Pasting text into a random online tool means trusting it with that text. For sensitive content, that trust is not always warranted. Here is how to think about it.
The risk
A lot of "free" online text tools work by sending whatever you paste to a server, processing it there, and sending the result back. That means your text, which might be a client contract, internal memo, medical note, or unreleased copy, travels across the internet to someone else's machine. You usually cannot see whether it is logged, stored, or used to train something.
For ordinary text, that may be fine. For anything confidential, it is a real exposure.
How to tell if a cleaner is safe
- Look for "runs in your browser" or "client-side" claims, and verify them. A genuinely local tool keeps working with your network disconnected.
- Check whether it requires an upload or an account. Tools that process locally rarely need either.
- Read the privacy note. If it does not say what happens to your text, assume the worst for sensitive content.
- Watch the network tab. Technically minded users can open browser dev tools and confirm no request is sent when they clean text.
Why in-browser cleaning is safer
When a cleaner runs in your browser, the processing happens on your own device in JavaScript. The text is never transmitted, logged, or stored on a server. Close the tab and it is gone. textscrubr is built this way on purpose: you can paste a sensitive document, strip the hidden characters and formatting noise, copy the clean result, and nothing ever left your machine. There is no account and nothing to upload.
When you need to go further
If your policy forbids pasting sensitive text into any browser tool at all, use an offline option: a desktop app or a local script that runs with no network access whatsoever. That gives you the same cleaning with an air-gapped guarantee, which is the right choice for regulated data.
The simple rule
For everyday text, a reputable in-browser cleaner is safe. For confidential text, only use a tool that you can confirm processes locally, and for the most sensitive material, clean it offline. The convenience of a web tool is not worth leaking a document that was supposed to stay private.