26.4 · April 18 Try free — no signup →
5★ · 41 reviews · 26.4

Find every unencrypted SSN in your files. Air-gapped. Yours forever.

PII Crawler scans your files, network shares, and databases on your own hardware. Surface the SSNs, addresses, names, and emails hiding where SaaS tools can’t reach. Nothing ever leaves your network.

Try free — no signup → $ view docs
Full trial. No credit card. Runs on your laptop or server.
piicrawler scan ~/share --out report.csv ● air-gapped
NER: en_core_web_lg · regex: 38 patterns net out: 0 B
0 B
outbound during scan
47s
avg. for 14k files
30+
PII types detected
$0
after one-time license
// the gap

You can't secure what you can't see.

PII leaks into places you never put it. The SaaS scanners marketed at you all want to ingest your files into their cloud to find PII — which is the opposite of what your security team signed up for.

.pptx
4 SSNs
Embedded source data
A "summary" chart in a board deck still ships the customer rows it was built from — buried inside the slide XML.
.csv
8,421 emails
Forgotten archives
Last quarter’s backup landed on a public share and nobody owns it. Your scanner can’t reach it from the cloud.
.png
142 names
Screenshots
Order confirmations attached to support tickets carry SSNs and addresses inside the raw image. OCR finds them.
// coverage

Sees what other
scanners miss.

Pattern matching layered with named-entity recognition. Your report isn't 80% false positives.

SSN EMAIL NAME ADDRESS PHONE IP DOB CC# IBAN PASSPORT +20
PDFs (with OCR on embedded images)
.docx, .xlsx, .pptx, legacy OLE
CSV streamed (any size)
Postgres / MySQL / SQL Serversampled in memory
SMB / NFS network shares
.zip / .tar.gz / .7z archivesopened in place
piicrawler scan-2026-04-25 · 14,302 files · 47s ● live filter
filtered in process · no re-scan net out: 0 B
// security model

Your data never leaves your network.

That's not a marketing claim. Run it offline and watch the network counter stay at zero.

verified outbound traffic during scan
tcp.out0 B
udp.out0 B
dns.queries0
tls.handshakes0
01
No outbound network calls during file scans.
Run on an air-gapped host. No license server check, no telemetry, no update probe.
02
Database scanning is sampled, in-memory.
A bounded sample is read over your direct DB connection and scanned in process — never written to disk, never transmitted elsewhere.
03
GDPR & CCPA Article 30 ready.
Export CSV reports satisfy "record of processing" and "categories of personal data" requirements out of the box.
04
No account, no API key, no SaaS.
You receive a signed binary. You own it. There is no service to be deprecated, breached, or repriced.
GDPR CCPA HIPAA-aligned SOC2 evidence
// pricing

One payment. Not a subscription.

Enterprise SaaS
$2,000+ /mo
≈ $72,000 · 3 yr
×Per-user / per-GB billing
×Data leaves your network
×Annual renewals · forever
×Dedicated procurement effort
PII Crawler APRIL · $200 OFF
$497 $697 once
save $71,500+ over 3 yr
Unlimited users · machines · scans
Air-gapped on your hardware
Binary is yours · no renewals
Mac · Windows · Linux + CLI
Expert email support, fast
Buy license → $497
14-day refund · no questions asked
// reviews

5.0 average across 41 reviews.

★★★★★ verified buyers · 41 reviews
★★★★★

"Found 1,400 SSNs across our shares in under an hour. The cloud SaaS we evaluated wanted six weeks of procurement and a "data residency review." Bought."

— D. MehtaIT Director · 220-person SaaS
★★★★★

"Ran it on an air-gapped subnet. Zero packets out. That alone is worth $497. The OCR-on-PDFs thing actually works."

— M. O’BrienSec. Engineer · regional bank
★★★★★

"I appreciate your ongoing development of the product and super fast support!"

— Jon S.verified buyer
★★★★★

"Wired it into our pre-merge CI. If a developer commits a customer CSV by accident, the build fails. Saved us once already."

— L. WongEng. Lead · health-tech
// FAQ

Frequently asked questions.

Yes. No monthly fees, no per-user fees, no support contracts, no renewals. You don't rent PII Crawler — you buy it. The binary is yours.
macOS (Apple Silicon), Windows, and Linux. Both a desktop GUI and a CLI build are available for each platform.
Files on local disks and network shares (PDFs with embedded images, Word, Excel, CSV, archives), plus SQL databases. Database rows are sampled and scanned in memory on the machine running PII Crawler.
SSN, email, phone, full name, street address, city / state / ZIP, date of birth, credit-card numbers, IBAN, IP, passport — plus 20+ additional types. New types ship regularly.
Yes. The CLI build emits JSON/CSV and supports --exit-code-on so a build fails automatically when high-severity matches are found. Run it from cron, GitHub Actions, GitLab CI, anywhere.
No. During file scanning, PII Crawler reads and analyzes data on the machine it's running on. It doesn't send or collect any of the data outside your network. Database scans connect directly to your DB; samples are scanned in memory and never written to disk.
The download is the demo. Fully functional, no credit card, no account. Run it on your data and decide.
14-day money-back, no questions asked.
// download

Start scanning in under a minute.

Full trial. No credit card. Runs on your laptop or server.
macOS
darwin-arm64
PIICrawler-macos.zip
Download ↓
Windows
win-x64 · signed
PIICrawler-signed.msi
Download ↓
Linux
linux-x64
piicrawler.jar
Download ↓
CLI build · for CI/CD, cron, shell automation
$ piicrawler scan ./repo --format json --exit-code-on high
macOS ↓ Windows ↓ Linux ↓