A SCANNED PAGE IS MORE THAN ITS TEXT
Customer-controlled environment
What visual detection sees on one uploaded scan

printed name & ID number (OCR) · photo of the holder (face) · signature field · official stamp · handwritten note in the margin

PDF · DOCX · images · screenshots · images embedded in documents
Then the normal pipeline applies

Detected regions are masked, blocked, or held for human review — per class, per policy — before external processing.

governed content → ← response
Outside world
External AI

Receives the document only after visual detection and policy have run inside the perimeter.

Why text extraction is not enough#

A pipeline that only inspects extracted text has a blind spot the size of a scanner. The subscriber's ID card photographed into a PDF, the signature at the bottom of a contract, the screenshot of an internal dashboard pasted into a prompt — none of these arrive as clean text spans, and all of them are exactly the content a security team cares about. Visual detection closes that gap: the analysis runs on what a human would see on the page, before the page goes anywhere.

The modalities#

  • OCR and embedded text — printed and rendered text inside scans, images, and image-based PDFs is recognized and fed through the same detection classes as typed text.
  • Faces — photographs of people, including holder photos inside identity documents.
  • Signatures — signature fields and freeform signatures on contracts and forms.
  • Identity-document regions — the structured zones of ID cards, passports, and similar documents.
  • Screenshots — application windows and dashboards captured as images, a common carrier of incidental sensitive data.
  • Stamps and handwriting — official stamps and handwritten content, where supported by the configured models.
  • Images embedded in documents — pictures inside DOCX and PDF files are extracted and analyzed, not skipped.

Supported detection classes depend on the configured model and policy — visual detection is a configurable module, and its class list should be stated per deployment rather than assumed.

The same governance as text#

A detected face or signature is handled exactly like a detected phone number: policy decides whether the region is masked, the file is blocked, or the item is held for human review, and the decision lands in the same audit stream. Visual detection widens what the engine can see; it does not create a second, parallel set of rules.