QSA Certified
KavachOne is officially a PCI DSS Qualified Security Assessor (QSA) Company.  For any PCI DSS support or certification requirements, feel free to reach out:  info@kavachone.comwww.kavachone.com
KavachOne is officially a PCI DSS Qualified Security Assessor (QSA) Company.  For any PCI DSS support or certification requirements, feel free to reach out:  info@kavachone.comwww.kavachone.com
logo
Enterprise PII Discovery · DPDP Act 2023 · GDPR · HIPAA

Discover, Classify & Protect PII
Across Your Enterprise

PII Scanner is a production-grade PII Discovery Scanner deployed as an agent inside your own infrastructure. Your data never leaves your perimeter. Scan every database, cloud bucket, and file share — mapped to DPDP Act 2023, GDPR, and HIPAA.

Agent-Deployed On-Prem
DPDP Act 2023 Ready
GDPR Compliant
HIPAA Aligned
Offline / Air-Gap Ready
100%
DPDP Compliant
99%+
Detection Accuracy
50+
Data Sources
10+
Frameworks
Core Capabilities

Everything You Need to Discover, Manage & Protect Sensitive Data

Enterprise-grade PII discovery and protection — deployed as a lightweight agent on your servers.

Intelligent PII Detection

Comprehensive sensitive data types: Aadhaar, PAN, Passport, SSN, IBAN, SWIFT, IMEI, GPS coordinates, Medical Record Numbers, Blood Group, Name, Address, Phone, Medical, Email, Gender, Age, UPI ID, GSTIN and more.

99%+ Accuracy

Universal Data Connectors

Scan wherever data lives: local/network filesystems, SFTP, Windows SMB shares, MongoDB, AWS S3, Google Cloud Storage and more.

Multi-Source

Enterprise Database Scanning

Deep scanning of PostgreSQL, MySQL/MariaDB, Oracle, IBM DB2 and cloud databases with schema discovery and streaming sampling and more.

Relational + Cloud DBs

Compliance-Grade Reporting

Executive-ready PDF reports and multi-sheet Excel workbooks including risk score, severity classification and compliance mapping and more.

Audit-Ready

High-Performance Scanning

Pool utilizing all CPU cores. Streaming scanning engine processes thousands of files per minute and more.

5,000 files/min

ROT Data Analyzer

Identify data bloat with duplicate detection, staleness scoring, obsolete files and automated retention recommendations and more.

Data Minimization

Smart Masking & Redaction

Type-aware masking for every detected PII type including Aadhaar, PAN, email, phone and more.

Zero Data Egress

Columnar & Document Formats

Support for CSV, Excel, Parquet, JSON, PDF text extraction, DOCX, ZIP/GZIP archives and structured datasets and more.

12+ Formats

Enterprise Rule Engine

Industry rule packs for financial, healthcare and e-commerce sectors with contextual keyword detection and more.

Rule Packs

Web Dashboard

Browser-based dashboard with real-time scan progress and integrations and more.

SSE + Live Monitoring

Enterprise Licensing

Secure offline-first licensing. Works in air-gapped and restricted environments and more.

Air-Gap Ready

Real-Time Scan Monitoring

Track scanning progress live with detailed logs, file-level insights, and instant alerts for sensitive data detection and more.

Live Monitoring
Live Dashboard Preview

See PII Scanner in Action

A purpose-built PII scanning mode — with compliance-mapped findings, risk distribution analytics, and one-click audit-ready reports, running entirely within your own infrastructure.

PII Scanner Dashboard
GDPR · DPDP · HIPAA · PDPA
Active
Risk distribution across Critical / High / Medium / Low severity
PII type breakdown — Aadhaar, DOB, Phone, Age, and more
One-click PDF, Excel & CSV compliance export
Detailed scan insights with affected files, tables, and columns

✓ All data processed within your own infrastructure

datasentinel.internal/dashboard
PII Scanner Dashboard
Live scan · GDPR · DPDP · HIPAA · PDPA covered
On-Premise Agent Architecture

Your Data Never Leaves Your Environment

Deploys as a lightweight agent inside your own perimeter — on-premise, private cloud, or air-gapped. It scans, reports, and masks entirely from the inside.

Runs Inside Your Perimeter
The agent installs on your own servers. Connects to internal data sources directly — no relay, no proxy, no middleman.
Direct Data Source Integration
Connects securely to databases, file systems, and internal applications to scan sensitive data without exporting or transferring it outside your environment.
Masking Happens In-Place
PII values are masked before they appear in any report. Raw sensitive values are never written to disk outside their source.
Reports Stay On Your Infrastructure
PDF and Excel compliance reports are generated locally. The web dashboard is accessible only within your internal network.
Your Organisation's Infrastructure
Internal Perimeter — Fully Isolated
Databases
File Shares
Private Cloud
MongoDB
SFTP / SMB
Data Lakes
PII Scanner Agent
Scanning · Classifying · Masking · Reporting
RUNNING
PDF/Excel Reports
Stored locally
Web Dashboard
Internal only
Zero Data Egress
External Cloud / Internet — No PII ever transmitted outbound
Smart Masking Examples — Format-Preserving, Type-AwareRaw values never stored or transmitted
PII TypeOriginal ValueMasked OutputStatus
Aadhaar9876 5432 1890XXXX XXXX 1890Masked
PAN CardABCDE1134FABCDE****FMasked
Emailjohn@acme.comj***@acme.comMasked
Phone+91 99765 43210+91 ***** 43210Masked
Regulatory Coverage

Built for DPDP, GDPR & HIPAA Compliance

Finding-level mapping across major regulatory frameworks — a complete evidence trail for your DPO and auditors.

India
India DPDP Act 2023
Digital Personal Data Protection Act

First-class support for Indian PII categories with native Aadhaar and PAN validators using government-standard algorithms. Detects UPI IDs, GSTIN, Voter IDs, and other India-specific identifiers. Multilingual NER support for regional Indian scripts and languages.

Aadhaar ValidatorPAN ValidatorUPI ID DetectionGSTIN DetectionVoter ID
Europe
GDPR
General Data Protection Regulation

Comprehensive personal data discovery across all data stores. Right-to-erasure support via smart masking. Data mapping output for Article 30 records of processing activities. Cross-border transfer risk flagging.

Personal Data DiscoveryRight to ErasureData Mapping (Art. 30)Risk ScoringMasking Support
USA · Healthcare
HIPAA
Health Insurance Portability & Accountability Act

Dedicated PHI classification covering Medical Record Numbers, blood group, health diagnoses, treatment data. Full Protected Health Information taxonomy. Maps findings to HIPAA Safe Harbor de-identification standard.

Medical Record NumbersBlood Group DetectionPHI ClassificationSafe Harbor MappingHealthcare Rule Pack
GDPR Art. 30
RoPA
Records of Processing Activities

PII Scanner's scan output feeds directly into your RoPA documentation workflow. Every scan produces a structured data inventory — data categories found, storage locations, retention indicators, and processing risk level.

Data Category InventoryStorage Location MappingRetention Indicators (ROT)Controller / Processor ViewArt. 30 Ready Export
GDPR Art. 35
DPIA
Data Protection Impact Assessment

Scan results provide the evidence layer for DPIA documentation. Risk scores (0–100), CRITICAL/HIGH/MEDIUM/LOW severity ratings, data volume exposure, and compliance gap findings map directly to DPIA necessity assessment, risk description, and proposed mitigation sections.

Risk Score per FindingSeverity ClassificationExposure Volume MetricsNecessity Assessment InputMitigation Evidence
50+ Integrations

Scan Sensitive Data Across Cloud, Databases & Files

From legacy on-premise databases to cloud data warehouses — connect your entire data estate without moving a byte.

Relational DatabasesCloud DatabasesNoSQL & DocumentObject & Cloud StorageNetwork & File SystemsFile FormatsRelational DatabasesCloud DatabasesNoSQL & DocumentObject & Cloud StorageNetwork & File SystemsFile FormatsRelational DatabasesCloud DatabasesNoSQL & DocumentObject & Cloud StorageNetwork & File SystemsFile Formats
File FormatsNetwork & File SystemsObject & Cloud StorageNoSQL & DocumentCloud DatabasesRelational DatabasesFile FormatsNetwork & File SystemsObject & Cloud StorageNoSQL & DocumentCloud DatabasesRelational DatabasesFile FormatsNetwork & File SystemsObject & Cloud StorageNoSQL & DocumentCloud DatabasesRelational Databases
Relational Databases
6 sources
Cloud Databases
6 sources
NoSQL & Document
2 sources
Object & Cloud Storage
3 sources
Network & File Systems
4 sources
File Formats
6 sources
Simple Yet Powerful Workflow

Three Steps to PII Visibility & Compliance

Connect → Discover → Act. From complete blind spots to full regulatory control in record time.

1

Connect

Point at any data source — database, cloud storage, filesystem, or network share. Configure credentials once; the factory-pattern connector handles the rest.

50+ ConnectorsOne-Time SetupAir-Gap Ready
2

Discover

ML + rule engine scans, classifies, and risk-scores every piece of sensitive data. Multi-core parallel processing with checkpoint persistence for uninterrupted scanning.

99%+ Accuracy5,000 files/minAuto-Resume
3

Act

Get compliance reports, trigger real-time alerts, mask data in place, and export audit-grade findings mapped to DPDP, GDPR, and HIPAA controls.

PDF & Excel ReportsSmart MaskingDPDP · GDPR · HIPAA
Why PII Scanner

Not Just a Scanner — A Complete Data Protection Platform

Built ground-up for enterprise requirements that generic open-source and cloud-based scanners cannot meet.

CapabilityPII ScannerGeneric Scanners
Offline / Air-Gap OperationFully offline, no cloud dependencyRequires cloud check-in
Machine-Bound LicensingOffline cryptographic machine bindingSaaS / cloud-only keys
ML-Powered NERML-powered NER, 99%+ accuracyRegex-only
India DPDP Act 2023 (Native)Aadhaar + PAN validators, GSTIN, UPINot supported
ROT Data AnalysisDuplicate detection, staleness scoringNot included
Checkpoint / Resume ScanningPersistent checkpointing, resume from positionRestart required on failure
Web Dashboard + SSEReal-time scan progress via SSEBasic CLI or SaaS portal
Data Never Leaves PerimeterMasking in-place; raw PII stays on sourceUploads samples for analysis
"

100% on-premise, zero cloud egress, production-grade PII discovery — built to meet DPDP Act 2023, GDPR, and HIPAA with full audit-grade evidence in every report.

— KavachOne PII Scanner · Enterprise Data Privacy

Frequently Asked

FAQ About PII Scanning & DPDP Compliance

Everything you need to know about deploying PII Scanner in your environment.

Does the scanner send any data to the cloud?
No. PII Scanner is an agent deployed directly on your own servers — it never leaves on-prem, never transmits scan data, and never uploads findings externally. All scanning, classification, masking, and reporting happens entirely within your infrastructure. Licensing is cryptographically verified offline with no cloud check-in required — suitable for air-gapped and classified environments.
Which compliance frameworks are supported?
PII Scanner provides finding-level mapping to three major frameworks: India DPDP Act 2023, GDPR (EU), and HIPAA (US healthcare). Every finding in every report includes explicit references to the applicable regulatory control — not a summary, a finding-level audit trail.
Can it scan encrypted or credential-protected databases?
Yes. You provide database credentials during scan configuration; the scanner connects and operates using read-only transactions exclusively. It never modifies, locks, or alters source data in any way. Credentials are stored securely on-premise and never transmitted.
How accurate is PII detection?
Enterprise+ tier includes our ML-powered NER engine achieving 99%+ accuracy with multilingual support for Indian and global scripts. All tiers also include the dual-engine rule system combining pattern matching and contextual keyword analysis.
Can scans resume if they are interrupted?
Yes. Built-in checkpointing persists job state continuously (configurable interval, default every 100 files). If a scan is interrupted by power loss, crash, or manual pause, it resumes from exactly where it stopped — not from the beginning. Incremental scanning uses file-hash change detection to avoid re-scanning unchanged content.
Is there programmatic access or orchestration support?
Yes (Enterprise and Enterprise+ tiers). A full programmatic interface is provided for orchestrating scans, retrieving findings, managing configurations, and integrating with your SIEM or data governance platform. The Web Dashboard uses Server-Sent Events (SSE) for real-time scan progress.
Get In Touch

Request an Enterprise Demo

Talk to a solutions engineer. We'll tailor a demo to your exact data sources and compliance requirements.

Enterprise Demo

See it work on your own data

Not synthetic data — your real environment. We'll walk through your compliance requirements and show exactly what PII Scanner finds.

Fast Deployment

Deploy on-premise in under 4 hours. No infrastructure changes required.

Your Data Stays Yours

Demo runs in your environment. No sample upload, no cloud egress.

Compliance Roadmap

Leave with a tailored compliance gap assessment for your top frameworks.

Trusted by enterprises across BFSI, e-commerce & Retail

Typically respond within 1 business day