Coverage that respects people and policy.
Clawscan ships with the documentation, scoping controls, and privacy filtering HR needs to run an email compliance programme that works with works councils, DPIAs, and employee consent frameworks — not against them.
Proportionality is central to lawful employee monitoring — coverage must be limited to what is necessary for a clearly defined, legitimate purpose.
What Clawscan solves.
- 01
Coverage requires a legal basis you have to defend
Employee email scanning without a documented legal basis exposes the organisation to GDPR enforcement and employment law challenges. Clawscan provides DPIA templates, legitimate interest documentation, and privacy filtering tools to support a defensible programme.
- 02
Works councils ask questions compliance tools can't answer
Scope, purpose, access controls, data retention — works councils and employee representatives need detailed answers before any coverage programme is activated. Clawscan's documentation pack is designed to support that consultation process.
- 03
Blanket coverage is disproportionate
Covering every employee for every possible domain is neither proportionate nor defensible. Clawscan's per-domain activation and Entra-based scoping lets you define exactly who is covered and for what — and document that decision.
Your compliance command centre.
Every email in your shared mailbox — scanned, classified and ready to act on. Flagged emails surface with written justifications. Your team reviews only what matters, not everything.
Illustrative mockup — actual interface may vary by environment and configuration.
An explanation your legal team can act on.
Every flag includes a written justification in plain language and the exact passage that triggered it. Not a black box — a defensible, audit-ready verdict.
- critical
Price coordination — Article 101 TFEU exposure
Language implies pre-tender pricing alignment with a direct competitor. This constitutes a per se cartel offence under EU competition law regardless of whether prices were actually aligned. Escalate to legal counsel before any reply.
“align our pricing approach before the tender closes… neither of us needs to compete on margin”
- warning
Off-contract arrangement — concealment signal
Reference to preferential terms explicitly excluded from the formal contract, combined with a request for secrecy, may indicate an attempt to hide a side agreement. Review for anti-corruption and conflict of interest exposure.
“keep this between us for now… formalise separately once the award is confirmed”
- safe
Data Privacy — no concern detected
GDPR reference is procedural only — documentation sharing is standard practice and does not indicate a data breach, unlawful processing, or consent failure. No personal data is shared in this communication.
“Our GDPR data processing documentation will follow under separate cover”
Workflows that change your programme.
DPIA-ready documentation from day one
Clawscan provides a data protection impact assessment template, a legitimate interest assessment framework, and a record of processing activities template — pre-populated with Clawscan's data flows, retention periods, and subprocessor details.
Privacy filtering for sensitive communications
Configure subject-line keywords — [Private], [Confidential], [Legal Privilege] — and any matching email is skipped before it enters the scan pipeline. Never read, never stored, never processed. The keyword list is fully in your control.
Scoped deployment — not blanket coverage
A single Entra ID security group defines exactly who is covered. Scope by department, seniority, or function. Add or remove employees at any time. Document the scoping decision as part of your DPIA.
Transparent employee communication
Clawscan supports transparent deployment — employees in scope are informed that their shared mailbox communications are scanned for legal compliance purposes. We provide a template employee communication to support your rollout.
Your team's day, with Clawscan.
- 01
Scope defined via Entra ID security group
HR and IT define who is covered using a standard Entra security group. Scope can be by department, role, or any organisational attribute. The group controls both Shield and Guard simultaneously.
Shield + Guard - 02
Privacy filter configured before scanning begins
Before any email enters the scan pipeline, the privacy filter checks subject-line keywords. Emails matching configured keywords are skipped entirely — never read, never stored.
Shield + Guard - 03
Employees in scope are notified
Transparent deployment means employees know their shared mailbox communications are scanned for legal compliance. Shield alerts are visible to the employee at the point of drafting — there is no hidden coverage.
Shield - 04
Documentation prepared for works council consultation
DPIA template, legitimate interest assessment, and processing records are provided as part of onboarding. Your HR and legal teams adapt them to your jurisdiction and internal policies & practices.
Shield + Guard
Common objections.
- Will this create works council issues?
- Clawscan is designed from the ground up with proportionality in mind — the principles works councils care most about are embedded in the architecture, not bolted on. The system scans communications for legal risk patterns, not people — there are no individual performance metrics, no behavioural profiles, no per-person statistics. Scope is explicitly defined and documented. Privacy filtering ensures sensitive communications are never processed. We provide a works council consultation pack covering purpose, scope, data flows, and employee rights — ready to adapt to your jurisdiction. Most organisations find the transparency of the system, and the clear limits on what it does and doesn't do, makes the works council conversation straightforward.
- What's the legal basis for this under GDPR?
- Legitimate interest is the most common basis — balancing the organisation's interest in compliance with employee privacy rights. Clawscan's DPIA template includes a legitimate interest assessment framework. Your DPO determines the appropriate basis for your jurisdiction.
Relevant domains.
Competition Law
Protects your organisation from cartel exposure before regulators see it — price coordination, bid-rigging, and market allocation signals caught before they leave.
Explore Competition Law →Conflict of Interest
Surfaces undisclosed relationships, self-dealing, and hidden dependencies in everyday communication — before they become governance failures.
Explore Conflict of Interest →Workplace Harassment
Identifies harassment, discrimination, and hostile conduct patterns in communication — so your organisation can act before they escalate.
Explore Workplace Harassment →
Other stakeholders in the compliance chain.
See Clawscan in action.
Book a 30-minute demo and see how Clawscan protects your organisation — and your people.
Book a demo →