Shield Data Map
Deploy a lightweight agent on your infrastructure. It scans your databases and filesystems, classifies PII against DPDPA categories, and feeds your RoPA — without raw data ever leaving your servers.
Why you need it
Raw data stays on your servers. Only findings metadata (column name, PII type, confidence) reaches the platform. Verified in the agent source code.
The scanner agent is a Docker container you deploy inside your own network. It makes outbound HTTPS calls to the platform only — no inbound ports required.
Column samples are analysed locally and discarded immediately after classification. What reaches the platform is metadata only: column name, PII type, confidence score, row count.
PostgreSQL, MySQL, MongoDB, Microsoft SQL Server, and filesystem (CSV, JSON, Excel, logs). Read-only enforcement at the driver level — the agent cannot write to your databases.
40+ Indian PII types mapped to DPDPA tiers: Special Category (Aadhaar, PAN, health data), Sensitive (financial, biometric), and Personal. Powered by pattern matching and optional AI reclassification.
Discovered assets are auto-matched to your existing processing purposes. Review candidates in the Operations tab and promote them to your RoPA with pre-filled metadata.
Link scanner sources to breach incidents. Instantly see which PII categories and how many data principals were potentially exposed — with the exact table/column breakdown.
Each agent instance is bound to its host environment via a cryptographic fingerprint. Copying an agent credential to another machine is detected and flagged as a security alert.
Configure daily, weekly, or monthly scans per source. Trigger manual scans from the dashboard. Drift alerts notify you when new PII columns appear or existing ones disappear.
Shield Data Map is available on all plans. Scan frequency and number of sources vary by plan.
DPDPA Section 8(3) requires Data Fiduciaries to erase personal data once its processing purpose is fulfilled. You cannot erase what you have not mapped. Many organisations find PII in unexpected places — logs, exported CSVs, legacy tables — that manual RoPA exercises miss entirely. Shield Data Map answers the first question: what personal data do you actually hold, and where?
The agent samples up to 500 row values per column for pattern matching. These values are analysed locally inside your infrastructure and discarded immediately after classification. The platform only receives metadata: schema name, table name, column name, detected PII type, confidence score, and row count estimate. No cell values, no hashed identifiers, no raw data ever leaves your servers.
The slim image supports PostgreSQL, MySQL, MongoDB, and filesystem sources (CSV, JSON, Excel, log files up to 50 MB). The full image adds Microsoft SQL Server via ODBC Driver 18. Oracle, SAP HANA, Snowflake, BigQuery, and cloud-native stores are on the roadmap but not yet available.
For PostgreSQL, the agent sets SET SESSION CHARACTERISTICS AS TRANSACTION READ ONLY at the driver level and verifies it before scanning — a write attempt would throw an error. For MySQL, it checks SHOW GRANTS and aborts if INSERT/UPDATE/DELETE permissions are present. Filesystem mounts use the :ro Docker flag, enforced at the kernel level.
Shield Data Map is available on all plans including Starter. The number of sources and scan frequency vary by plan. See pricing for details.
Deploy the agent, connect your databases, and get a complete personal data map in under an hour. Your data never leaves your infrastructure.
The honest answer to whether DPDPA 2023 applies to Indian startups, including the Section 8(3) data minimisation obligation.
How-ToUnderstanding what personal data you hold is a prerequisite to building a valid consent notice. Data Map is the starting point.
Prove every consent. Court-admissible SHA-256 proof.
Learn moreCategory-based banner, script blocking, automated scanner.
Learn moreOTP-verified portal. 30-day SLA countdown.
Learn moreNever miss the 72-hour Board notification window.
Learn moreReal-time 0–100 compliance health score.
Learn moreMap every asset, processor, and data flow. Auto-generate RoPA.
Learn moreTrack, score, and treat every DPDPA risk. Growth+.
Learn moreAutomated security scoring for every data processor. Growth+.
Learn moreAI co-pilot with DPDPA citations, policy drafts, PII classification.
Learn moreAWS scanner - CIS → ISO → DPDPA triple mapping. Business+.
Learn moreChildren's data, DPIA, SDF - highest-penalty coverage.
Learn more40+ Indian PII types. Scan and auto-populate Data Inventory. Free.
Learn more