MSP or IT provider? See partner pricing →

Scan-based data risk & posture platform

Find exposed personal data
before it becomes an incident

Connect Microsoft 365 or Google Workspace. Get a posture score, a phased remediation plan, and client-ready proposals. Quick (Starter/capped) scans often finish in about 2–15 minutes. Full-depth scans scale with mailbox and file volume — large tenants can take hours. No agent installs. Scope is set per run: Starter scans up to 100 mail messages and 50 files; paid plans add scan frequency, history, and team features. Actual accessible coverage still depends on plan, provider scopes, and tenant permissions.

Get Your Free Posture Score

Starter: one free scan (up to 100 mail messages + 50 files).

One free scan (up to 100 mail messages + 50 files) No credit card needed Read-only access

We request read-only OAuth scopes, encrypt tokens at rest, do not store full mailbox message or file content, and you can revoke access anytime from Microsoft or Google. Security details.

Want proof before OAuth?

Review an anonymised sample report structure first, then decide if you want to run a live scan.

Anonymised sample report Run Live Scan

Microsoft 365 Google Workspace UK GDPR-aligned checks Companies House listing Quick setup PDF Reports

Starter £0

Solo £49/mo

Pro £149/mo

Business £299/mo

See full pricing

What's Hiding in Your Workspace

Your mailboxes and files may contain
unprotected personal data

NI numbers, bank details, addresses, medical records - sitting in shared drives and mailbox threads. We scan configured content, triage the results, and give you a roadmap to fix what matters.

Exposed Personal Data

National Insurance numbers
Bank account & sort codes
Passport & driving licence numbers
Addresses, DOBs, medical info
20+ PII pattern types

Phishing & Email Threats

Spoofed sender addresses
Suspicious links & attachments
Business Email Compromise (BEC)
Social engineering tactics
Flagged for review with clear indicators

Risky Data Exposure

"Anyone with the link" sharing
External users with access
Overly permissive file access
Unprotected shared spreadsheets
Sensitive data in shared folders

See all features

Three Steps. Quick Setup.

No technical knowledge needed. If you can sign into your Microsoft or Google workspace, you can do this.

Connect

Scan

We check configured mailbox messages and files for exposed PII, risky sharing, and phishing signals. Quick (capped) scans are usually minutes; full workspace scans scale with content and can take much longer.

Fix

Get your posture score, see prioritised findings, and follow plain-English fix steps.

Anonymised example workspace

Same Command Center layout as after sign-in

Pixel-matched shell to the live app: Summary and Findings tabs, UK rules at a glance, what to fix first (£), and findings list chrome. Figures below are constructed sample data for layout review only.

Not a live scan. Connect Microsoft 365 or Google Workspace on /app for real scores, findings, and exports.

Workspace

Compliance Command Center

Your live compliance picture. Summary for the score. Findings to work the list. Export when you need a file for a client.

Past scans Allowance: 1/1 scans this period Upgrade

At a glance

2 open findings · 2 critical/high currently open

Use Summary for your score, what to fix first in pounds, and UK GDPR, NIS2, and DORA cards. Use Findings to clear urgent items and Mark Safe on everyday mail you accept. Export for a client PDF or spreadsheet.

Summary Findings

Export

Compliance report (PDF) Findings spreadsheet (CSV)

Your risk score

How safe this mailbox looks today. Higher is better. Fix open findings to move toward 100.

From your latest scan

What to fix first (£)

£33,000

Shows how urgent open items are. This is not a fine or a bill.

UK rules at a glance

Tap a card to see what is driving each score.

Understanding your findings Expand

Each row is something the scan thinks you should look at. Start with critical and high items. Those are the ones most likely to need action. A long list after a first scan is normal for a busy inbox.

Often normal in everyday mail

Email addresses, phone numbers, or postcodes in ordinary client or supplier messages
Several personal or financial details in one email (common in legal, payroll, and accountancy mail)
Delivery addresses in order confirmations
Accountancy and law firms often see more rows than shops or trades businesses

What the buttons mean

Ticket — draft a remediation ticket for your PSA or helpdesk.
Resolved — you fixed this item (for example revoked sharing or removed the sensitive data).
Safe — you checked it and it is normal for this business; we stop flagging this pattern on future scans.

2 / 2 open findings

CRITICAL New file EVD-A1B2C3D4

Public file link exposes customer PII

Client_Invoices_2026.xlsx Detected 2 Apr 2026 Scan a1b2c3d4

Ticket Resolved Safe

What was flagged

This file is shared publicly and contains sensitive personal data

Source reference

Client_Invoices_2026.xlsx

Ref: 01ABCDEF234567890123456789AB

Recommended action

Revoke public sharing and restrict access to authorised users only.

FP confidence: Review advised

Regulatory context

UK GDPR

Art. 32 — Security of Processing

Control: UKGDPR-Art_32

Evidence, guidance & tools

Evidence summary

Public link on file; sensitive fields detected in worksheet.

Finding detail

Sample narrative only — live findings are generated from your tenant scan.

Regulatory guidance

No external guidance link in this preview.

Tools

Copy evidence Export PDF

HIGH New email EVD-E5F60789

Found 3 National Insurance Numbers in email

RE: New Starter Onboarding Detected 2 Apr 2026 Scan a1b2c3d4

Ticket Resolved Safe

What was flagged

Found 3 national insurance numbers in this mailbox message

Source reference

RE: New Starter Onboarding

Ref: AAkALgAAAAAAHYQDEaM3QIIRI5BQ80UAE1pT8FWJ0W1zQDJr-hoAAAB4Gl0AAA

Recommended action

Delete the NI numbers from the message body and use a secure HR portal instead.

FP confidence: Review advised

Regulatory context

UK GDPR

Art. 5(1)(f) — Integrity and Confidentiality

Control: UKGDPR-Art_5_1_f

Evidence, guidance & tools

Same expandable block as the live dashboard — open to compare typography and spacing.

Managing multiple clients? See the MSP portfolio / Command Center preview on the partner programme page.

Get Your Free Score

Published ICO Cases We Help You Catch Early

These are real ICO outcomes — not hypotheticals. Each one matches a risk pattern ComplianceAgent scans for in Microsoft 365 and Google Workspace mail and files.

Your posture score reflects open issues today (for example 62/100 in the preview above). Work through flagged items, fix sharing or data-handling problems, mark items resolved, and re-scan — each fix moves you toward 100/100. We surface the problem early; you close it before it becomes an ICO matter.

We flag: public links & cloud files

Reprimand

Recruitment company (2023)

A cloud storage container with about 12,000 worker records was left publicly accessible with no login (UK GDPR Arts. 5(1)(f) and 32).

Scan catches: over-shared files and personal data in cloud libraries — the same pattern as a public link on a spreadsheet.

Your step forward: revoke public access, restrict the library, re-scan — posture score and UK GDPR alignment improve.

ICO source: recruitment company reprimand

We flag: PII in email

£78,400

Tavistock and Portman NHS Trust (2020)

Bulk clinic mail was sent with recipients visible in To/CC instead of BCC, exposing 1,781 patients' email addresses — sensitive in context.

Scan catches: National Insurance numbers, names, and other personal data sitting in mail threads you should not leave exposed.

Your step forward: remove or redact sensitive fields, move payroll and HR data to secure channels, re-scan to see the score rise.

ICO source: Tavistock and Portman NHS Trust (2020)

We flag: phishing & impersonation mail

£4.4M

Interserve Group (2022)

Attackers used a phishing email to reach HR systems holding NI numbers, bank details, and special-category health data for up to 113,000 staff.

Scan catches: BEC-style urgency, impersonation patterns, and sensitive identifiers in the mailbox before a phish becomes a breach.

Your step forward: triage phishing findings first, contain risky threads, re-scan — score and NIS2-aligned signals improve as urgent items clear.

ICO source: Interserve Group (2022, COM0804560)

Penalties depend on breach severity, harm, and how quickly you respond. A scan is not legal advice — it is an early warning system. Full ICO enforcement register

UK GDPR

NIS2

DORA

Findings are tagged to the relevant regulation, and where the scan identifies a clear article reference we show it in the finding details.
UK GDPR applies to all businesses handling personal data. NIS2 applies to organisations in critical sectors. DORA applies to regulated financial services firms.

Get your posture score

Simple, Honest Pricing

Get one free Starter scan (up to 100 mail messages + 50 files). Upgrade when you're ready. Cancel anytime.

Starter

£0

1 free scan (100 mail messages + 50 files) · one-time

Solo

£49

/mo · Solo practitioners

Popular

Pro

£149

/mo · Up to 5 users

Business

£299

/mo · Up to 15 users

Compare Plans & Features

Want to see the report layout first?

Browse an anonymised sample report structure, then run a live Starter scan when you are ready.

Anonymised sample report

Review your workspace risk
before it becomes an incident

Connect. Scan. Get your score and a remediation roadmap. Starter includes one free capped scan (up to 100 mail messages + 50 files), usually minutes; full-depth scanning scales with the tenant.

Start Free Live Scan

Find exposed personal data before it becomes an incident

Want proof before OAuth?

Your mailboxes and files may contain unprotected personal data

Exposed Personal Data

Phishing & Email Threats

Risky Data Exposure

Three Steps. Quick Setup.

Connect

Scan

Fix

Same Command Center layout as after sign-in

Compliance Command Center

Findings

Public file link exposes customer PII

Found 3 National Insurance Numbers in email

Published ICO Cases We Help You Catch Early

Simple, Honest Pricing

Want to see the report layout first?

Review your workspace riskbefore it becomes an incident

Find exposed personal data
before it becomes an incident

Your mailboxes and files may contain
unprotected personal data

Review your workspace risk
before it becomes an incident