Sanitize. Comply. Keep.

Paste any document. Docually detects personal information and tells you exactly which regulation clause applies to each finding.

13 PII pattern types. 4 regulation frameworks. 100% client-side. Nothing uploaded.

Scan a Document

Three Tools. One Compliance Workflow.

Hero Tool

PII Compliance Scanner

Paste any document. Detect SSNs, credit cards, emails, health IDs — and see which regulation clause applies to each finding.

Validation

Clean Check Validator

Already redacted? Paste the sanitized version to confirm no PII slipped through. Pass/fail verdict with missed findings on failure.

Reference

Regulation Explorer

Browse PII types by regulation framework. See which GDPR, CCPA, HIPAA, and PCI DSS clauses govern each data pattern.

What Makes Docually Different

Every PII tool detects patterns. Docually maps each finding to the specific regulation clause that governs it.

Other tools say

"SSN detected at position 147"

Docually says

"SSN → HIPAA §164.514(b)(2)(i)(A): must remove for Safe Harbor. CCPA §1798.140(v)(1)(A): personal information. GDPR Art. 87: national ID safeguards."

How It Works

  1. Paste. Drop your document text into the scanner. Nothing is uploaded — text stays in your browser's memory.
  2. Detect. 13 pattern types scan your text with Luhn, area-number, and check-digit validation. Overlapping matches are deduplicated.
  3. Map. Each finding is mapped to specific GDPR, CCPA, HIPAA, and PCI DSS clauses with plain-language summaries and redaction guidance.
  4. Act. View the redacted document, copy the compliance report, or run Clean Check to validate your sanitization.

Frequently Asked Questions

What is Docually?

Docually is a free, browser-based compliance document sanitization tool. It scans text for personally identifiable information (PII) and maps each finding to the specific regulation clauses that govern it — GDPR articles, CCPA sections, HIPAA Safe Harbor identifiers, and PCI DSS requirements.

What types of PII does Docually detect?

Docually scans for 13 pattern types: Social Security Numbers, credit/debit card numbers, email addresses, US phone numbers, dates of birth, US street addresses, IPv4 addresses, IBANs, EINs, US passport numbers, Medicare beneficiary IDs, VINs, and driver's license numbers. High-precision patterns use algorithmic validation (Luhn, area-number rules, check digits).

Which regulations does Docually reference?

Four frameworks: GDPR (General Data Protection Regulation, EU), CCPA (California Consumer Privacy Act §1798.140), HIPAA (Safe Harbor de-identification standard §164.514, the 18 identifiers), and PCI DSS (Payment Card Industry Data Security Standard v4.0). Each finding cites the specific clause, not just the regulation name.

Is my document data safe?

Yes. All processing runs in your browser. Your document text never leaves your device — there is no server upload, no API call, no cloud processing. The scanner engine, validation algorithms, and regulation data are embedded in the page JavaScript. Verify in your browser's network inspector.

How does the PII scanner work?

The engine runs 13 regex patterns against your text, validates matches using algorithms like Luhn (credit cards) and SSN area-number rules, deduplicates overlapping matches, then maps each confirmed finding to the specific regulation clauses that govern that data type. Results are sorted by severity (critical, high, medium, low).

What is regulation mapping?

Most PII tools detect patterns. Docually tells you WHY each pattern matters: which specific law, article, section, or requirement governs that data type. An SSN triggers HIPAA Safe Harbor §164.514(b)(2)(i)(A), CCPA §1798.140(v)(1)(A), and GDPR Art. 87 — not just "SSN detected."

What is Clean Check?

Clean Check is the reverse of the PII scanner. Instead of finding PII for the first time, it validates that a document you've already sanitized is actually clean. Paste your redacted document and get a pass/fail verdict. If it fails, you see exactly what was missed.

Is Docually free?

Yes. Docually is free with no account required and no usage limits. The site is supported by advertising.

Does Docually replace a compliance officer?

No. Docually is a scanning tool that identifies common PII patterns and cites relevant regulation clauses. It does not provide legal advice, compliance certification, or risk assessment. Use it as one step in your compliance workflow alongside qualified professionals.

Can I use Docually for HIPAA de-identification?

Docually identifies which of the 18 HIPAA Safe Harbor identifiers (§164.514(b)(2)(i)) appear in your document. However, Safe Harbor de-identification requires removal of ALL 18 types plus a determination that residual information cannot identify an individual. Docually covers 8 of the 18 identifier types via regex — others (names, photos, biometrics) require different detection methods.