26.4 · April 18 Try it free →
// security model

Your scan data never leaves your network. Here is exactly what does.

Most security pages assert "we don't send your data." We list every byte that leaves the binary, when it leaves, and the flag that turns it off. Read the ledger below — then verify it yourself with tcpdump.

Network ledger ↓ Air-gapped mode [email protected]
required POST
api.eligian.com
/v1/license/register
optional GET
downloads.eligian.com
/piicrawler/latest.json
optional POST
api.eligian.com
/v1/errors
optional POST
api.eligian.com
/v1/events
// threat model

What this tool protects against — and what it doesn't.

Honest scope. The product is narrow on purpose: it finds PII in files you point it at, and it does that locally. It is not an EDR, a DLP suite, or a magic compliance button.

What we protect against
  • Your scan data being read or stored by a third-party SaaS provider
  • PII matches landing in cloud logs, search indices, or backups outside your control
  • A breach of Eligian Labs exposing your customers
  • Vendor lock-in or service deprecation cutting off your ability to scan
What is out of scope
  • Files written to disk by other software on the same machine
  • Operating-system-level keyloggers, rootkits, or compromised hardware
  • A malicious actor with shell access to the machine running PII Crawler
  • Network monitoring by your own infrastructure team (which you can configure)
Who you have to trust
  • Yourself — you choose what to scan and where the report lands
  • Your filesystem and OS — same as any tool that reads files
  • Eligian Labs to deliver a code-signed binary that does what this page says
  • Not a SaaS. Not a cloud account. Not an API key.
// network ledger

Every byte that leaves the binary.

Four endpoints. Three optional. None of them carry your scan data — see the exact request bodies below.

Method Endpoint When Status
purpose

Verifies your purchase and activates the binary.

note

Bypass entirely with an offline license token issued by Eligian Labs.

disable with
--offline-license <token>
request body — exact, no other fields
{
"email": "[email protected]"
"product": "piicrawler"
"version": "3.2.1"
"os": "darwin"
"arch": "arm64"
}
purpose

Tells you when a new version exists. You decide whether to fetch it.

note

A static JSON. No body sent. No cookies. No User-Agent string beyond the default.

disable with
--no-update-check
response (no request body sent)
{
"latest": "3.2.1"
"released": "2026-04-18"
"sha256": "a91f…"
}
purpose

Helps fix crashes. Never sent on a clean run.

note

Stack trace is filtered for absolute paths under your home directory before send.

disable with
--no-error-reporting
request body — exact, no other fields
{
"message": "TypeError: cannot read property 'foo' of undefined"
"class": "TypeError"
"stack": [
"at scan() piicrawler/scan.go:142"
"at main() piicrawler/main.go:38"
]
"version": "3.2.1"
}
purpose

Tells us which UI features matter so we can prioritize.

note

CLI-only usage sends zero analytics events. Ever.

disable with
--no-analytics (or just use the CLI)
request body — exact, no other fields
{
"event": "ui.filter_applied"
"version": "3.2.1"
}

This list is exhaustive. If we ever add an endpoint, this page changes first.

// --air-gapped

One flag. Zero packets.

--air-gapped disables all four endpoints in one command. --verify-airgap opens a packet listener while the scan runs and prints the count of outbound packets at the end.

license check● skipped
update probe● disabled
error reporting● disabled
analytics● disabled
verify-airgap ● running ● verified
$ piicrawler scan ~/share --air-gapped --verify-airgap
piicrawler 3.2.1 · air-gapped mode
license check ........................ skipped (offline token)
update probe ......................... disabled
error reporting ...................... disabled
analytics ............................ disabled
opening listener for outbound packets...
scanning ~/share/ (14,302 files)
✓ scan complete · 47.2s
✓ outbound packets observed: 0
✓ DNS queries: 0
✓ TLS handshakes: 0
report → /Users/me/report.csv
// access control

Least privilege by default.

PII Crawler runs as your user. It can only see what you can see. There is no service to start, nothing to add to sudoers.

What it has access to
  • Read access to the folders you point it at
  • Read access to your chosen database (sampled, in memory)
  • Write access to the report directory you specify
What it does not touch
  • Root or administrator privileges
  • Access to system folders, /etc, registry, or keychain
  • Network access (with --air-gapped)
  • Access to any folder you didn't explicitly include
  • A persistent service or background daemon
// what leaves vs. what doesn't

The whole truth, in a grid.

Every category of data, every endpoint. A green check is something that is sent. A red ✗ is something that is never sent under any condition.

Data License Updates Errors Analytics
Email address (you provided)
Operating system & CPU arch
Product version
Exception message & stack trace
UI feature event names
File contents
Scan results / matches
Discovered PII (SSN, names, addresses, emails…)
File paths and filenames
Hostname or machine name
Username / login
Local IP addresses
Database credentials or connection strings
Folder structure of scanned shares
sent under the conditions on this page never sent under any condition
// verify it yourself

Don't trust this page. Test it.

Three concrete checks any sysadmin can run. None take more than a few minutes.

01

Run it behind a firewall

Block egress from the host. Run a scan with --air-gapped. Watch the scan complete with zero connection attempts in your firewall logs.

iptables -A OUTPUT -m owner --uid-owner piicrawler -j DROP
02

Listen with tcpdump

Capture the loopback and external interfaces while a scan runs. Inspect the pcap. There is nothing to find.

sudo tcpdump -i any -n -w airgap.pcap & piicrawler scan ~/share --air-gapped
03

Verify the binary signature

macOS: codesign --verify. Windows: signtool verify. Linux: gpg --verify against the published .sig. SHA256 of every release on this page.

codesign --verify --strict --verbose=2 /Applications/PIICrawler.app
// provenance

Every release, signed. Every hash, public.

We code-sign every binary on every platform. Hashes and detached signatures are published before the binary is. Fingerprint your download, then compare.

VersionDatePlatformSHA-256 / Signature
3.2.1 2026-04-18 macOS
Developer ID: Eligian Labs LLC (XYZ1234ABC)
sha256:a91f3c2b8d4e7f1a96b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f
3.2.1 2026-04-18 Windows
Authenticode: Eligian Labs LLC
sha256:b03e4d3c9e5f8a2b07c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a
3.2.1 2026-04-18 Linux
GPG: 0x4F3A2B1C9D8E7F60
sha256:c14f5e4daf609b3c18d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b
// responsible disclosure

Find a bug? Tell us.

Email the security team directly. We respond within 48 hours, work the fix with you privately, and credit you in the release notes if you'd like.

[email protected] PGP key ↓
SLA
48h
initial response
7d
triage & impact assessment
30d
fix or compensating control
90d
public disclosure (with credit)