Dashboard
Monitor privacy risk, applied controls, safe data exchange readiness, and next actions.
0
High-Risk Open Violations
0
Protected Columns
0
Applied Controls
0
Tokenized Columns
Open
Evidence Readiness
0
Safe Datasets
Needs Attention
Prioritized actions based on open risk, controls, and evidence readiness.
Token Vault Impact
Vault-backed tokenization protecting governed data.
Active Tokens
Vault Controls
Tokenized Columns
Tenants
Control Coverage
How open risk is being remediated across governance controls.
applied
columns
Safe Data Exchange Readiness
Coverage across discovery, tokenization, linkage, exports, safe copies, sharing, and compliance evidence.
Tokens
Anonymous Datasets
Exports Certified
Safe Copies
Shares Approved
Audit Events
Risk By Source
Sources ranked by high-risk violations, open violations, and sensitive data volume.
| Source | PII Findings | Open | High Risk | Protected | Next Action |
|---|---|---|---|---|---|
Recent Violations
Latest policy gaps with a path into remediation.
| ID | Policy | Source | Column | Severity | Status | Action |
|---|---|---|---|---|---|---|
Violations Trend (Last 7 Days)
No violation data yet.
SLA Compliance
of resolved
Risk Heat Map
| Data Source | Low | Medium | High | Critical |
|---|---|---|---|---|
No classification data yet.
Policy Lineage
Fully Enforced
Pending Actions
Failed Enforcement
No Actions Yet
Policy ·
Data Sources
| ID | Name | Type | Status | Volume | Last Sync | Actions |
|---|---|---|---|---|---|---|
PII Discovery
| Column Path | Detected Type | Sensitivity | Confidence | Source | Tags |
|---|---|---|---|---|---|
|
|
|
Policies
No templates available
| ID | Name | Action Type | State | Version | Actions |
|---|---|---|---|---|---|
|
|
Violations
Detect policy gaps, apply controls, and verify resolution from one workflow.
| ID | Policy | Source | Column | Terms | Purpose | Severity | Status | Control |
|---|---|---|---|---|---|---|---|---|
|
|
Recommended:
Apply a governed control
Evidence recorded Query preview Before After |
Actions
| ID | Name | Type | Violations | Approval | Created By | Actions |
|---|---|---|---|---|---|---|
|
|
Enforcement
| ID | Action ID | Source | Status | Dry Run | Commands | Applied At | Actions |
|---|---|---|---|---|---|---|---|
|
Token Vault
Protect identifiers with stable tenant-scoped tokens while preserving approved joins. Apply vault controls from policy violations, then monitor tokenized columns and evidence here.
Discover PII
Classifications identify identifiers like email, phone, and customer ID.
Apply Vault Control
Use Violations to replace raw identifiers with vault-backed governed views.
Use Safely
Stable tokens preserve joins for approved linkage, exports, and analytics.
0
Active Tokens
0
Tenant Namespaces
0
Applied Vault Controls
0
Tokenized Columns
Applied Vault Controls
Columns protected by Tokenize with Vault from the Violations workflow.
| Column | Entity | Tenant | Tokens | Governed View | Status | Evidence |
|---|---|---|---|---|---|---|
No vault controls applied yet.
Vault Control Evidence
Policy
Key Version
Mapping
Before Query
After Query
Tokenization Proof
Test that the same tenant, entity type, and value produce the same stable token.
For production workflows, apply Tokenize with Vault from Violations. This panel validates token stability.
Result
Tokenize a value to see the stable pseudonymous token.
Token
Repeat-token proof
Token Inventory
No vault tokens yet. Load sample data or tokenize a value.
Data Exchange
Prepare, certify, copy, and share governed datasets without exposing raw identifiers.
Anonymous Datasets
Certified Exports
Safe Copies
Approved Shares
Evidence Artifacts
Safe Exchange Workflow
Follow the full path from governed preparation to certified use and sharing.
Latest Exchange Artifacts
Most recent dataset, export, copy, and share records generated from real workflow data.
Evidence Summary
Anonymous Datasets
Use stable vault tokens to join approved datasets without exposing raw identifiers.
Stable tokens are generated by Token Vault.
Approved linkage jobs use stable tokens to preserve joins without exposing raw identifiers.
Datasets
No anonymous datasets yet. Create one to begin.
Select or create an anonymous dataset to view sources and output.
Join key:
Datasets
Output Rows
Validation
Source Datasets
| Dataset | Identity Columns | Selected Columns |
|---|---|---|
Safe Dataset Preview
Run the job to generate a safe linked preview.
Certified Exports
Create portable safe datasets with validation, manifest, and file hash evidence.
Create Certified Export
Certified Exports
No export jobs yet. Create one from a completed linkage job.
Select or create an export job to view status and manifest details.
Source:
Status
Rows
Format
PII Validation
File Path
Evidence Manifest
Run the export to generate a manifest.
SHA-256 Hash
Validation Badge
Safe Copies
Create production-shaped copies for dev and test with PII transformed or removed.
Create Safe Copy
Safe Copies
No safe-copy jobs yet. Create one from the sample DuckDB source.
Select or create a safe-copy job to view transforms and manifest details.
Environment:
Tables
Transforms
Sample Limit
Validation
Target Path
Transform Plan
Generate a plan to see column-level transform strategies.
| Column | Strategy | Entity |
|---|---|---|
Manifest
Run the safe copy to generate a manifest.
Validation Badge
Table Counts
Approved Shares
Approve, deliver, verify, and revoke safe dataset packages for external recipients.
Create Share
Approved Shares
No shares yet. Create one from a completed safe export.
Select or create a share to view lifecycle details.
Recipient:
Status
Purpose
Approver
Status Timeline
Package Hash
Share Terms
Recipient
Legal Basis
Manifest
A manifest is available after the linked export completes.
Manifest Hash
Verification
AI Shield
Scan prompts, responses, retrieved context, and agent outputs before sensitive data leaks.
0
Total Scans
0
PII Detected
0%
Leak Rate
0ms
Avg Latency
Test Playground
Paste or type text to scan for PII in real-time.
Select a policy for simulation, or leave Auto-select to let AI Shield choose the strongest active policy match.
Findings
No PII detected
Sanitized Output
Policy Decision
Matched Policy
Applied Control
Evidence
Integration Channels
Runtime evidence from connected apps, LLM frameworks, agents, and middleware appears here automatically.
Recent Scans
No scans recorded yet.
| Source | Input Preview | PII Found | Action | Latency | Time | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Input Text
Sanitized Text
Policy
Control
Evidence
Findings
|
|||||||||||||
Top PII Types Detected
No PII detections yet.
AI Shield Developer Guide
Connect runtime privacy controls to apps, LLM frameworks, agents, and middleware.
Runtime Flow
Application / Agent / LLM -> AI Shield -> Policy Decision -> Protected Output -> Evidence
REST API
Protect any app or backend service response.
LangChain
Scan LLM outputs before users see them.
MCP
Expose privacy tools to agent workflows.
Middleware
Add inline protection to custom services.
REST API
POST /api/shield/scan
{
"text": "Contact jane@example.com",
"mode": "policy_driven",
"action": "redact",
"source": "api",
"context": {
"app": "support_assistant",
"purpose": "customer_support",
"destination": "external",
"tenant_id": "global_customer"
}
}
LangChain Callback
from ze_scan.integrations.langchain import ZeScanShieldCallback
callback = ZeScanShieldCallback(
store=store,
action="redact",
mode="policy_driven",
raise_on_pii=True,
context={"app": "support_assistant", "purpose": "customer_support"}
)
MCP Agent Tools
ze_scan_shield_scanprotects text and returns sanitized output.ze_scan_classify_textreturns PII findings only.ze_scan_check_consentchecks consent for a purpose.ze_scan_get_policieslists active policies.
Middleware Helper
from ze_scan.integrations.langchain import shield_middleware
safe_text = shield_middleware(
text=response_text,
store=store,
mode="policy_driven",
context={"app": "custom_service", "destination": "external"}
)
Context and Evidence
Recommended context fields: app, user_id, role, purpose, model, destination, session_id, and tenant_id.
Every scan records findings, source, matched policies, applied control, sanitized output, latency, and audit evidence. Runtime evidence appears in AI Shield automatically.
Users & Groups
Users
| ID | Username | Role | Groups | |
|---|---|---|---|---|
|
|
Groups
| ID | Name | Members |
|---|---|---|
Compliance Evidence
| Timestamp | Actor | Action | Resource Type | Resource ID |
|---|---|---|---|---|
Compliance Report
Policies
Active Policies
Open Violations
Enforcements Applied
Privacy-Safe Exchange Report Sections
The PDF includes token vault activity, anonymous linkage, safe exports, safe copies, secure sharing, AI output governance, and audit traceability.
Notifications
Notification Rules
| ID | Name | Trigger | Channel | Enabled |
|---|---|---|---|---|
Escalation Rules
| ID | Name | SLA Hours | Escalate To |
|---|---|---|---|
Consent Records
| Subject ID | Purpose | Status | Data Source | Granted At | Actions |
|---|---|---|---|---|---|
Data Projects
Risk Assessment
Unmitigated Violations
Recommendations
New Project Request
Scheduler
| Name | Type | Data Source | Interval | Last Run | Last Result | Enabled | Actions |
|---|---|---|---|---|---|---|---|
|
|