Platform

Upload, Classify, Discover and Report.

Sylure validates bundle intake, maps personal data exposure back to the underlying assets, supports DSAR Discovery workflows and produces governance-ready reporting. Built to be readable for non-technical stakeholders — and practical for teams who need evidence, traceability and controlled handling.

How it works

Four steps from raw exports to audit-ready evidence

Step 1

Upload & Classify

Upload ZIP bundles. The pipeline validates, extracts and indexes assets with visible stages.

Step 2

Map & Prioritise

Personal data exposures are anchored to source files and scored by risk for systematic prioritisation.

Step 3

Discover & Respond

Search across uploads to locate data subjects and assemble defensible bundles for DSAR response.

Step 4

Report & Govern

Scoped dashboards, exportable audit logs and retention controls for stakeholder reporting.

Detection Coverage

What Personal Data Does Sylure Detect?

Pattern-based detection across identity, contact, financial and government categories — tuned for UK formats and continuously expanded.

0Personal Data Types

0Categories

0+File Formats

Contact

Email Address
Phone Number

Identity

Full Name
Date of Birth

Address

Postcode
Postal Address

Financial

IBAN (International Bank Account Number)
Bank Details (Sort Code & Account Number)
Card Number

Government

National Insurance Number
UK Driving Licence Number
NHS Number
UK Passport Number

Detection patterns are continuously expanded.

File Coverage

Supported File Types

Upload ZIP bundles containing any mix of these formats — Sylure extracts and indexes each file automatically.

Spreadsheets

.csv.tsv.tab.psv.xls.xlsx.xlsb.xlsm.ods

Documents

.pdf.docx.odt.pptx.odp.rtf

Email & Mailbox

.eml.msg.mbox

Structured Data

.json.ndjson.jsonl.xml.html.htm.xhtml.sql

Plain Text

.txt.log.md.markdown.rst

Config

.yaml.yml.ini.cfg.conf.env.properties.toml

Platform

Platform walkthrough

From validated intake to DSAR discovery and audit-ready governance — each module stays tied to the underlying assets.

Validated Intake

Know exactly what was processed and when

Upload ZIP bundles — exports, archives, case folders — and move through a consistent pipeline with guardrails, visible stages and retention-aware lifecycle controls.

Controlled Intake

Stages + outcomes visible

Start with the data you already have, without connector rollout overhead.
Size, entry count and extraction limits keep intake predictable.
Processing stages visible to reviewers: validation, security checks, indexing.
Bundle lifecycle controls support storage limitation and retention posture.

Validated bundle ingestionSecurity-first pipelineRetention-aware lifecycle

Upload & scan pipeline

ZIP bundles flow through validation, ClamAV scanning, extraction and PII indexing with lifecycle tracking.

Upload & scan pipeline

ZIP bundles flow through validation, ClamAV scanning, extraction and PII indexing with lifecycle tracking.

Exposure Mapping — Exposures

See where personal data sits across your assets

The detection engine parses common file formats, identifies personal data and anchors every exposure to the source file and path. Risk scores combine sensitivity weights, combo modifiers and volume multipliers so teams can prioritise systematically.

Asset-Linked

Exposures tied to file/path

13 personal data types across 5 categories: Identity, Contact, Address, Financial and Government.
37 file formats across documents, spreadsheets, data, email, text and config files.
Risk scores map to LOW/MEDIUM/HIGH bands for prioritisation.
Evidence shown as masked snippets to validate context safely during review.

Regex + heuristicsCategorised exposureMasked evidence by default

Exposure mapping

Detect personal data across file formats with risk scoring, categorised exposure and masked evidence.

DSAR Discovery

Locate a data subject and assemble a defensible bundle

Search across uploads using common identifiers, consolidate matches to the same individual and export evidence-backed bundles with asset references — ready for your response workflow.

Case-Style View

Search, consolidate, export

Direct search across assets.
Subject bundle consolidates multiple identifiers against the same individual.
Review results with masked evidence and asset references for traceability.
Export masked or unmasked personal data — masked by default, unmasked when authorised.

Search across uploadsDiscovery workflow supportEvidence-backed exports

DSAR discovery search

Cross-upload search by identifier with identity matching, subject consolidation and defensible export.

Analytics — Overview

High-level exposure overview across the organisation

High-level exposure overview — total assets processed, findings summary, risk distribution across the organisation. Entry point before drilling into detailed analytics.

Overview

Org-wide exposure snapshot

Total assets processed and findings summary at a glance.
Risk distribution across the organisation by severity band.
Entry point before drilling into detailed analytics views.
Quick orientation for stakeholders and new reviewers.

Risk distributionAsset summaryFindings overview

Exposure overview

High-level snapshot of total assets, findings and risk distribution across the organisation.

Sylure AI — DSAR

Discovery briefing and risk assessment from search results

Generate a structured discovery briefing from DSAR search results — key findings, risk assessment and recommended next steps. Anti-hallucination protocol grounds output to indexed evidence.

AI Discovery

Report from search results

One-click report from any DSAR search result set.
Risk assessment with exposure summary and severity breakdown.
Anti-hallucination protocol — grounded to indexed evidence only.
Included per upload, powered by GPT-4o-mini.

Evidence-groundedAnti-hallucinationStructured report

DSAR AI discovery briefing

Generate a structured discovery briefing from DSAR search results with risk assessment and recommended actions.

Exports — DSAR

CSV/JSON evidence pack with compliance references

Export DSAR search results as a structured evidence pack — report ID, summary stats, compliance references (GDPR, DPA 2018, CCPA), exposure rows with masked evidence and data type breakdown.

Evidence Pack

CSV/JSON with refs

Report ID and summary statistics for audit traceability.
Compliance references: GDPR Art 15, DPA 2018 s45, CCPA §1798.100.
Exposure rows with masked evidence snippets and file references.
Data type breakdown by category and sensitivity level.

Structured exportCompliance refsMasked by default

DSAR evidence export

Export search results as a compliance-ready evidence pack with masked personal data and audit references.

Governance Controls

Access, audit and retention — built in

Role-based access, immutable audit logs and two-phase deletion keep your workspace aligned with governance expectations.

Retention & Deletion

Align data lifecycle with storage limitation

Two-phase deletion — soft delete hides immediately, hard purge removes derived data after a grace window.

Retention + Deletion

Soft delete → hard purge

Schedule deletion by upload ID with optional reason.
Soft delete hides from dashboards, DSAR, analytics instantly.
Hard purge runs automatically after configurable grace period.
Raw bundles auto-expire via S3 lifecycle (30 days default).

Grace windowImmediate hideTombstone audit

Retention, deletion & purge

Schedule deletion and prune derived outputs to align with retention posture and storage limitation.

Retention, deletion & purge

Schedule deletion and prune derived outputs to align with retention posture and storage limitation.

Next step

See Sylure on your data

We'll walk through the full platform — intake, exposures, discovery, reporting and governance — using your typical bundle shape.

Request a demo See pricing