Regixo docs
Data catalog · engineer

Read the map

The map is a searchable catalog of your data’s structure — datasets, columns, owners, lineage, and which columns look like personal data. Reading it well means knowing what Regixo actually measured, how much to trust each flag, and where the honest gaps are.

say

“Open the Regixo dashboard in my browser.”

Show the commandHide the commandShow the sentenceHide the sentence
run
$ regixo open

Opens the map in your browser at localhost:4319. From the terminal you can search it too:

say

“Search my Regixo catalog for columns that look like email addresses.”

Show the commandHide the commandShow the sentenceHide the sentence
run
$ regixo search email

Three ways to reach the same map — pick whichever fits the moment:

▤ In the dashboard

regixo open lands on the Map. Search from the box ("Search datasets & columns…") or narrow the rail with the filters — Source, Personal data, Art. 9, Art. 10, Undescribed, each carrying a live count. Open a dataset and the pane holds every action: Correct a column's flag, Save or Draft a description, and Assert a flow into or out of it. A tour: the free portal tour.

⌨ Say it, or run it

Both actions are at the top of this page: regixo open and regixo search. Say the sentence to the coding agent already open in your project, or run the command yourself — it is the same command in the same shell, either way.

✦ A connected assistant

A different surface. Register the read-only regixo mcp server once, and an assistant answers "where is X · what's personal · what feeds this table" by chaining search_datasetsget_datasetget_lineage. It reads; it never changes the map. See Use an AI agent.

What the map looks like

The Map is a workbench, and it fits on one screen. One toolbar across the top carries the title, the counts and the coverage meter ("10 of 10 sources reached"). The rail on the left holds the search box, the filters, and one collapsible fold per source — each fold counting its datasets and its personal-data columns, and grouping the tables it flagged as holding personal data above the ones it didn't. The rail and the pane scroll independently. Below is the real thing — the toolbar, and the rail with the stripe fold opened. (The five filters sit above the folds; they are shown, with their live counts, on Classify & correct.)

what you’ll see — the Map workbench: the toolbar, the rail with one of your ten source folds open, and the line the pane opens with

Before you pick anything, the pane opens with that one line of plain English — and, under it, the trust panel (Reached · Fresh · Confirmed · Sealed — the same verdict an AI assistant gets from get_provenance) and a card per source (datasets · personal · sensitive · when it was last scanned).

Open a dataset and the pane answers four questions in order: what it is (source, driver, when it was scanned, row estimate, who owns it in the database, and a plain-words summary), what it holds (every column, its type, its personal-data flag — and the small grey note saying how Regixo recognised it), what it's for (the description), and where the data flows. Every flag carries a Correct control, and a labels legend explains the colour codes without a hover. Below is the top of that pane — what it is, and what it holds. The description box and the lineage river sit under it, and are shown on Enrich & share.

what you’ll see — the Map, with a dataset open: the top of the pane on app-db / app / customers — what it is, and its columns
Regixo data catalog · free & local

Data map

63 datasets · 170 personal-data columns

10 of 10 sources reached
Show

app-db / app / customers

● 5 personal
Source
app-db · Postgres · scanned 28h ago
Rows
Columns
7 · 5 personal
Classified by
7 auto
DB owner
regixo

In plain words: this dataset holds 5 kinds of personal data — date of birth, email, name, national id, and phone. That’s why it feeds your compliance record →

Columns

What do the labels mean?tap to learn the colour codes
● personalLooks like personal data — a name, email, and so on.
⚠ Art. 9Extra-sensitive (health, beliefs, biometrics). Stricter rules apply.
⚠ Art. 10Criminal-offence data. Processed only under official authority or where the law allows.
? unknownA container column (json, blob) Regixo can’t see into — confirm it yourself.

The small grey note (e.g. “by field name”) says how Regixo recognised it. Regixo reads column names and types only — never the values — so double-check anything that looks wrong.

ColumnTypePersonal data
created_attimestamp with time zone optionalnot personal
Correct
A mechanical fix, never a legal judgement. It overrides Regixo’s detection, survives every re-scan, and is logged in What changed.
date_of_birthdate optional● Date of birth by field name
Correct
A mechanical fix, never a legal judgement. It overrides Regixo’s detection, survives every re-scan, and is logged in What changed.
emailtext required● Email by field name
Correct
A mechanical fix, never a legal judgement. It overrides Regixo’s detection, survives every re-scan, and is logged in What changed.

Regixo read the column names and types — never the values. The small grey note beside a flag says how it was spotted; row count is an estimate from the database’s own statistics.

What the scanner reads — and refuses

Regixo reads metadata only. It never runs SELECT *, never counts rows, and never reads a value out of a table. Concretely, per dataset it collects:

CollectedFromNotes
Tables, columns, data types, nullabilityinformation_schemaAll SQL databases. VIEWs are catalogued as datasets too.
Row-count estimates + owning DB rolepg_class.reltuplesPostgres/Redshift only. The planner’s estimate — shown as ~N rows (estimate), never a COUNT(*). Never ANALYZEd → shown as unknown, never a fake 0.
Automatic lineage (view → table)pg_depend / pg_rewritePostgres/Redshift only. Relation names, never SQL-text parsing.
Personal-data flagscolumn names + typesThe classifier runs on names and declared types — never values.
The hard line Raw data never leaves your machine (Hard Rule #2). If Regixo ever sampled a value to check a classification, it would do so in memory and discard it — no sampling connector is even built today.

MySQL and SQL Server give tables, columns and types, but no auto row-estimates or auto lineage (those come from Postgres catalog tables). That’s a limit, stated honestly on the map.

How a column gets flagged

Every personal-data flag comes with the rule that matched and a confidence, so you can judge it. Regixo evaluates rules in order and takes the highest-confidence hit; a column is “personal data” when the best confidence is ≥ 0.6.

TierConfidenceWhat it catches
Deny-list1.0 (hard-stop)Special category (Art. 9) and criminal-offence (Art. 10) terms — e.g. health_status, diagnosis, =race, conviction_date.
Name rule0.9The common kinds by column name — email, phone, name, address, national_id, financial, ip, …
Regex0.7Backstop patterns for email / phone / ssn·nino·tax_id.
Your patterns0.7Anything you add in regixo.yml pii.extraPatterns.
Type rule0Opaque json/jsonb/blob/bytea → “contents unknown (needs you)”. Never personal by itself.
Why trace_id isn’t flagged as “race”

Matching is whole-token, never substring. Regixo splits a name on camelCase and any non-letter (trace_idtrace, id), so the deny-list term =race (which means “the entire name is exactly race”) can’t match trace. That precision is why the classifier has zero false Art. 9 flags on the infrastructure benchmark set.

Languages

The classifier ships term packs for many languages. Recall is benchmarked and passing for English, German, French and Dutch (≥ 0.85 recall on ordinary personal data, zero false Art. 9 on infrastructure). Spanish, Italian, Portuguese, Polish, Swedish, Danish and Romanian have terms, but their recall is not yet measured — treat those as best-effort and check them.

The kinds you’ll see

Each flagged column carries a human label:

⚠ Art. 9Special category — health, beliefs, ethnicity, biometrics, sexual orientation, trade-union… Stricter rules apply; it has its own count and its own filter.
⚠ Art. 10Criminal-offence data — processed only under official authority or where the law allows. A separate class from Art. 9.
? unknownA container column (json, blob) Regixo can’t see into — you confirm what’s inside.
not personalNo rule matched, and nobody has corrected it. Regixo says so rather than leaving the cell blank.
…plus Email · Phone · Name · Address · Date of birth · National ID · Financial (card/IBAN) · IP address · Location · Identifier · Gender · Credential/secret · Employment · Personal detail.

Lineage

Lineage arrows show where data flows. They come from three places, and the map tells you which:

Open a dataset and its flows draw as a vertical river: Comes from above, the dataset itself on the trunk, Feeds into below. Every chip reads name · source — so customers · app-db is never confused with customers · mysql-db — and each caption says who claims the flow (via dbt, via the warehouse, asserted by you). The head of each pane counts the reach: 2 direct, or 7 direct · 13 total when the chain runs deeper (a cycle-guarded closure). A join, a loop, or an endpoint Regixo hasn’t scanned is stated in words, never left to a guess — and a dashed chip is exactly that: an endpoint someone claims, that isn’t on the map.

Something looks wrong? If a column is flagged that shouldn’t be (or missed one that should), you correct it — and the correction sticks across re-scans. That’s the next page: Classify & correct.
REGIXO — documentation · every flag shows its rule and confidence · Glossary