The PII scanner that never sees your data.

Every cloud DLP tool wants to ingest your files to protect them. PII Crawler scans your files, network shares, and databases on your own hardware — surfacing the SSNs, names, and card numbers hiding where SaaS tools can’t reach. Outbound traffic during a scan: 0 bytes.

Fully functional for 7 days. No credit card.
or buy now → $497 · one-time, yours forever
piicrawler new scan → ssn ● air-gapped
NER: en_core_web_lg · regex: 38 patterns net out: 0 B
0 B
outbound during scan
47s
for a 14k-file share
30+
PII types detected
OCR
reads PII inside images
// the gap

You can't secure what you can't see.

PII leaks into places you never put it. Every SaaS scanner marketed at you wants to ingest your files into its cloud to find PII — the opposite of what your security team signed up for.

.pptx
4 SSNs
Embedded source data
A "summary" chart in a board deck still ships the customer rows it was built from — buried inside the slide XML.
.csv
8,421 emails
Forgotten archives
Last quarter’s backup landed on a public share and nobody owns it. Your scanner can’t reach it from the cloud.
.png
142 SSNs
Screenshots
Order confirmations attached to support tickets carry SSNs and addresses inside the raw image. OCR finds them.
// coverage

Sees what other
scanners miss.

Pattern matching layered with named-entity recognition, reading inside the places PII hides: slide XML, spreadsheet cells, archives, and the images embedded in PDFs. Every match shows the text around it, so you can judge it without opening the file.

SSN EMAIL NAME ADDRESS PHONE IP DOB CC# IBAN PASSPORT +20
PDFs (with OCR on embedded images)
.docx, .xlsx, .pptx, legacy OLE
CSV streamed (any size)
Postgres / MySQL / SQL Serversampled in memory
SMB / NFS network shares
.zip / .tar.gz / .7z archivesopened in place
piicrawler findings · show context ● match context
surrounding text inline · no file opening net out: 0 B
piicrawler mark fp · ignore folder ● triage
verdicts persist · reruns keep your work net out: 0 B
// triage

Clear the noise in clicks, not afternoons.

Layered detection keeps your report from being 80% false positives. But a real scan still surfaces matches that look like PII and aren’t — test fixtures, sample data, a vendor SDK. Dismiss them at the right scope and they stay dismissed: verdicts are saved with the scan, so a rerun never undoes your review.

  1. 01
    Mark one value as a false positive — everywhere at once
    123-45-6789 → fp · all 400 occurrences cleared
  2. 02
    Ignore an entire folder in one click
    vendor/ → ignored, recursively
  3. 03
    Export a clean report of what’s left
    piicrawler export 42 --exclude-fp
// use case

Prove the drive is clean before it leaves the building.

Decommissioned laptops, server disks, and backup drives walk out the door full of customer records. A factory reset or quick format isn’t proof. Scan each disk before it goes to the recycler or resale, surface any PII a wipe missed, and keep the report as your record of disposal.

  1. 01
    Scan the disk to see exactly what PII is still on it
    piicrawler scan /mnt/decom-disk-04 --out before.csv
  2. 02
    Wipe or destroy the media with your own sanitization tool
    shred / blancco / drive destruction
  3. 03
    Re-scan to confirm zero PII remains before it ships
    piicrawler scan /mnt/decom-disk-04 --out after.csv
re-scan verdict before recycle
ssn0
email0
name0
credit-card0
verdictCLEAN
ssh piicrawler --tui ● remote tui
single static binary · no agent · no daemon net out: 0 B
// remote

Scan any machine you can SSH into.

No agents to install, no daemons to register. scp the single static binary to any host, ssh in, and run ./piicrawler — start a scan and review the results without leaving your terminal. Or skip the UI entirely: ./piicrawler scan / > report.json.

// security model

Your data never leaves your network.

That's not a marketing claim. Run it offline and watch the network counter stay at zero.

verified outbound traffic during scan
tcp.out0 B
udp.out0 B
dns.queries0
tls.handshakes0
01
No outbound network calls during file scans.
Run on an air-gapped host. No license server check, no telemetry, no update probe.
02
Database scanning is sampled, in-memory.
A bounded sample is read over your direct DB connection and scanned in process — never written to disk, never transmitted elsewhere.
03
Ready for GDPR Article 30 & CCPA.
Exported CSV reports satisfy "record of processing" and "categories of personal data" requirements out of the box.
04
No account, no API key, no SaaS.
You receive a signed binary. You own it. There is no service to be deprecated, breached, or repriced.
GDPR CCPA HIPAA-aligned SOC2 evidence
// who builds this

A small team with no reason to want your data.

PII Crawler is built by Eligian Labs — an independent team, now shipping the product’s second generation, and the same people who answer [email protected]. There’s no VC and no data business behind it: the revenue is the license, so the product has no reason to phone home. If it finds something sensitive, we never know.

“I appreciate your ongoing development of the product and super fast support!” — Jon S., customer
// pricing

One payment. Not a subscription.

$497 to find the PII first. The average data breach costs $4.44M (IBM, 2025) — and it starts with a file nobody knew was there.

Enterprise SaaS
$2,000+ /mo
≈ $72,000 · 3 yr
×Per-user / per-GB billing
×Data leaves your network
×Annual renewals · forever
×Months of procurement
PII Crawler
$497 once
save $71,500+ over 3 yr
Unlimited users · machines · scans
Air-gapped on your hardware
Binary is yours · no renewals
Mac · Windows · Linux + CLI
Email support from the people who wrote it
Own it → $497
14-day refund · no questions asked
// FAQ

Frequently asked questions.

Yes. No monthly fees, no per-user fees, no support contracts, no renewals. You don't rent PII Crawler — you buy it. The binary is yours.
macOS (Apple Silicon), Windows, and Linux. Both a desktop GUI and a CLI build are available for each platform.
Files on local disks and network shares (PDFs with embedded images, Word, Excel, CSV, archives), plus SQL databases. Database rows are sampled and scanned in memory on the machine running PII Crawler.
SSN, email, phone, full name, street address, city / state / ZIP, date of birth, credit-card numbers, IBAN, IP, passport — plus 20+ additional types. New types ship regularly.
Yes. The CLI build emits JSON/CSV and supports --exit-code-on so a build fails automatically when high-severity matches are found. Run it from cron, GitHub Actions, GitLab CI, anywhere.
No. During file scanning, PII Crawler reads and analyzes data on the machine it's running on. It doesn't send or collect any of the data outside your network. Database scans connect directly to your DB; samples are scanned in memory and never written to disk.
Every build is signed — Apple-notarized on macOS, Authenticode on Windows. During scans it makes zero outbound network calls: run it on an air-gapped machine, or watch it with a network monitor and the counters stay at zero. The security docs describe the full model.
The download is the demo. Fully functional for 7 days — no credit card, no account. Run it on your data and decide.
Scanning pauses until you register a license — your install and any reports you've already exported stay put. Buying drops a license key into the same install, so you pick up exactly where you left off. No reinstall, no re-scan, no account to create.
14-day money-back, no questions asked.

Run it on your own files in the next minute.

Nothing leaves your network. No account, no credit card. The download is the full product for 7 days.

// download

Start scanning in under a minute.

Free 7-day trial. No credit card. Runs on your laptop or server.
macOS
Apple Silicon (M1 and later) · signed
app + command line
Download free trial ↓
Signed & notarized — opens with a double-click
14-day refund · no questions asked
Windows
win-x64 · signed
app + command line
Download free trial ↓
Authenticode-signed installer
14-day refund · no questions asked
Linux
linux-x64
piicrawler-cli-linux.tar.gz
Download free trial ↓
Single static binary — no install, no dependencies
14-day refund · no questions asked
Then, three commands to your first findings:
  1. 01
    Unpack and put it on your PATH
    tar -xzf piicrawler-cli-linux.tar.gz && sudo mv piicrawler /usr/local/bin/
  2. 02
    See it work on throwaway sample data — nothing on your disk is touched
    piicrawler demo
  3. 03
    Scan a real folder and write a report
    piicrawler scan ~/share --out report.csv
Prefer a UI? Double-click the macOS app or run the Windows installer and the web UI opens in your browser. Full quickstart →
Existing customer on a first-gen (JVM) build? Legacy downloads →