top | item 45761471

Show HN: AI tool to scan internal docs for GDPR violations before audits

2 points| kinottohw | 4 months ago

I’m building SafeDocs-AI, an AI tool to help teams check internal documents for GDPR compliance and spot sensitive info before it accidentally leaks out.

The workflow is simple: you connect your Dropbox, Google Drive, OneDrive, Dropbox accounts, then scan documents individually or in bulk. The AI analyzes each document and adds inline comments for lines that might contain sensitive or non-compliant data, with suggestions for corrections. There’s also a reporting page that summarizes the types of issues across all scanned documents. We’ve been testing entirely with synthetic/fake data.

If you want to see it in action, here’s a short demo video showing the tool workflow (all fake data): https://www.safedocs-ai.com/video/demo.mp4

I’m mostly looking for feedback from this community:

- Would a tool like this actually help teams in their workflow?

- Any obvious privacy/security pitfalls I might be missing scanning across multiple platforms?

- Ideas for making the AI’s annotations helpful without overwhelming users?

Any thoughts, feature ideas, or general feedback would be hugely appreciated. I’m trying to figure out whether this would be genuinely useful for compliance teams before building more.

For those curious to try it yourself: https://www.safedocs-ai.app/login

14 comments

pavel_lishin|4 months ago

Wouldn't the act of allowing this service to scan your docs potentially violate compliance, if the data there does contain things that shouldn't leak?

kinottohw|4 months ago

You're right, now we’re only testing with fake/synthetic data, so no real info is ever scanned. We’re already using local processing, encryption, and access controls to make sure everything stays compliant.

hobofan|4 months ago

Yup. Maybe the business model could be to automatically forward the offense to the sactioning agency and take a cut of the penalty?

kingnothing|4 months ago

You need to have compliance certifications or no one will use this. Think along the lines of SOC2, HIPAA, willingness to sign BAAs, etc. The hardest part of this company is going to be sales. You're not selling to small businesses who will pop in a credit card number -- this is an offering for enterprises with annual agreements and longer sales cycles.

Also, consider supporting CCPA for California businesses.

kinottohw|4 months ago

Actually, we’re mostly targeting small companies (10–50 people) that need guidance to avoid big fines but can’t afford the bigger, full-featured compliance tools. Do you think there’s really no room for something like this in the market without having all the compliance certifications first?