Classification (PODATOCI)

You can't protect data you don't know you have.

Data sprawls across cloud storage buckets, databases, code repositories, SaaS applications, and internal file shares. Sensitive data — PII, financial records, health information, intellectual property — often ends up in places it shouldn't be, with access controls it shouldn't have.

SPNT's classification module (PODATOCI) continuously discovers and classifies data across your environment. Every data asset becomes a substrate entity — linked to the findings that affect it, the compliance obligations that govern it, and the access controls that protect it.

What PODATOCI discovers

• Cloud storage. S3 buckets, Azure Blob Storage, GCS buckets. Scans contents for sensitive data patterns, not just metadata.
• Databases. PostgreSQL, MySQL, SQL Server, MongoDB. Schema analysis plus sampling for sensitive data patterns.
• Code repositories. GitHub, GitLab, Bitbucket. Detects secrets, credentials, and sensitive data committed to source control.
• SaaS data stores. Confluence, Notion, SharePoint, Google Drive. Where unstructured sensitive data often accumulates.

Classification taxonomy

PODATOCI classifies data against a standard taxonomy:

• Personal Identifiable Information (PII). Names, addresses, national IDs, birthdates, contact information.
• Financial data. Payment card numbers, bank accounts, financial statements, transaction records.
• Health information. Medical records, diagnoses, treatment information, health insurance data.
• Credentials and secrets. API keys, passwords, tokens, private keys, connection strings.
• Intellectual property. Source code, design documents, trade secrets, proprietary algorithms.
• Regulatory-specific categories. GDPR special categories, HIPAA PHI, PCI cardholder data.

Custom classification rules can be added for organization-specific data types.

Data flow tracking

PODATOCI doesn't just find data — it tracks where data flows. When sensitive data moves between systems, the flow is recorded in the substrate. This enables:

• Data lineage. Where did this sensitive data come from? Where has it been copied?
• Boundary violations. Did PII leave the EU region? Did financial data flow to an unapproved system?
• Retention compliance. Has data been retained longer than policy allows?

Integration with governance

Data classifications flow directly to REGULATIVA for compliance mapping. GDPR data subject rights. PCI cardholder data requirements. HIPAA PHI safeguards. The compliance posture of data-related obligations updates as data is discovered and classified.