Frequently Asked Questions

piisafe.eu is a free website PII scanner that detects 320+ types of exposed personal information on websites. It uses deterministic pattern matching to find sensitive data like emails, phone numbers, IBANs, credit cards, and government IDs across 48 languages with zero-knowledge architecture—meaning your scan results never leave your browser.

Privacy officers, developers, compliance teams, and security auditors use piisafe.eu to find exposed PII before regulators do. It's ideal for pre-launch audits, GDPR/HIPAA verification, vendor assessment, and incident response.

Yes, completely free with no registration required. The free tier allows approximately 10 scans per hour with up to 10 pages per scan. For higher volume scanning, you can optionally add an API key from cloak.business or anonym.legal.

cloak.business offers 320+ entity types with 7 anonymization methods (enterprise-focused). anonym.legal offers 285+ entity types with MCP Server integration (developer-focused). Both support 48 languages and are built by curta.solutions in Germany.

piisafe.eu is built by curta.solutions, a German company with 27+ years of experience in data protection and PII handling. The product suite includes cloak.business, anonym.legal, anonym.plus, and anonymize.solutions.

Zero-knowledge means piisafe.eu physically cannot access your scan data. All processing happens in your browser's memory. Results are delivered directly to you—they never touch our servers. After you close the browser, scan data is gone forever.

No. piisafe.eu uses in-memory processing only. Scan data doesn't persist on disk or in databases. Once your session ends, results are deleted. We have no ability to store, access, or sell scan data because it never reaches our infrastructure.

All processing occurs on German servers (Hetzner infrastructure in Nuremberg). ISO 27001 certified. No third-country data transfers. Your website content is fetched, analyzed in memory, and results stream directly to your browser.

Yes. piisafe.eu is fully GDPR Article 44 compliant with no third-country data transfers. No tracking, no cookies (except essential), no analytics. Zero personal data collection. Privacy policy available at /legal/privacy.html.

No. This is the core principle of zero-knowledge architecture. Results stream directly from the detection API to your browser. Our servers act as a proxy—they facilitate the connection but cannot read the encrypted content.

Nothing—because we never had it. Scan results exist only in your browser's session memory. When you close the tab or browser, data is permanently deleted. Export to HTML/JSON/CSV if you need to save results locally.

With cloak.business API: 320+ entity types including SSN, IBAN, credit cards, medical records, passport IDs, driver licenses. With anonym.legal API: 285+ entity types. Both cover 48 languages and 70+ countries.

Hybrid approach: 317 deterministic regex patterns (100% reproducible) combined with optional ML/NLP for contextual detection. Built on Microsoft Presidio open-source framework with custom patterns for regional IDs.

Deterministic = same input always produces same output. No randomness. Critical for compliance because auditors need reproducible results. You can prove findings and re-scan to verify. ML-only tools produce variable outputs.

Deterministic regex patterns minimize false positives. For example, credit card detection checks Luhn algorithm validity—not just pattern matching. You can adjust confidence threshold to balance precision vs. recall.

48 languages including English, German, French, Spanish, Italian, Portuguese, Dutch, Polish, Russian, Arabic, Hebrew, Chinese, Japanese, Korean, and 34 more. RTL languages (Arabic, Hebrew, Persian, Urdu) fully supported.

Image-embedded text (OCR requires premium API), heavily obfuscated data, password-protected pages, database content (not public web), and context-dependent PII without clear patterns. Deterministic detection prioritizes precision over recall.

Enter a URL, scanner discovers pages via sitemap.xml or crawling, you select pages to scan, content is analyzed against 317+ patterns, results stream in real-time showing entity type, location, and confidence score.

API limit is 50,000 characters per request. Larger pages are automatically chunked at word boundaries, analyzed separately, then aggregated with position offsets adjusted. This ensures 100% content analysis.

HTML (styled, printable report), JSON (structured data for developers), and CSV (spreadsheet import). All formats include entity type, detected value, confidence score, page URL, and position in source.

No. piisafe.eu scans publicly accessible pages only. For authenticated content, use the text input mode (copy/paste HTML) or integrate cloak.business API directly into your application.

German servers only (Hetzner infrastructure, Nuremberg). ISO 27001 certified. No US cloud providers. All processing within EU borders. GDPR Article 44 compliant with no third-country transfers.

Built-in presets for GDPR (EU), HIPAA (US healthcare), PCI-DSS (payment cards), CCPA (California), and 20+ regional presets. Each preset pre-selects relevant entity types. Customizable for specific requirements.

Yes. Deterministic detection + exportable reports (HTML, JSON, CSV) = audit-ready documentation. Results are reproducible—re-scan anytime to verify. Suitable for internal audits and regulator submission.

Grade A = minimal PII exposure (low risk). Grade F = severe exposure (high regulatory risk). Grades factor in finding count, severity (email vs. credit card), and entity diversity. Prioritize remediation by grade.

Yes. Data Protection Impact Assessments require identifying PII processing. piisafe.eu shows exactly what personal data is exposed—fulfilling the data inventory requirement. Export for DPIA documentation.

Scan vendor websites before data sharing agreements. Reports reveal their data handling practices. High-risk grades indicate poor security—use findings to negotiate stronger data protection commitments.

Completely free. No registration required. Free tier allows ~10 scans per hour. For higher limits, optionally add an API key from cloak.business (from free) or anonym.legal (from €3/month). No credit card needed for free tier.

Tokens are consumption units based on content size. Free tier: 200 tokens/cycle (~15-18 pages). Real-time meter shows usage. Larger pages cost more tokens. Paid tiers unlock higher limits with transparent pricing.

piisafe.eu is free. For enterprise features (unlimited scans, custom patterns, on-premise deployment, SLA), curta.solutions offers cloak.business enterprise plans. Contact sales@curta.solutions for custom quotes.