Don't take our word for it.

This page runs the actual cleaning code the app uses — the same scrubber.js file, eight fixed rules plus a default-deny filter. Paste anything below and watch every line land in "kept" or "removed," with the exact rule that caught it. Then open your browser's Network tab (right-click → Inspect → Network) and run it again: nothing leaves this page.

One honest exception: before the header is discarded, the scrubber checks it against a fixed list of known banks. If it recognizes one, a single coarse label like "amex" is sent with your transactions — it helps the analysis read issuer-specific charges correctly. Never the header itself, never any account detail. The result below shows you exactly what was detected.

Want the source? It's served unminified at /js/scrubber.js — about a hundred lines, every rule commented in plain English. Things to notice while reading: there's no fetch() anywhere (it physically can't transmit), every rule is a fixed pattern (no AI, no judgment calls), and the final filter is default-deny — a line has to prove it's a transaction (date + amount) to survive.

← Back to home Run my audit →

Don't take our word for it.

✓ Kept (would be sent for analysis)

✕ Removed (never leaves your device)