DG-CTRL · Enterprise data governance

Every sensitive field, classified and cited, before the auditor asks.

DataGov AI turns scattered schemas into a cited, auditable record. It discovers PII, PHI, and PCI across every database you connect, maps each field to SOC 2, ISO 27001, GDPR, and HIPAA controls with retrieved evidence (not guesses), and quantifies breach exposure in dollars so leadership can prioritize remediation with confidence.

demo-scan results → 847 elements discovered · 558 classified · 23 gaps cited · $4.4M breach exposure
datagov ▸ scan demo-scan CLASSIFYING
0 fields tagged PII 0 · PHI 0 · PCI 0

Every mapping comes with a citation, not a guess.

ControlNameWhen it is cited
SOC 2 · CC6.1 Logical and physical access controls Cited when PII fields are found without access restrictions; gap flagged with remediation.
GDPR · Art. 32(1)(b) Security of processing Cited for PCI and PHI where encryption-in-transit evidence is missing from the scan.
ISO/IEC 27001 · A.5.34 Privacy and protection of PII Cited against classified PII with the retrieved control text attached as evidence.
HIPAA · §164.312(a)(1) Access control (ePHI) Cited for PHI fields; gap raised where access-control evidence is absent.

How it works → RAG retrieval over a control-text corpus ranks the most relevant controls per field, then attaches the control id and retrieved evidence to each mapping. Verified end-to-end: cited compliance returns citation + evidence + framework + control_id for every sensitive field.

From connection to cited control, end to end.

STEP 01DG-D01

Discovery

Connect PostgreSQL, MySQL, MongoDB, SQLite, or S3 and scan in real time. Schema, sample rows, and column metadata are extracted automatically and persisted to the governance database.

847 elements · live
STEP 02DG-C02

Classification

Detect PII, PHI, and PCI with confidence scores using rule-based heuristics, optionally enhanced by the LLM you configure centrally in Settings. No per-module re-entry.

342 PII · 89 PHI · 127 PCI
STEP 03DG-M03

Cited compliance mapping

Each sensitive field is mapped to SOC 2, ISO 27001, GDPR, and HIPAA using RAG retrieval over the control corpus. Every mapping carries a control id and retrieved evidence, with a live compliance score.

23 gaps cited
STEP 04DG-L04

Data lineage

Trace how data flows from databases through tables to sensitive fields, with sensitivity and risk annotated on every node, so auditors see the full blast radius of any field.

47 sensitive paths
STEP 05DG-R05

Risk & remediation

A single dollar-quantified breach exposure score, top-risk elements, and auto-generated masking, encryption, retention, and access policies. Exportable to PDF for the audit binder.

$4.4M exposure

What the platform does, and why it is different.

RefCapabilityOutcomeState
DG-D01 Live discovery Connect PostgreSQL, MySQL, MongoDB, SQLite, or S3 and scan in real time. Connections persist in the governance database; no reconnect on refresh, ever. live
DG-C02 Confidence-scored classification PII / PHI / PCI tagging with per-field confidence and a recommended action, upgradeable by a centrally-configured LLM. Rule-based fallback keeps classification working offline. cited
DG-M03 RAG-cited compliance Every control mapping is grounded by retrieval over the control corpus, returning control id + retrieved evidence + framework, not a black-box label. SOC 2, ISO 27001, GDPR, HIPAA with live gap scoring. cited
DG-L04 Sensitivity-aware lineage Interactive data-flow graph from database to table to field, with classification and risk annotated on every node. The blast radius auditors ask for, on one screen. mapped
DG-R05 Dollar-quantified risk A single breach-exposure figure (sensitivity × exposure × lineage) that leadership actually acts on, with top-risk fields and prioritized recommendations. Exportable to PDF. quantified
DG-P06 Auto-enforced governance LLM-suggested masking, encryption, tokenization, retention, and access policies with rationale and impact, plus an append-only, database-backed audit trail separated by scan and application scope. enforced
DG-A07 Agentic governance assistant A ReAct assistant that inspects your scan and takes action: approve or revoke policies, summarize risk, recommend next steps. Connection-tested LLM connectivity before you chat. agentic
DG-G08 Automated data dictionary & glossary The LLM generates business definitions and a glossary term for every raw column from its name and sample data, turning opaque schemas into a shared, auditable business vocabulary. generated
Breach exposure · demo-scan
$4.4M

The risk model weighs classification sensitivity, exposure breadth, and lineage reach into a single dollar figure, the number leadership actually acts on. Every report exports to PDF for the audit binder.

model: sensitivity × exposure × lineage · provenance: demo-scan

Run your first scan before lunch.

Sign in with your email account, connect a source, and run a scan. Connection credentials are encrypted at rest and never persisted in plaintext.

Sign in & run a scan →
Encrypted at rest · never persisted in plaintext