What you walk away with
Five interactive reports. One headline rating. Every audience covered.
Priivacy ships with five built-in HTML reports designed for the people who'll actually read them — boards, executives, IT teams, and compliance officers. Plus a single 0-100 score that summarises your entire estate's privacy posture. No hundred-page consulting tomes. No vapor deliverables.
The priivacy Rating
One headline score. Five privacy pillars. Trended over time.
Every Priivacy estate gets a single 0-100 score — the priivacy Rating. Think Bitsight for privacy. It blends five weighted pillars into one defensible number with a tier badge for quick read. Recomputes automatically every time a scan completes; trajectory chart shows movement over time.
Methodology version is pinned to each rating so historical scores stay comparable when the methodology evolves.
Sensitive Data
30%Volume and severity of sensitive PII findings.
Access Exposure
30%Files with broken inheritance, anonymous shares, oversharing.
Retention & Hygiene
15%Stale data, ROT (redundant/obsolete/trivial), aged files with PII.
Ownership
15%Orphaned content, phantom owners, off-boarded user data.
External Sharing
10%Guest access, external collaborators, oversharing trends.
The five built-in reports
Built for the audiences who actually read them.
PII Security Assessment
CEOs, CFOs, executive committees, business owners — any organisation that needs a single defensible deliverable
The primary client deliverable. Jurisdiction-aware 2–3 paragraph narrative, risk score, compliance framework overlay, PII type breakdown, file analysis, owner concentration, retention warnings, and prioritised actions.
View sample reportCompliance Deep-Dive
GRC team, compliance officers, auditors, regulator-facing
Maps every finding to every article of a chosen framework — APP (Australia), GDPR (EU/UK), CCPA/CPRA (US), or HIPAA (US healthcare). Article-level risk, evidence per article, recommended actions. The deliverable for a regulator audit. Note: the Priivacy menu currently labels this as "Export Framework Report" — same output, descriptive name shown here.
View sample reportOwner Exposure
IT teams, data stewards, department heads
Ranks data custodians by PII volume. Per-owner severity bar, PII type chips, top files. Answers "who do I need to talk to?" The detailed view for the people doing the remediation work.
View sample reportOwner Awareness Brief
CISO, privacy office, department leadership
The distributable cross-owner brief. All-owners view across the estate; identifies concentration risk, orphaned ownership patterns, and the data-custodian footprint of the whole organisation. Shorter than Owner Exposure, designed to land with leadership rather than operators.
View sample reportExecutive One-Pager
Boards, trustees, ELT briefings
A single A4 page. Risk headline, 4 KPIs, 2–3 sentence narrative, top 5 PII types, top 3 actions. Designed to fit a board pack.
View sample reportEvery report exists at two scopes — single scan (one mailbox, one SharePoint site) or estate-wide (every scan in an estate aggregated). Pick the scope that matches your audience.
A separate report for tenant configuration risk.
PII scans answer "where is sensitive data?" The Privacy Posture report answers "how is the tenant configured to protect that data?" Twenty-four read-only tests run across Microsoft 365 — sharing settings, mailbox rules, dormant guests, public sites, external forwarding, and more.
The report grades your tenant on a five-tier scale — Healthy, Generally Healthy, Review Recommended, Attention Needed, Action Required — and lists every affected item with step-by-step remediation guidance.
Regulator-grade Subject Access disclosures, on demand.
When a data subject files a Subject Access Request under GDPR Article 15 or the Australian Privacy Act APP 12, Priivacy generates the response pack for you.
SAR Export — Quick response
A streamlined GDPR Article 15 PDF dossier generated per individual from existing estate scans. Cover, summary, processing purposes, evidence table with redacted snippets, third-party masking, rights boilerplate. Audit log captures every generation.
DSAR Workflow — Full statutory pipeline
The full 10-stage workflow for incoming statutory requests. Identity verification, jurisdiction-locked, Graph search across mailboxes and SharePoint, AI-assisted triage via local LLM, per-finding DPO decisions, sealed PDF dispatch. Every stage audit-logged and regulator-defensible.
Every export. Every format. No vendor lock-in.
Beyond the four interactive reports, Priivacy generates raw exports for downstream systems and analysis. Use the right one for your audience.
Your reports. Your branding. Your distribution.
Standalone HTML
Every interactive report exports as a single self-contained HTML file. No login required. Opens offline in any browser. Travels by email. Print-to-PDF works out of the box — the print stylesheet forces every collapsible section open so the printed copy is complete.
Schedulable
Any scan can be set on a recurring schedule (daily, weekly, monthly, or interval). Each run produces a fresh standalone report. Useful for board cycles, audit reviews, or executive standups.
Brandable
Reports can be re-branded with your institution's logo and color scheme. Useful when forwarding to boards or auditors who expect to see your branding, not ours.
Common questions about reporting.
Want to see the reports against your own data?
The fastest way to evaluate Priivacy is to see a Discovery report generated against a sample of your real environment. Our team can run a scoped scan against one department, one mailbox, or one file share and walk you through the output. Forty-five minutes. No commitment.
