{ "id": "NP-32-419-automated-tests-production-verification", "type": "case-study", "title": "419 Automated Tests: Production PII Detection Verification", "description": "13-milestone test suite covering 48 languages, 4 browsers, 35 security tests, and 285+ entity types. 419/419 tests pass (100%).", "url": "https://anonym.community/anonym.legal/NP-32-419-automated-tests-production-verification.html", "product": "anonym.legal", "driver": { "id": null, "name": "" }, "breadcrumbs": [ { "label": "Dashboard", "url": "https://anonym.community/../dashboard.html" }, { "label": "anonym.legal", "url": "https://anonym.community/index.html" } ], "content": { "sections": [ { "type": "summary", "heading": "Research Source", "content": "anonym.community March 2026 feature analysis\n\nPII anonymization vendors claim high accuracy but rarely publish test results. Customers cannot verify detection quality before purchasing. There is no industry-standard benchmark for PII detection accuracy. The result: organizations deploy PII tools without knowing their actual detection rate, discovering failures only when PII leaks through." }, { "type": "summary", "heading": "Executive Summary", "content": "PII vendors claim high accuracy but publish no test results. Organizations deploy tools without knowing actual detection rates. Failures are discovered when PII leaks — not during evaluation.\n\nanonym.legal publishes a 419-test suite with 100% pass rate, covering 13 milestones, 48 languages, 4 browsers, and 35 security tests. Full test results are publicly available at /docs/testing/pii-detection." }, { "type": "problem", "heading": "The Problem: Unverified Accuracy is Unverified Compliance", "content": "GDPR Article 32 requires 'appropriate technical measures' for data protection. If an organization deploys a PII detection tool claiming 95% accuracy but actual accuracy is 70%, the organization has a 30% compliance gap it doesn't know about. Without published test results, every accuracy claim is marketing — not engineering. Organizations need verifiable, reproducible test results to assess whether a PII tool meets their compliance requirements.\n\nIrreducible truth: An accuracy claim without published test results is not a technical specification — it is marketing copy. Verifiable accuracy requires published tests with reproducible methodology, covering all claimed entity types and languages.", "atomicTruth": "Irreducible truth: An accuracy claim without published test results is not a technical specification — it is marketing copy. Verifiable accuracy requires published tests with reproducible methodology, covering all claimed entity types and languages." }, { "type": "solution", "heading": "The Solution: How anonym.legal Addresses This", "content": "The test suite covers: M01 Basic PII detection, M02 Entity filtering, M03 Multi-language (48 languages), M04 Batch processing, M05 File formats, M06 Custom entities, M07 Encryption/decryption, M08 Office Add-in, M09 API endpoints, M10 MCP Server, M11 Chrome Extension, M12 Desktop integration, M13 Security tests.\n\nEach of the 48 supported languages is tested with language-specific PII examples. German Personalausweis numbers, Japanese My Numbers, Arabic names, Hebrew addresses, Korean RRNs — all verified with real-world format examples.\n\nSSRF protection, ZK auth verification, timing-safe comparisons, CSRF protection, rate limiting, Retry-After headers, API key validation, session management, and more. Security tests verify that PII processing cannot be exploited.\n\nFull test results published at /docs/testing/pii-detection with 13 milestone reports, 151 screenshots, and token usage tracking. Anyone can verify the 419/419 (100%) pass rate." }, { "type": "compliance", "heading": "Compliance Mapping", "content": "This feature directly supports GDPR Article 32 (security of processing — documented technical measures), ISO 27001 Annex A.14 (system testing), and procurement requirements for evidence-based vendor evaluation.\n\nanonym.legal's GDPR, HIPAA, PCI-DSS, ISO 27001 compliance coverage, combined with Hetzner Germany, ISO 27001 hosting, provides documented technical measures organizations can reference in their compliance documentation." }, { "type": "specifications", "heading": "Product Specifications", "specs": { "Entity Types": "320+", "Detection": "3-layer hybrid: Presidio + NLP + Stance classification", "Test Coverage": "100% (419/419 tests)", "Languages": "48", "Anonymization Methods": "Replace, Redact, Mask, Hash (SHA-256/512), Encrypt (AES-256-GCM)", "Platforms": "Web App, Desktop, Office Add-in, Chrome Extension, MCP Server, REST API", "Pricing": "Free €0, Basic €3, Pro €15, Business €29", "Hosting": "Hetzner Germany, ISO 27001", "Compliance": "GDPR, HIPAA, PCI-DSS, ISO 27001" } } ] }, "relatedLinks": [ { "label": "NP-31: LibreOffice PII Anonymization", "url": "NP-31-libreoffice-pii-anonymization-writer-calc-impress.html" }, { "label": "NP-33: Three NLP Engines Combined", "url": "NP-33-three-nlp-engines-spacy-stanza-xlm-roberta.html" }, { "label": "NP-34: Zero-Knowledge Auth: 7 Platforms", "url": "NP-34-zero-knowledge-auth-7-platforms-one-protocol.html" }, { "label": "NP-35: MCP Server: 7 Tools for AI-Native PII", "url": "NP-35-mcp-server-7-tools-ai-native-pii.html" }, { "label": "NP-36: PII Pricing: Free to Enterprise", "url": "NP-36-pii-pricing-scales-free-to-enterprise.html" }, { "label": "anonymize.solutions Case Studies", "url": "../anonymize.solutions/index.html" }, { "label": "cloak.business Case Studies", "url": "../cloak.business/index.html" }, { "label": "anonym.plus Case Studies", "url": "../anonym.plus/index.html" }, { "label": "Back to anonym.legal Index", "url": "index.html" }, { "label": "Structural Analysis", "url": "../structural-analysis.html" }, { "label": "Dashboard", "url": "../dashboard.html" }, { "label": "Solution Finder", "url": "../solution-finder.html" }, { "label": "Coverage Matrix", "url": "../comparison.html" }, { "label": "PII Scanner", "url": "../scanner.html" } ], "metadata": { "lastModified": "2026-03-14" } }