Project • Free Tool • Data Safety.

piisafe.eu — Free Website PII Scanner

Instantly scan any website for exposed private data. Regex-based finding across 131+ item types (via the cloak.biz API) and 41 languages — no listing, no data storage, results typically under 60 seconds.

Free Tool. PII Finding. Website Scanner. GDPR. HIPAA. PCI-DSS. Zero Data Storage.

Platform Overview

piisafe.eu is a free website PII scanner that detects exposed private data across 131+ item types (shipped via the cloak.biz API) and 41 languages. The free tier uses regex pattern matching; the upstream cloak.biz engine adds ML augmentation. Scan results are computed in-memory and never stored. No account, no credit card, no listing needed.

The scanner crawls up to 10 pages per scan. It delivers an A-F risk grade with a detailed breakdown of every found PII category. Examples include email addresses, phone numbers, IBANs, government IDs, and medical record numbers. Results export as HTML, JSON, or CSV for audit fit docs.

131+
Item Types (via cloak.biz)
41
Languages
<60s
Typical Scan Time
What It Detects.

PII Categories Covered

Personal Identifiers

Names, email addresses, home addresses, phone numbers, dates of birth, and national ID numbers. Coverage spans 30+ country-specific formats including German Steuer-ID, EU national IDs, and SSNs.

Financial Data

Credit card numbers (Visa, Mastercard, AMEX, and more), IBANs, bank account numbers, and payment refs. Found with checksum checks to eliminate false positives.

Medical Records

Medical record numbers, health insurance IDs, prescription refs, and other healthcare-specific PII. Covered by HIPAA and EU health data rules.

Digital Identifiers

IP addresses, MAC addresses, device IDs, cookies, session tokens, and API keys. These constitute private data under GDPR and similar frameworks.

Location Data

Postal codes, geographic coordinates, regional IDs, and location-specific patterns. These may constitute private data when combined with other IDs.

Organization Data

Company listing numbers, VAT IDs, trade registry entries, and biz IDs. These may expose client or partner data in violation of B2B data agreements.

Risk Assessment.

A-F Risk Grading

Every scan produces a risk grade from A (no PII found) to F (critical exposure). The report includes a full breakdown by item category and page location.

Deterministic Detection

Regex-based pattern matching delivers deterministic, reproducible results. The same input on the same ruleset version always produces the same output. Audit-ready and verifiable by your audit fit team.

In-Memory Processing

Scan results are computed and returned without any data storage. No PII from your website is stored on our servers — processing is ephemeral by design.

Detailed Reports

Export scan results as HTML dashboard, JSON for pipeline link-up, or CSV for spreadsheet study. Each report includes item type, page URL, and exact match location.

Multi-Language

41 languages supported for global websites. PII patterns are locale-aware — German IBANs, French social safety numbers, and Japanese phone formats are all found correctly.

How It Works.

Scan Process

  1. Enter URL — Provide any website URL. No account or listing needed.
  2. Crawl — The scanner crawls up to 10 pages of the target site, following in-house links.
  3. Pattern Matching — 131+ regex patterns (shipped via the cloak.biz API) scan every page. Coverage extends across 41 language profiles.
  4. Risk Grading — Found PII is categorized and weighted to produce an A-F risk score per page and overall.
  5. Report Generation — Results are compiled with item types, locations, and risk breakdown — computed in memory, never stored.
  6. Export — Download your report as HTML, JSON, or CSV for audit fit docs or fix tracking.
Try the free scanner now →
Audit fit Coverage.

Regulatory Frameworks

GDPR

Identifies private data exposure on your website that may constitute a GDPR violation. Covers all categories of private data under Article 4, including special category data.

HIPAA

Detects Protected Health Info (PHI) exposed on web pages, supporting HIPAA audit fit for healthcare teams and their biz associates.

PCI-DSS

Identifies cardholder data (credit card numbers, CVVs, expiry dates) exposed on web pages. Critical for merchants and payment processors under PCI-DSS scope.

CCPA

Covers private info categories defined under the California Consumer Privacy Act, supporting US-based teams with CCPA audit fit obligations.

ISO 27001

Supports Annex A control A.8.2 (Info labeling) and A.5.34 (Privacy and safety of private data). It identifies uncontrolled PII exposure on web surfaces.

Made in Germany

Hosted in Germany under EU law area. All processing happens inside the EU; no cross-border data transfers.

Pricing.

Free Scanning. Unlimited with Upgrade.

piisafe.eu is free with generous limits. For unlimited scanning, image OCR, and full PII strip, upgrade via the related platforms.

Free

€0

20 scans per hour, up to 10 pages per scan.

  • 131+ item types (via cloak.biz)
  • 41 language profiles.
  • A-F risk grading.
  • HTML, JSON, CSV export.
  • No account needed.
  • Zero data storage.

Unlimited via cloak.business Full Power

€49/month

Unlimited scans, image OCR, API access, and full PII PII strip.

  • Unlimited website scans.
  • Image redaction with OCR.
  • 317 regex pattern matchers.
  • Full PII PII strip platform.
  • API access for auto-work.
  • Priority support.

Personal via anonym.legal

€3/month

Chrome Extension, 285+ items, batch processing.

  • Chrome Extension included.
  • 285+ item types.
  • 48 languages + RTL.
  • Zero-Knowledge sign-in.
  • MCP Server for AI tools.
  • Batch processing.
Use Cases.

Who Scans with piisafe.eu

Compliance Teams

Verify that client-facing websites do not expose private data in HTML source, embedded scripts, or linked docs. Run before GDPR or ISO 27001 audits.

Web Developers

Run pre-rollout PII scans to catch accidental exposure of test data, debug logs, or API responses containing private info.

Security Auditors

Include website PII exposure in safety assessments and penetration test reports. Export JSON results for link-up into vulnerability control platforms.

Document the absence of PII exposure as proof of data safety audit fit. Useful for clients, regulators, or legal proceedings requiring proof of due diligence.

Healthcare Organizations

Verify that patient portals, appointment booking pages, and informational websites do not inadvertently expose Protected Health Info (PHI).

E-Commerce Merchants

Confirm that order confirmation pages, account areas, and product listings do not expose cardholder data. Also checks for client contact info in page source.

Access.

Scan Your Website Now

Free, no listing needed. Enter your website URL and get results in 60 seconds.

Start Free Scan → cloak.biz — Full Platform anonym.legal — Private Plan

Related Platforms: cloak.biz — firm-wide PII PII strip with image OCR and unlimited scanning. anonym.legal — Zero-Knowledge PII platform with MCP Server and Chrome Extension.

Fit & Limitations.

Best fit and known limitations

Best for

Marketing, legal, and audit fit teams that need a quick public-page PII risk grade across an entire site without signup — useful before audits, RFPs, or rule-set reviews.

Not the right fit

Authenticated areas, intranets, or dynamic content behind login (the scanner crawls public surfaces only); ongoing tracking (one-shot scan only); image redaction (use cloak.biz).

Known limitations

Public-page scope only with a single scan per request; deterministic regex finding without ML name resolution; report depth depends on how much HTML is rendered server-side rather than after JavaScript hydration.

Need continuous PII monitoring for your website?

Let's discuss auto-run scanning, fix workflows, and audit fit reporting for your team.

Book a Call ← All Projects