Home / User stories / DLP at egress
PVPriya · Privacy Officer, healthcare
DLP at egress

Stop sensitive data at the moment it tries to leave.

Priya doesn’t want another after-the-fact leak report. She wants the decision made at the door: block it, make them justify it, or redact it — every time, on every channel.

The reality today

Leaks are found after they happen

Detection ≠ prevention

Classic DLP flags exposure in a report, long after the data is gone.

Too many exits

Downloads, connector exports, and AI answers are separate doors with separate gaps.

Blunt rules

All-or-nothing blocking frustrates users and gets switched off.

How the system works

Every egress runs through one live decision

Document tries toleavePII · destination · rolePolicy matchat egressregulated PII → externalBlockrefused + loggedconfidential → externalRequirejustificationpromptednon-privileged roleRedactPII removedwithin policyAllowrecorded
See it in the product

Model an egress and see the decision before it happens

Data protection

Stop sensitive data the moment it tries to leave

Model an egress — a credit-card number leaving the tenant on download — and see the decision before it happens: block, require justification, or redact for non-privileged roles. The same policies run live on every export, not as an after-the-fact report.

Fileport product — Stop sensitive data the moment it tries to leave
What happens, step by step

From problem to proof

1

Detect what’s inside

Sensitivity and PII types are identified as documents are ingested and classified.

2

Evaluate at the door

On every download, export, or answer, policy weighs content, destination, and role.

3

Choose the right action

Block, require justification, or redact for non-privileged roles — not all-or-nothing.

4

Log the decision

Every egress decision is written to the tamper-evident ledger.

Why it lands

What Priya can prove

Live
enforcement, not reports
3
graded actions: block · justify · redact
Every channel
download · export · answer
FAQ

Common questions

Does this cover AI answers?

Yes. Answers are an egress channel like any other and run through the same policies.

Can we require justification instead of blocking?

Yes. Policies support block, require-justification, and redact, so legitimate work isn’t halted.

Is each decision auditable?

Every egress decision is recorded on the hash-chained ledger with actor and context.

Related reading

Keep exploring

See this on your own data.

Book a demo — we’ll connect a system, ingest a sample, and show this working on your estate.

Book a demo