Tuned to
your data.
Generic detection flags the wrong things and misses what's uniquely yours. DataMapper adapts to your data — safely — so precision climbs and the sensitive information no standard taxonomy knows about still gets caught.
Two engines. Already trained hard.
DataMapper doesn't lean on one trick to find sensitive data. It runs two complementary detection engines — refined over years on large volumes of real, GDPR-labelled data, across languages and document types.
Precision on known formats.
Deterministic pattern matching locks onto structured identifiers — CPR, passport, driver's licence, bank card — matched and validated by format and structure, not guesswork.
Understanding, not keywords.
Azure OpenAI's embedding model turns the text around each candidate into a vector and classifies it by meaning — surfacing sensitive context that no fixed pattern could ever describe.
Patterns give certainty on known numbers; vectors give understanding of messy, unstructured content. Run together, they detect risk data that either method alone would miss — which is why the engine already performs out of the box, before any tuning.
A false positive is a tax on trust.
Accuracy isn't a vanity metric. It's the thing that decides whether your team keeps using the system after the first week — and whether the sensitive data that matters to you ever surfaces at all.
Noise costs real hours.
Every incorrectly flagged file is a person's time spent dismissing it. At scale, review labour — not compute — is the dominant cost of a scan. A model that cries wolf gets switched off.
Your risks aren't generic.
A standard taxonomy doesn't know your internal employee IDs, project code-names, proprietary contract types or sector-specific terms. What's most sensitive to you is often invisible to an off-the-shelf ruleset.
Four steps. One tuning loop.
We start from your real data, review it with the people who understand it, then calibrate the model to your context. No model is ever fine-tuned on your documents — we adjust the classifier, the taxonomy and the patterns around a fixed embedding model.
Detect candidates.
RegEx and machine learning surface candidates; Azure OpenAI's embedding model vectorises each candidate's surrounding context and scores it against a curated taxonomy. Vectors are discarded after classification.
Mark the truth.
Sit with the people who know the data. Confirm true findings, mark false positives, and point out sensitive material the baseline missed. The result is a set of labelled examples from your own estate.
Adapt to context.
Those examples tune the classifier's decision thresholds, extend the taxonomy with concepts specific to your organisation, and refine detection patterns for your regional formats — all isolated to your tenant.
Measure the lift.
Run the scan again. False positives fall, your company-specific types now register, and the loop can repeat whenever your data or risk profile changes.
Tuned on your data. Never at its expense.
Learning from your examples and protecting them are the same requirement. Customisation runs inside the same GDPR-first boundary as the rest of the pipeline.
- Stays in the EU. Processing runs in an EU Azure region. Your data does not leave the boundary.
- Encrypted throughout. TLS 1.2 in transit, AES-256 at rest — standard across every stage of the loop.
- Isolated to your tenant. Your examples tune only your model. Nothing is pooled into a shared or global model used for other customers.
- Minimal and time-boxed. Embeddings are ephemeral; labelled examples are retained only for an agreed tuning window, then deleted.
- Lawful basis, with an opt-out. The basis for using your data to tune is defined up front, and you can decline at any point.
- Access controlled and logged. Human access is restricted to named senior staff under written request, and every access is recorded.
What tuning is — and isn't.
Calibration on your own examples.
- A short, structured review with the people who know your data.
- A classifier and taxonomy tuned to your vocabulary and formats.
- Fewer false alarms, plus company-specific risks now surfaced.
- Every rule and threshold visible, adjustable and reversible.
Not a generative model learning your documents.
- Not fine-tuning a generative language model on your files.
- Not feeding your data into a shared or global model.
- Not a permanent copy of your documents held on our side.
- Not a black box you can't inspect or roll back.
Precision you can stand behind.
Not from a bigger model. From a model that has seen your data and been corrected by the people who own it.
Higher precision, honestly earned
Context-aware embeddings score each candidate against its surrounding text, then calibration on your labelled examples tightens the decision boundary — targeting the metric that decides adoption: false positives.
Catches what's uniquely yours
Internal identifiers, code-names, contract types and sector terms enter the taxonomy as first-class sensitive concepts — so the risks specific to your organisation stop hiding in plain sight.
Safe and compliant by design
EU-resident, encrypted, tenant-isolated and time-boxed. Tuning strengthens your governance posture instead of quietly creating a new copy of your data to worry about.
Fast, and repeatable
One review session drives a measurable lift. Re-run the loop whenever your data changes — no lengthy retraining project, no consultants required.
Bring your own false positives.
Send us a sample of your Microsoft 365 estate. We run a baseline scan, sit down with your team to mark what's right and wrong, and show you the precision lift on a re-scan — before any commitment.


