connect@uscdata.com
    USC Data logo
    Request a Risk Assessment

    Fast response. No obligation.

    What you walk away with

    Five interactive reports. One headline rating. Every audience covered.

    Priivacy ships with five built-in HTML reports designed for the people who'll actually read them — boards, executives, IT teams, and compliance officers. Plus a single 0-100 score that summarises your entire estate's privacy posture. No hundred-page consulting tomes. No vapor deliverables.

    The priivacy Rating

    One headline score. Five privacy pillars. Trended over time.

    Every Priivacy estate gets a single 0-100 score — the priivacy Rating. Think Bitsight for privacy. It blends five weighted pillars into one defensible number with a tier badge for quick read. Recomputes automatically every time a scan completes; trajectory chart shows movement over time.

    priivacy Rating
    82
    Healthy
    Methodology v1.2
    Tier badgesStrongHealthy (75+)ConcerningCritical

    Methodology version is pinned to each rating so historical scores stay comparable when the methodology evolves.

    Sensitive Data

    30%

    Volume and severity of sensitive PII findings.

    Access Exposure

    30%

    Files with broken inheritance, anonymous shares, oversharing.

    Retention & Hygiene

    15%

    Stale data, ROT (redundant/obsolete/trivial), aged files with PII.

    Ownership

    15%

    Orphaned content, phantom owners, off-boarded user data.

    External Sharing

    10%

    Guest access, external collaborators, oversharing trends.

    The five built-in reports

    Built for the audiences who actually read them.

    Sample preview

    PII Security Assessment

    CEOs, CFOs, executive committees, business owners — any organisation that needs a single defensible deliverable

    The primary client deliverable. Jurisdiction-aware 2–3 paragraph narrative, risk score, compliance framework overlay, PII type breakdown, file analysis, owner concentration, retention warnings, and prioritised actions.

    View sample report
    Sample preview

    Compliance Deep-Dive

    GRC team, compliance officers, auditors, regulator-facing

    Maps every finding to every article of a chosen framework — APP (Australia), GDPR (EU/UK), CCPA/CPRA (US), or HIPAA (US healthcare). Article-level risk, evidence per article, recommended actions. The deliverable for a regulator audit. Note: the Priivacy menu currently labels this as "Export Framework Report" — same output, descriptive name shown here.

    View sample report
    Sample preview

    Owner Exposure

    IT teams, data stewards, department heads

    Ranks data custodians by PII volume. Per-owner severity bar, PII type chips, top files. Answers "who do I need to talk to?" The detailed view for the people doing the remediation work.

    View sample report
    Sample preview

    Owner Awareness Brief

    CISO, privacy office, department leadership

    The distributable cross-owner brief. All-owners view across the estate; identifies concentration risk, orphaned ownership patterns, and the data-custodian footprint of the whole organisation. Shorter than Owner Exposure, designed to land with leadership rather than operators.

    View sample report
    Sample preview

    Executive One-Pager

    Boards, trustees, ELT briefings

    A single A4 page. Risk headline, 4 KPIs, 2–3 sentence narrative, top 5 PII types, top 3 actions. Designed to fit a board pack.

    View sample report

    Every report exists at two scopes — single scan (one mailbox, one SharePoint site) or estate-wide (every scan in an estate aggregated). Pick the scope that matches your audience.

    A separate report for tenant configuration risk.

    PII scans answer "where is sensitive data?" The Privacy Posture report answers "how is the tenant configured to protect that data?" Twenty-four read-only tests run across Microsoft 365 — sharing settings, mailbox rules, dormant guests, public sites, external forwarding, and more.

    The report grades your tenant on a five-tier scale — Healthy, Generally Healthy, Review Recommended, Attention Needed, Action Required — and lists every affected item with step-by-step remediation guidance.

    Regulator-grade Subject Access disclosures, on demand.

    When a data subject files a Subject Access Request under GDPR Article 15 or the Australian Privacy Act APP 12, Priivacy generates the response pack for you.

    SAR Export — Quick response

    A streamlined GDPR Article 15 PDF dossier generated per individual from existing estate scans. Cover, summary, processing purposes, evidence table with redacted snippets, third-party masking, rights boilerplate. Audit log captures every generation.

    DSAR Workflow — Full statutory pipeline

    The full 10-stage workflow for incoming statutory requests. Identity verification, jurisdiction-locked, Graph search across mailboxes and SharePoint, AI-assisted triage via local LLM, per-finding DPO decisions, sealed PDF dispatch. Every stage audit-logged and regulator-defensible.

    Every export. Every format. No vendor lock-in.

    Beyond the four interactive reports, Priivacy generates raw exports for downstream systems and analysis. Use the right one for your audience.

    Findings CSV
    Every detected PII finding with sensitivity, identifiability, and risk level.
    Findings JSON
    Same data, structured for downstream tools.
    Compliance Report CSV
    Audit ledger of every file touched, no raw PII values, safe to share with auditors.
    Compliance Report JSONL
    Same audit ledger in JSONL format with a summary header.
    Duplicates CSV
    Same-content files grouped across the estate.
    Affected Persons CSV
    Identity-resolved person profiles from the Persons tab.
    Full Scan JSONL
    Flat one-record-per-file format with raw PII values for re-import or detection tuning. Share with care.

    Your reports. Your branding. Your distribution.

    Standalone HTML

    Every interactive report exports as a single self-contained HTML file. No login required. Opens offline in any browser. Travels by email. Print-to-PDF works out of the box — the print stylesheet forces every collapsible section open so the printed copy is complete.

    Schedulable

    Any scan can be set on a recurring schedule (daily, weekly, monthly, or interval). Each run produces a fresh standalone report. Useful for board cycles, audit reviews, or executive standups.

    Brandable

    Reports can be re-branded with your institution's logo and color scheme. Useful when forwarding to boards or auditors who expect to see your branding, not ours.

    Common questions about reporting.

    Want to see the reports against your own data?

    The fastest way to evaluate Priivacy is to see a Discovery report generated against a sample of your real environment. Our team can run a scoped scan against one department, one mailbox, or one file share and walk you through the output. Forty-five minutes. No commitment.