When people think about leaking personal data, they picture obvious things: Social Security Numbers, credit card numbers, passwords. But personally identifiable information (PII) covers a much wider range — and a lot of it ends up in the text we paste into AI tools without a second thought.

Here are the 12 categories PII Remover detects, with examples of how each one shows up in everyday work.

1. Email Addresses

The most common PII in business text. Found in email threads, CRM exports, support tickets, code comments, and log files.

Example: john.smith@acmecorp.com

2. Phone Numbers

US and international formats. Appear in contact forms, meeting notes, signature blocks, and customer records. Easy to miss in formatted text like (555) 234-5678 or +44 20 7946 0958.

3. Social Security Numbers (SSN)

The highest-risk PII in the US. Format XXX-XX-XXXX. Found in HR documents, tax forms, and anything touching payroll or identity verification.

4. Credit Card Numbers

16-digit numbers in groups of 4. Even partial card numbers can be identifying when combined with other data. Appear in payment logs, receipts, and customer service transcripts.

Example: 4532 1234 5678 9012

5. Passport Numbers

Two-letter country code + 7 digits. Found in travel booking confirmations, HR onboarding documents, and KYC records.

Example: AB1234567

6. Driver's License Numbers

Format varies by state and country. Commonly found in identity verification workflows, rental agreements, and insurance documents.

7. Bank Account Numbers

8–17 digit sequences. Found in payment records, invoice exports, and ACH transfer documentation. Often overlooked because they look like any other long number.

8. IP Addresses

Found in server logs, error reports, analytics exports, and security incident reports. An IP address tied to a session is personal data under GDPR.

Example: 192.168.1.105

9. Street Addresses

Physical addresses with a street number and suffix (Street, Ave, Blvd, etc.). Found in shipping records, customer profiles, legal documents, and email signatures.

Example: 742 Evergreen Terrace

10. ZIP Codes

On their own, ZIP codes are low-risk. But combined with name, date of birth, and gender, a ZIP code can uniquely identify a person. A 1997 study found 87% of Americans could be identified by ZIP code, birthdate, and gender alone.

11. Dates of Birth

Found in HR records, medical documents, and account registration data. Medium-high risk on their own; critical when combined with name or address.

Example: 03/14/1985

12. URLs

URLs can carry PII in query parameters: password reset links, magic sign-in links, and personalized campaign URLs often expose user data in plain text.

Why This Matters for AI Tools

When you paste a customer support ticket into ChatGPT, you might be sending items 1, 2, 4, and 9 to a third-party server simultaneously — without realizing any of it qualifies as personal data.

The fix is simple: clean the text before it reaches the AI. Replace real values with labeled placeholders. The AI gets the structure it needs; the customer's data stays off third-party servers.

PII Remover detects all 12 categories above in a single pass and replaces each with a clear label like [email removed]. It runs locally on your Mac — nothing is sent anywhere.