Find every unencryptedSSN in your files. Air-gapped. Yours forever.
PII Crawler scans your files, network shares, and databases on your own hardware. Surface the SSNs, addresses, names, and emails hiding where SaaS tools can’t reach. Nothing ever leaves your network.
NER: en_core_web_lg · regex: 38 patternsnet out: 0 B
0 B
outbound during scan
47s
avg. for 14k files
30+
PII types detected
$0
after one-time license
// the gap
You can't secure what you can't see.
PII leaks into places you never put it. The SaaS scanners marketed at you all want to ingest your files into their cloud to find PII — which is the opposite of what your security team signed up for.
.pptx
4 SSNs
Embedded source data
A "summary" chart in a board deck still ships the customer rows it was built from — buried inside the slide XML.
.csv
8,421 emails
Forgotten archives
Last quarter’s backup landed on a public share and nobody owns it. Your scanner can’t reach it from the cloud.
.png
142 names
Screenshots
Order confirmations attached to support tickets carry SSNs and addresses inside the raw image. OCR finds them.
// coverage
Sees what other scanners miss.
Pattern matching layered with named-entity recognition. Your report isn't 80% false positives.
SSNEMAILNAMEADDRESSPHONEIPDOBCC#IBANPASSPORT+20
PDFs (with OCR on embedded images)✓
.docx, .xlsx, .pptx, legacy OLE✓
CSV streamed (any size)✓
Postgres / MySQL / SQL Serversampled in memory
SMB / NFS network shares✓
.zip / .tar.gz / .7z archivesopened in place
❯piicrawlerscan-2026-04-25 · 14,302 files · 47s● live filter
filtered in process · no re-scannet out: 0 B
// security model
Your data never leaves your network.
That's not a marketing claim. Run it offline and watch the network counter stay at zero.
verified outbound traffic during scan
tcp.out0 B
udp.out0 B
dns.queries0
tls.handshakes0
01
No outbound network calls during file scans.
Run on an air-gapped host. No license server check, no telemetry, no update probe.
02
Database scanning is sampled, in-memory.
A bounded sample is read over your direct DB connection and scanned in process — never written to disk, never transmitted elsewhere.
03
GDPR & CCPA Article 30 ready.
Export CSV reports satisfy "record of processing" and "categories of personal data" requirements out of the box.
04
No account, no API key, no SaaS.
You receive a signed binary. You own it. There is no service to be deprecated, breached, or repriced.
"I appreciate your ongoing development of the product and super fast support!"
— Jon S.verified buyer
// FAQ
Frequently asked questions.
Yes. No monthly fees, no per-user fees, no support contracts, no renewals. You don't rent PII Crawler — you buy it. The binary is yours.
macOS (Apple Silicon), Windows, and Linux. Both a desktop GUI and a CLI build are available for each platform.
Files on local disks and network shares (PDFs with embedded images, Word, Excel, CSV, archives), plus SQL databases. Database rows are sampled and scanned in memory on the machine running PII Crawler.
SSN, email, phone, full name, street address, city / state / ZIP, date of birth, credit-card numbers, IBAN, IP, passport — plus 20+ additional types. New types ship regularly.
Yes. The CLI build emits JSON/CSV and supports --exit-code-on so a build fails automatically when high-severity matches are found. Run it from cron, GitHub Actions, GitLab CI, anywhere.
No. During file scanning, PII Crawler reads and analyzes data on the machine it's running on. It doesn't send or collect any of the data outside your network. Database scans connect directly to your DB; samples are scanned in memory and never written to disk.
The download is the demo. Fully functional, no credit card, no account. Run it on your data and decide.
14-day money-back, no questions asked.
// download
Start scanning in under a minute.
Full trial. No credit card. Runs on your laptop or server.