Data security architecture: your rows never leave your browser.

Most data quality and profiling tools ask you to upload a file to their servers before they can analyze it. That upload is a security and compliance liability the moment your CSV or Excel file contains customer emails, phone numbers, SSNs, or any other sensitive column. Sohovi is built specifically to remove that liability: there is no upload step for your raw data, ever.

Instead, when you drop a file into Sohovi, it's read locally using the browser's native File API and processed inside a sandboxed Web Worker — an isolated JavaScript thread that has no ability to make outbound network requests with your file contents. Profiling, the 10-dimension DQ scoring engine, rule evaluation, and PII detection all run in that worker. The only things ever written to our database are aggregated DQ scores, rule definitions, and run metadata — never a single raw row.

This isn't a policy promise, it's a verifiable architecture. Open your browser's DevTools, go to the Network tab, and run a profiling pass on a real file — you'll see zero outbound requests carrying your data. See our pricing page for what's included at each plan, or read about how PII detection flags sensitive columns before you ever share results with a teammate.

Privacy Architecture

Your data never leaves your browser.That's the architecture.

This isn't a marketing tagline — it's how the product is engineered. All file reading, profiling, and scoring runs inside Web Workers in your browser tab.

How it actually works

  1. 1

    You select a file from your device

  2. 2

    Sohovi reads it using the browser File API — no network request

  3. 3

    All processing runs in a Web Worker — isolated, off the main thread

  4. 4

    Only DQ scores, rule metadata, and aggregated summaries are ever stored

Don't take our word for it.Open DevTools → Network tab while running an analysis. You'll see zero outbound requests for your data.

No Server Upload

Raw data never leaves your machine. File reading happens entirely via the browser File API.

Client-Side Processing

All computation — profiling, scoring, rule evaluation — runs in Web Workers inside your browser tab.

No Cloud Storage

Your rows are never written to any database. Only DQ scores and rule metadata are stored.

GDPR-Friendly by Design

No PII is transmitted. No consent is required for the processing layer.

Zero Breach Risk

There is nothing on our servers to breach. Your data exists only in your browser session.

PII Detection Built In

Identify sensitive columns — emails, phones, SSNs — before you share results with anyone.

Compliance and regulated data

Because raw data never transits our servers, Sohovi does not act as a data processor for your customer or patient records under GDPR, HIPAA, or similar frameworks — there is nothing on our infrastructure to process, store, or breach. Teams in healthcare, finance, and HR typically clear internal security review quickly because the usual questions (where is data stored, who has access, what happens on a breach) have a simple answer: nowhere, no one, and nothing, respectively.

Have a specific security questionnaire or need a written data processing statement for procurement? Reach out at hello@sohovi.com.