Source-code redaction is the removal of personal data from programs disclosed under a CPR 31.22 confidentiality regime for a secure review. anonym.plus runs locally and clears names in comments and config, keeping the logic intact.
When this applies
This disclosure goes to a locked review room under a strict regime. Comments, commit notes, and config files often hold developer names and credentials.
How anonym.plus handles it
- Load the program files into anonym.plus on your device.
- It scans comments, commit logs, and config values.
- The tool flags developer names, emails, and tokens.
- Confirm the flags; leave the program logic untouched.
- Replace or mask each confirmed value.
- Save the clean files on your device.
What you need to provide
- The program files (modules, config, or text logs).
- An allow-list to keep variable and function names.
- An operator; Replace keeps the file parseable.
PII entity types detected
| Category | anonym.plus entity type | Example |
|---|---|---|
| Names | PERSON | // author: J. Doe → [DEV] |
| Contact | EMAIL_ADDRESS | j.doe@corp.co.uk → [EMAIL] |
| Identifiers | PERSON | commit user token → [USER] |
| Secrets | PERSON | hardcoded key → [SECRET] |
| Dates | DATE_TIME | commit date → [DATE] |
| Contact | PHONE_NUMBER | support phone → [PHONE] |
Compliance achieved
- Suits a secure review room under CPR 31.22.
- Clears developer PII while the program logic stays parseable.
- Offline work keeps proprietary files inside your firm.
Anonymise source code disclosure offline — see plans & start free →
Limitations & cautions
Code is sensitive to syntax. A swapped value must keep the file parseable, so use an allow-list for variable and function names. The tool clears named PII in comments and config, but a human must judge what counts as a trade secret versus a name.
Frequently asked questions
Why does source code go under CPR 31.22?
It is a trade secret, so courts set a confidentiality regime and often a secure review room. CPR 31.22 restricts collateral use of the disclosed material.
Will redaction break the program?
Not if you use an allow-list. The tool clears names in comments and config while keeping variable and function names, so the file still parses.
Does it catch hardcoded credentials?
It flags many secret patterns, like keys and tokens, but treat that as a starting point and review the results.