-256-GCM encryption |
| Security level | Maximum — data no longer exists | High — AES-256-GCM with random nonce per entity |
| Key required | No | Yes — must select or create an encryption key |
| GDPR classification | Anonymization (data exits GDPR scope) | Pseudonymization (data remains in GDPR scope) |
| Collaboration | Shared document cannot be reversed | Share, edit, return — then decrypt intact tokens |
| Output readability | High — placeholders are self-explanatory | Low — ciphertext tokens are opaque |
When to choose Replace
- You need to publish or share documents publicly and never want the original PII to be recoverable.
- Regulatory requirements demand full anonymization (GDPR Article 4: anonymized data is no longer personal data).
- You are creating training datasets, test fixtures, or sanitized logs where placeholders are sufficient.
- You want the simplest, fastest processing with no key management overhead.
When to choose Encrypt
- You need to share documents for review or editing but want to restore the original PII afterward.
- Legal or audit processes require the ability to trace back to original identities.
- You are working in a team where some members need to see PII and others do not.
- You want pseudonymization rather than full anonymization — for example, GDPR Article 25 data protection by design.
Step-by-Step Walkthrough
Here is a combined walkthrough covering both operators from start to finish:
- Open anonym.plus. The app launches with the Anonymize tab active.
- Paste text into the input area, or type directly. There is no size limit for text input beyond available memory.
- Select a detection preset from the dropdown. For general use, "General PII Detection" (threshold 0.85) works well. For stricter compliance, choose "GDPR Compliance" (threshold 0.90).
- Click "Start Analysis." The local Presidio engine scans the text. Detected entities are highlighted with color-coded badges.
- Review each detection. Click any entity to see its type, confidence score, and position. Toggle off false positives.
- Choose your operator:
- For Replace: select "Replace" in the operator dropdown. No further configuration needed.
- For Encrypt: select "Encrypt" and choose an encryption key from your vault (or create a new one).
- Click "Anonymize." The engine applies your chosen operator to every enabled entity.
- Review the output. For Replace, verify placeholders are correct. For Encrypt, verify encrypted tokens are present.
- Copy to clipboard or save as a file. The processing entry is saved to your local history for future reference or deanonymization.
Ready to try it yourself? See it in action →