DataGov AI turns scattered schemas into a cited, auditable record. It discovers PII, PHI, and PCI across every database you connect, maps each field to SOC 2, ISO 27001, GDPR, and HIPAA controls with retrieved evidence (not guesses), and quantifies breach exposure in dollars so leadership can prioritize remediation with confidence.
| Control | Name | When it is cited |
|---|---|---|
| SOC 2 · CC6.1 | Logical and physical access controls | Cited when PII fields are found without access restrictions; gap flagged with remediation. |
| GDPR · Art. 32(1)(b) | Security of processing | Cited for PCI and PHI where encryption-in-transit evidence is missing from the scan. |
| ISO/IEC 27001 · A.5.34 | Privacy and protection of PII | Cited against classified PII with the retrieved control text attached as evidence. |
| HIPAA · §164.312(a)(1) | Access control (ePHI) | Cited for PHI fields; gap raised where access-control evidence is absent. |
How it works → RAG retrieval over a control-text corpus ranks the most relevant controls per field, then attaches the control id and retrieved evidence to each mapping. Verified end-to-end: cited compliance returns citation + evidence + framework + control_id for every sensitive field.
Connect PostgreSQL, MySQL, MongoDB, SQLite, or S3 and scan in real time. Schema, sample rows, and column metadata are extracted automatically and persisted to the governance database.
Detect PII, PHI, and PCI with confidence scores using rule-based heuristics, optionally enhanced by the LLM you configure centrally in Settings. No per-module re-entry.
Each sensitive field is mapped to SOC 2, ISO 27001, GDPR, and HIPAA using RAG retrieval over the control corpus. Every mapping carries a control id and retrieved evidence, with a live compliance score.
Trace how data flows from databases through tables to sensitive fields, with sensitivity and risk annotated on every node, so auditors see the full blast radius of any field.
A single dollar-quantified breach exposure score, top-risk elements, and auto-generated masking, encryption, retention, and access policies. Exportable to PDF for the audit binder.
| Ref | Capability | Outcome | State |
|---|---|---|---|
| DG-D01 | Live discovery | Connect PostgreSQL, MySQL, MongoDB, SQLite, or S3 and scan in real time. Connections persist in the governance database; no reconnect on refresh, ever. | live |
| DG-C02 | Confidence-scored classification | PII / PHI / PCI tagging with per-field confidence and a recommended action, upgradeable by a centrally-configured LLM. Rule-based fallback keeps classification working offline. | cited |
| DG-M03 | RAG-cited compliance | Every control mapping is grounded by retrieval over the control corpus, returning control id + retrieved evidence + framework, not a black-box label. SOC 2, ISO 27001, GDPR, HIPAA with live gap scoring. | cited |
| DG-L04 | Sensitivity-aware lineage | Interactive data-flow graph from database to table to field, with classification and risk annotated on every node. The blast radius auditors ask for, on one screen. | mapped |
| DG-R05 | Dollar-quantified risk | A single breach-exposure figure (sensitivity × exposure × lineage) that leadership actually acts on, with top-risk fields and prioritized recommendations. Exportable to PDF. | quantified |
| DG-P06 | Auto-enforced governance | LLM-suggested masking, encryption, tokenization, retention, and access policies with rationale and impact, plus an append-only, database-backed audit trail separated by scan and application scope. | enforced |
| DG-A07 | Agentic governance assistant | A ReAct assistant that inspects your scan and takes action: approve or revoke policies, summarize risk, recommend next steps. Connection-tested LLM connectivity before you chat. | agentic |
| DG-G08 | Automated data dictionary & glossary | The LLM generates business definitions and a glossary term for every raw column from its name and sample data, turning opaque schemas into a shared, auditable business vocabulary. | generated |
The risk model weighs classification sensitivity, exposure breadth, and lineage reach into a single dollar figure, the number leadership actually acts on. Every report exports to PDF for the audit binder.
Sign in with your email account, connect a source, and run a scan. Connection credentials are encrypted at rest and never persisted in plaintext.