Tuned to your data · DataMapper × Microsoft Purview
DataMapper × Microsoft Purview

Tuned to
your data.

Generic detection flags the wrong things and misses what's uniquely yours. DataMapper adapts to your data — safely — so precision climbs and the sensitive information no standard taxonomy knows about still gets caught.

01Calibrated on your examples — one short review session turns real findings into a tuned classification model.
02Company-specific sensitivity — teach it the identifiers, codes and document types that only exist in your organisation.
03Safe by construction — your examples stay in the EU, encrypted, isolated to your tenant, and deleted on an agreed schedule.
01 / Engine

Two engines. Already trained hard.

DataMapper doesn't lean on one trick to find sensitive data. It runs two complementary detection engines — refined over years on large volumes of real, GDPR-labelled data, across languages and document types.

RegEx patterns

Precision on known formats.

Deterministic pattern matching locks onto structured identifiers — CPR, passport, driver's licence, bank card — matched and validated by format and structure, not guesswork.

Vector AI

Understanding, not keywords.

Azure OpenAI's embedding model turns the text around each candidate into a vector and classifies it by meaning — surfacing sensitive context that no fixed pattern could ever describe.

Superior together

Patterns give certainty on known numbers; vectors give understanding of messy, unstructured content. Run together, they detect risk data that either method alone would miss — which is why the engine already performs out of the box, before any tuning.

For most data, that trained baseline is enough. But every organisation has context and data types our engine hasn't seen — internal identifiers, niche document types, sector-specific terms. For those, we add personalised training on top, without touching the strong foundation underneath. That's what the rest of this page is about.
02 / Why

A false positive is a tax on trust.

Accuracy isn't a vanity metric. It's the thing that decides whether your team keeps using the system after the first week — and whether the sensitive data that matters to you ever surfaces at all.

Over-flagging

Noise costs real hours.

Every incorrectly flagged file is a person's time spent dismissing it. At scale, review labour — not compute — is the dominant cost of a scan. A model that cries wolf gets switched off.

Under-flagging

Your risks aren't generic.

A standard taxonomy doesn't know your internal employee IDs, project code-names, proprietary contract types or sector-specific terms. What's most sensitive to you is often invisible to an off-the-shelf ruleset.

03 / How

Four steps. One tuning loop.

We start from your real data, review it with the people who understand it, then calibrate the model to your context. No model is ever fine-tuned on your documents — we adjust the classifier, the taxonomy and the patterns around a fixed embedding model.

1
Baseline scan

Detect candidates.

RegEx and machine learning surface candidates; Azure OpenAI's embedding model vectorises each candidate's surrounding context and scores it against a curated taxonomy. Vectors are discarded after classification.

2
Review session

Mark the truth.

Sit with the people who know the data. Confirm true findings, mark false positives, and point out sensitive material the baseline missed. The result is a set of labelled examples from your own estate.

3
Calibrate & extend

Adapt to context.

Those examples tune the classifier's decision thresholds, extend the taxonomy with concepts specific to your organisation, and refine detection patterns for your regional formats — all isolated to your tenant.

4
Re-scan

Measure the lift.

Run the scan again. False positives fall, your company-specific types now register, and the loop can repeat whenever your data or risk profile changes.

04 / Safe

Tuned on your data. Never at its expense.

Learning from your examples and protecting them are the same requirement. Customisation runs inside the same GDPR-first boundary as the rest of the pipeline.

  • Stays in the EU. Processing runs in an EU Azure region. Your data does not leave the boundary.
  • Encrypted throughout. TLS 1.2 in transit, AES-256 at rest — standard across every stage of the loop.
  • Isolated to your tenant. Your examples tune only your model. Nothing is pooled into a shared or global model used for other customers.
  • Minimal and time-boxed. Embeddings are ephemeral; labelled examples are retained only for an agreed tuning window, then deleted.
  • Lawful basis, with an opt-out. The basis for using your data to tune is defined up front, and you can decline at any point.
  • Access controlled and logged. Human access is restricted to named senior staff under written request, and every access is recorded.
05 / In plain terms

What tuning is — and isn't.

What this is

Calibration on your own examples.

  • A short, structured review with the people who know your data.
  • A classifier and taxonomy tuned to your vocabulary and formats.
  • Fewer false alarms, plus company-specific risks now surfaced.
  • Every rule and threshold visible, adjustable and reversible.
What this is not

Not a generative model learning your documents.

  • Not fine-tuning a generative language model on your files.
  • Not feeding your data into a shared or global model.
  • Not a permanent copy of your documents held on our side.
  • Not a black box you can't inspect or roll back.
06 / Outcomes

Precision you can stand behind.

Not from a bigger model. From a model that has seen your data and been corrected by the people who own it.

i

Higher precision, honestly earned

Context-aware embeddings score each candidate against its surrounding text, then calibration on your labelled examples tightens the decision boundary — targeting the metric that decides adoption: false positives.

ii

Catches what's uniquely yours

Internal identifiers, code-names, contract types and sector terms enter the taxonomy as first-class sensitive concepts — so the risks specific to your organisation stop hiding in plain sight.

iii

Safe and compliant by design

EU-resident, encrypted, tenant-isolated and time-boxed. Tuning strengthens your governance posture instead of quietly creating a new copy of your data to worry about.

iv

Fast, and repeatable

One review session drives a measurable lift. Re-run the loop whenever your data changes — no lengthy retraining project, no consultants required.

1 session
to calibrate the model
EU-only
data residency
0
shared-model training
Per-tenant
isolated tuning
See it on your data

Bring your own false positives.

Send us a sample of your Microsoft 365 estate. We run a baseline scan, sit down with your team to mark what's right and wrong, and show you the precision lift on a re-scan — before any commitment.

2–3 weeks
to a tuned re-scan
Read-only
Graph access
Fixed
pilot price