PII Compliance Scanner
Paste any document. Docually detects personal information and tells you exactly which regulation clause applies to each finding — GDPR articles, CCPA sections, HIPAA Safe Harbor identifiers, PCI DSS requirements.
100% client-side. Nothing leaves your browser. No account required.
How It Works
- Paste. Drop your document text into the scanner. Nothing is uploaded — the text stays in your browser's memory.
- Scan. 13 pattern types run against your text with algorithmic validation (Luhn, area-number, check-digit). Overlapping matches are deduplicated.
- Map. Each finding is mapped to specific GDPR, CCPA, HIPAA, and PCI DSS clauses — the exact article, section, or requirement, with a plain-language summary and redaction guidance.
13 Pattern Types. 4 Regulations. Zero Upload.
Frequently Asked Questions
What types of PII does the scanner detect?
Docually scans for 13 PII pattern types: Social Security Numbers (with area validation), credit/debit card numbers (Luhn-verified), email addresses, US phone numbers, dates of birth, US street addresses, IPv4 addresses, IBANs, EINs, US passport numbers, Medicare beneficiary IDs, VINs (check-digit validated), and driver's license numbers.
Which regulations does the scanner map findings to?
Each finding is mapped to specific clauses in four frameworks: GDPR (General Data Protection Regulation, EU), CCPA (California Consumer Privacy Act, §1798.140), HIPAA (Safe Harbor de-identification standard, §164.514), and PCI DSS (Payment Card Industry Data Security Standard v4.0). You see the exact article, section, or requirement — not just the regulation name.
Is my document data safe?
Yes. Docually runs entirely in your browser. Your document text never leaves your device — there is no server, no API call, no upload. The scanner engine, validation algorithms, and regulation data are all embedded in the page JavaScript. You can verify this in your browser's network inspector.
How does the PII scanner work?
The engine runs 13 regex patterns against your text, validates matches using algorithms like Luhn (credit cards) and SSN area-number rules, removes overlapping matches, then maps each confirmed finding to the specific regulation clauses that govern that data type. Results are sorted by severity.
What does "regulation mapping" mean?
Most PII tools tell you "we found an SSN." Docually tells you WHY that matters: HIPAA Safe Harbor §164.514(b)(2)(i)(A) requires SSN removal for de-identification. CCPA §1798.140(v)(1)(A) lists SSN as personal information. GDPR Art. 87 subjects national IDs to member-state safeguards. This is the difference between detection and compliance.
Can I use this for HIPAA compliance?
Docually identifies which of the 18 HIPAA Safe Harbor identifiers appear in your document and cites the specific §164.514(b)(2)(i) subsection. However, Docually is a scanning tool — not a compliance certification. Use it to audit documents before sharing, then consult your compliance officer for final review.
How accurate is the scanner?
High-precision patterns (SSN, credit card, email, IBAN, MBI) use format validation plus algorithmic checks (Luhn, area-number rules, check digits). Context-dependent patterns (passport, driver's license) require nearby keywords to reduce false positives. No regex-based scanner achieves 100% recall — unstructured names, freeform addresses, and non-standard formats may be missed.
Is this tool free?
Yes. Docually is free with no account required and no usage limits. The site is supported by advertising.