Dezcry Platform
Documentation

Dezcry is a self-service, AI-powered eDiscovery platform for privacy, legal, and compliance teams. It provides a complete workflow to ingest documents, review responsive material, apply AI-powered redactions, classify documents, search, and export disclosure-ready sets — all with a full audit trail and role-based access controls.

Unlike heavyweight eDiscovery suites, Dezcry is designed for internal teams who need a streamlined, defensible process without specialist eDiscovery admins or outsourced review support. All AI models run on internal infrastructure within the same Azure environment — no document data is sent to third-party AI services.

Navigate to your Dezcry instance's login page and enter your email address and password. If your organisation has enabled two-factor authentication (2FA), you will be prompted to enter a time-based one-time password (TOTP) from your authenticator app after entering your credentials.

If you have been invited to join Dezcry, you will receive an email with a unique invitation link. Click the link to set up your password and configure 2FA. Invitation links are single-use and expire after a set period.

A matter is the top-level container in Dezcry. Each DSAR, investigation, or review project is organised as a separate matter with its own documents, workflows, users, and audit trail.

To create a matter, navigate to the Matters page and click Create Matter (admin role required). You will be asked to provide:

Clicking into a matter takes you to the matter dashboard — the central workspace for that matter. The dashboard shows a searchable, filterable table of all documents in the matter, along with access to all matter-scoped features via the sidebar navigation:

• Documents — browse, search, filter, and review all documents
• Upload — ingest new documents into the matter
• Redaction — create and manage AI redaction sets
• Classification — configure and run AI classification jobs
• Export — build and run disclosure-ready export packages
• Search Terms — create keyword search term sets and reports
• AI OCR — run optical character recognition on image documents
• Password Bank — manage passwords for encrypted files
• Audit — view the complete audit trail for this matter
• Reporting — view analytics dashboards and metrics
• Billing — view storage usage and costs for this matter

The document table supports bulk actions — select multiple documents to apply batch operations such as tagging, classification, or status changes. A background task tray shows the status of any running jobs (redaction, classification, export) in the matter.

Matter settings control the behaviour of AI features and reviewer workflows within the matter. Administrators can configure:

• Decision fields — custom fields that reviewers can set on each document (e.g. "Relevance", "Privilege Status", "Data Category"). Fields can be single-select, multi-select, or free text.
• Summary language — the language used for AI-generated document summaries.
• Matter status — open, closed, or archived. Closed matters are read-only; archived matters are hidden from the default view.

Navigate to the Upload page within a matter to ingest documents. Dezcry supports drag-and-drop file upload or traditional file selection. You can upload individual files or container files (PST, ZIP, 7Z, RAR, TAR, GZ) which will be automatically extracted.

Before processing begins, configure the following options:

You may also specify custodian information and data source metadata for chain-of-custody tracking. Available data sources include: Laptop, Desktop, Server, O365 Email, O365 OneDrive, SharePoint, Google Workspace, Mobile Device, External Hard Drive, USB Drive, Network Share, Cloud Storage, Backup Tape, Database, and Other.

Dezcry supports over 100 file types out of the box. During ingestion, all files are extracted, their text content is parsed, metadata is captured, and they are indexed for search.

When global deduplication is enabled, Dezcry performs top-level exact deduplication — the standard approach used in eDiscovery. This is an important distinction: Dezcry identifies and removes files that are byte-for-byte identical based on their MD5 hash, but it does so at the top level of the document hierarchy.

Deduplication is scoped globally across the entire matter, meaning a file uploaded by one custodian will be deduplicated against files from all other custodians in the same matter. The first instance ingested is kept as the master documentand all subsequent identical copies are removed. Deduplication results include:

• Master document — the first instance of each unique file, retained in the review set with full metadata and family relationships
• Duplicate group — all copies of the same file, linked back to the master for audit purposes
• Bytes saved — total storage savings from removing duplicate copies
• Custodian tracking — the system records which custodians held copies of each deduplicated file, preserving chain-of-custody information even though the duplicate copies are removed from the active review set

The upload summary report details every duplicate group with file names, sizes, and the master document reference. This provides a defensible record of exactly what was deduplicated and why.

Email threading groups related emails into conversation threads, identifying the hierarchical reply chain. Threading is applied at the point of ingestion, which means non-inclusive emails are identified and can be excluded from the review workspace before any downstream processing occurs. This is a deliberate design choice — by filtering out redundant emails upfront, organisations save significantly on hosting costs (less storage, smaller search indices) and AI processing costs (fewer documents to classify, redact, and summarise).

Each email in a thread is classified as:

• Inclusive — contains unique content or attachments not present in later messages in the thread. These are the messages reviewers should focus on, as they represent the most complete version of each point in the conversation.
• Non-inclusive — the full content of this email is already contained in a later, more complete message in the thread. Reviewing these would be redundant, as the inclusive message already captures everything.

When the Inclusive Only option is enabled during upload, non-inclusive emails are excluded from the active review workspace entirely. They are still retained in the system for audit purposes, but they do not count toward hosting storage, are not indexed for search, and are not processed by AI classification, redaction, or summarisation — directly reducing costs.

Threading uses email headers (Message-ID, In-Reply-To, References) and the Microsoft Exchange Conversation Index to build accurate thread trees. The threading summary reports:

• Total emails processed and how many were threadable
• Number of inclusive vs. non-inclusive messages
• Non-inclusive emails excluded from the review workspace
• Thread groups identified
• Any threading errors encountered

NIST filtering removes known system files, operating system components, and software runtime files from the review set. These files are identified by matching their hash values against the NIST National Software Reference Library (NSRL) — a comprehensive database of known, non-relevant system files.

NIST-filtered files are flagged and excluded from the active review workspace but are retained in the system for audit purposes. The upload summary reports the count and details of filtered files.

During ingestion, some documents may encounter processing exceptions. Dezcry tracks and reports these in the upload summary:

Each exception includes the document ID, filename, exception type, and a descriptive message to help diagnose and resolve the issue.

Every upload creates a processing batch with a unique display ID (e.g. UPL-001). Navigate to the Uploads page to view all batches for the matter, including:

• Batch status (processing, completed, failed)
• Total files submitted and processed
• Counts by outcome (processed OK, encrypted, corrupt, duplicates, NIST-filtered)
• Decryption results (successful, failed)
• Children extracted (attachments from container files)
• File type distribution
• Processing duration
• Upload set MD5 hash for chain-of-custody verification

Click into any batch to see the detailed processing report, including per-document exception details, deduplication groups, and threading statistics.

The main matter workspace displays all documents in a searchable, sortable table. Each row shows the document's filename, type, status, size, custodian, and any applied tags or decisions. Key features include:

• Full-text search — keyword search across document content, filenames, and email metadata using eDiscovery-grade Elasticsearch
• Column filters — filter by status, file type, custodian, date ranges, tags, relevance coding, and custom decision fields
• Bulk selection — select multiple documents for batch operations like tagging, decision coding, or export
• Sort — sort by any column including filename, date, size, relevance, or type
• Saved searches — save any combination of search query and filters for reuse

Click any document to open the full document viewer. The viewer provides a rich, multi-panel interface for reviewing individual documents:

• Document display — native rendering of the document with zoom controls (0.25x to 3x)
• Three viewing tabs: Original (native format), Markup (with redaction overlays), and Text (extracted plain text with search highlighting)
• Metadata panel — document properties, email headers, file hashes, and processing info
• Decisions panel — set relevance, hot-document flag, comments, and custom decision fields
• Family panel — view parent/child relationships (e.g. email and attachments)
• Chat panel — ask questions about the document using AI
• Navigation — previous/next buttons with keyboard shortcuts for rapid sequential review

Dezcry includes purpose-built viewers for every supported file type, rendering documents directly in the browser without requiring any plugins or downloads:

The metadata panel displays all extracted properties for the current document. For email files, this includes:

• From, To, CC, BCC addresses
• Subject line
• Date sent and date received
• Message-ID and conversation threading references
• Attachment count and list

For all documents, the metadata panel shows:

• File size, MIME type, and document type
• MD5 and SHA-256 hashes (for integrity verification)
• Created and modified dates
• Author (when available from document properties)
• Source folder path from the original container
• OCR status and AI summary (when available)
• Processing status and any error messages

The decisions panel is where reviewers record their assessments. Every decision is timestamped and logged in the audit trail. Available fields:

• Relevance — mark the document as Responsive, Non-Responsive, or other custom values
• Hot Document — flag important or significant documents for attention
• Decision Comment — free-text annotation explaining the reviewer's reasoning
• Custom Decision Fields — any additional fields configured at the matter level (single-select, multi-select, or free text)

Documents extracted from container files (emails with attachments, ZIP archives) are automatically grouped into families. A family consists of a parent document (e.g. an email) and its child documents (e.g. attachments).

The family panel in the document viewer shows all related documents, allowing reviewers to quickly navigate between a parent email and its attachments. Family relationships are preserved throughout all workflows — search results can include family expansion, and exports can group family members together.

Documents can be tagged with relevance codes and custom decision field values. Tags are set through the decisions panel in the document viewer or via bulk actions on the document list. All tagging actions are logged in the audit trail with the reviewer's identity and timestamp.

Every document ingested into a matter has a rich set of metadata fields automatically extracted during processing. Dezcry captures over 60 metadata fields per document — covering everything from basic file properties and email headers to AI-generated summaries and reviewer decisions. These fields are available for filtering, sorting, column display, search, and export throughout the platform.

Metadata is extracted at the point of ingestion with no manual effort required. For email files, Dezcry parses all standard headers including threading references. For Office documents and PDFs, embedded properties such as author, title, and creation date are captured. For images, EXIF data including camera make, GPS coordinates, and timestamps is preserved. All dates are normalised to UTC for consistent cross-timezone analysis.

These fields are present on every document regardless of file type. They provide the fundamental identifiers, file properties, and processing information needed for document management and chain-of-custody tracking.

Documents extracted from container files — such as emails with attachments, ZIP archives, or nested PST folders — are automatically grouped into families. Family relationships are critical for defensible review: reviewers see each email alongside its attachments, and exports can group family members into the same volume for production.

Email is often the most important data type in eDiscovery. Dezcry extracts a comprehensive set of email metadata from both EML and MSG formats, including messages extracted from PST, OST, and MBOX containers. These fields are stored as first-class database columns for efficient filtering, sorting, and field-specific search (e.g. from:john@acme.com).

These fields are computed by Dezcry's email threading engine during ingestion. Threading groups related messages into conversation trees and identifies which messages areinclusive (containing unique content a reviewer must see) versus non-inclusive (redundant messages whose content is fully captured by a later reply). This can reduce the review set by 40–60% in email-heavy matters, directly lowering review time and AI processing costs.

Dezcry automatically detects documents that contain no extractable text — such as scanned PDFs, photographs of documents, and image files — and flags them for OCR (Optical Character Recognition). Once OCR is run, the extracted text becomes fully searchable and available for AI processing.

When global deduplication is enabled during upload, Dezcry identifies byte-for-byte identical files across the entire matter using hash matching. The first instance is retained as the master document and subsequent copies are flagged as duplicates. Deduplication is applied at the top level — meaning entire families (email + attachments) are deduplicated as a unit, preserving family integrity. See the Deduplication section for full details.

NIST filtering (also known as "de-NISTing") removes known system files, operating system components, and application runtime files from the review set by matching file hashes against the NIST National Software Reference Library (NSRL). This is a standard eDiscovery practice that eliminates files that are never relevant to review — such as Windows DLLs, Office templates, and browser cache files — often removing 10–30% of a dataset before review begins.

Dezcry performs detailed analysis of every file during ingestion to detect encryption, corruption, and file-type mismatches. These fields provide a complete picture of each document's integrity status — essential for eDiscovery exception reporting and ensuring no documents are silently missed during processing.

In any eDiscovery matter, a percentage of documents will encounter processing issues. Dezcry categorises every exception with a type and action, providing the structured data needed for defensible exception reporting. These fields are included in exports and processing batch reports so that legal teams have a complete record of what was — and was not — successfully processed.

Dezcry uses AI to automatically generate document summaries, apply redactions, and produce document previews. These fields track the status and outputs of each AI-powered workflow, allowing reviewers to quickly see which documents have been summarised, redacted, or are still awaiting processing.

These fields are set by reviewers during document review through the Decisions Panel in the document viewer, or via bulk actions on the document list. Every change to these fields is timestamped, attributed to the reviewer, and logged in the audit trail for full defensibility. Optimistic locking prevents conflicting edits when multiple reviewers work on the same matter simultaneously.

In addition to the first-class fields above, each document contains an extended metadata object with format-specific properties organised by namespace. These fields capture the full depth of information embedded within each file type — from PDF authoring tools to image EXIF geolocation data to email authentication results. Extended metadata is viewable in the metadata panel and included in exports.

Dezcry provides eDiscovery-grade keyword search powered by Elasticsearch, delivering capabilities equivalent to dtSearch at scale. The search engine supports millions of documents with sub-second query response times.

Search is available from the main document list via the search bar. Results are ranked by relevance with hit highlighting, and all searches return exact counts (never approximate). Search results can be filtered further using column filters and saved for reuse.

The following fields are indexed and searchable:

• Full document text content
• Filename and file path
• Email fields: subject, from, to, cc, bcc
• Author, custodian, document type, MIME type
• MD5 and SHA-256 hashes
• Tags, dates (created, modified, sent, received)

Dezcry supports the full range of eDiscovery search syntax:

Search Term Reports allow you to define a set of keywords and run them against a scope of documents to measure hit rates. This is commonly used for:

• Validating keyword lists before full review
• Measuring the prevalence of specific topics in the collection
• Producing defensible search term hit reports for regulators
• Identifying which custodians or data sources contain relevant material

To create a search term report, navigate to Search Terms within a matter:

1. 1
   Create a report — Give it a name and select the scope (all documents or a saved search).
2. 2
   Add search terms — Enter your keywords one at a time. Each term can be up to 450 characters and supports the full search syntax.
3. 3
   Configure options — Enable "Include family hits" to count documents whose family members match. Enable "Tag hits" to create per-document hit records.
4. 4
   Run the report — Dezcry executes each search term against the scope and records hit counts.

Once a search term report has completed, you can view detailed results:

• Per-term hit counts — number of documents matching each search term (direct and family hits)
• Unique hits — documents that match only this specific term
• Colour-coded highlighting — each term can be assigned a custom highlight colour for visual identification in the document viewer
• Scope summary — total documents in scope, total documents with at least one hit
• Term status — individual status tracking for each term (pending, running, completed, error)

When tag hits is enabled, you can filter the document list to show only documents that matched a specific search term, enabling targeted review of keyword-responsive material. Search term highlights persist in the document viewer text tab, showing matching terms with their assigned colours.

Any combination of search query and column filters can be saved as a named searchfor later reuse. Saved searches are a core building block in Dezcry — they serve as the scope selector for redaction, classification, export, and search term reports.

When a saved search is used as the scope for a job (redaction, classification, or export), the document set is frozen at the time the job starts. This means the job processes the documents that matched at that moment, even if new documents are added to the matter later — providing defensibility and reproducibility.

AI Classification lets you automatically categorise documents using custom decision fieldsdefined by your team. Unlike manual review, AI classification processes entire document sets in minutes, producing predictions with calibrated confidence scores so reviewers can focus their attention on genuinely ambiguous items while high-confidence predictions are applied automatically.

Classification runs on large language models within the same Azure environment as the rest of the platform — no document data leaves your deployment. The system includes confidence debiasing to correct for known LLM overconfidence, a verification pass for borderline predictions using a separate model, and intelligent document chunking for long documents. Every prediction includes a calibrated confidence score and rationale, and all decisions are logged in the audit trail.

Before running a classification job, you define the decision fields that the AI should predict. These are entirely customisable — you define the field names, types, options, and instructions that are specific to your review. Navigate to Classification within a matter to configure fields.

For each field, you provide natural-language instructions that tell the AI exactly how to evaluate documents. The quality of these instructions directly affects classification accuracy. Dezcry provides a real-time quality indicator as you write:

A classification set is a reusable configuration that defines which fields to predict, how the AI should behave, and what confidence thresholds to apply. Classification sets can be run multiple times — for example, after adding new documents to the matter. To create and run a classification:

1. 1
   Select scope — Choose all documents or a saved search to define which documents to classify. The scope is frozen at run time — new documents added later won't be included in this run.
2. 2
   Name the set — Give the classification set a descriptive name for tracking and audit purposes.
3. 3
   Configure fields — Define one or more custom decision fields with types, options, and natural-language AI instructions.
4. 4
   Set thresholds — Configure the auto-accept threshold (default 0.85) and review threshold (default 0.60) to control how predictions are routed.
5. 5
   System prompt (optional) — Provide an optional system-level prompt that applies to all fields — useful for setting overall context like the matter type, jurisdiction, or review protocol.
6. 6
   Optional sampling — For large document sets, configure prevalence sampling to validate classification quality on a subset before committing to a full run.
7. 7
   Review and launch — Review all settings in a summary view and start the classification job.

Confidence Thresholds and Routing

Dezcry uses a three-tier routing system based on calibrated confidence scores to determine how each prediction is handled:

Both thresholds are configurable per classification set, allowing teams to tune the trade-off between automation and human oversight based on the risk profile of the review. A high-stakes privilege review might use a lower auto-accept threshold (0.95) to ensure more human review, while a routine document-type classification might use a higher threshold (0.80) to maximise automation.

Confidence Calibration (Debiasing)

LLMs are known to be systematically overconfident — they tend to report confidence scores of 0.90 or 0.95 even when their actual accuracy is closer to 0.80–0.85. This is particularly problematic in eDiscovery where confidence thresholds drive review decisions.

Dezcry applies empirical confidence debiasing — a calibration layer that adjusts raw LLM confidence scores to better reflect true accuracy. The calibration is:

• Monotonic — higher raw confidence always produces higher calibrated confidence (preserves ranking)
• Deterministic — the same input always produces the same output (defensible in regulatory contexts)
• Conservative — systematically pulls overconfident scores toward empirical accuracy curves

The calibration is based on published research on LLM confidence calibration and fitted to eDiscovery-specific accuracy measurements. It compresses the overconfident tail (0.85–0.99) more aggressively than the well-calibrated low-confidence range (0.05–0.50).

Verification Pass

For predictions that fall in a borderline confidence range (0.35–0.70 by default), Dezcry automatically triggers a verification pass — a second classification attempt using a different model deployment. This functions as a quality control layer:

• The verification pass uses a different prompt persona ("QC reviewer") to challenge the initial classification
• It uses a separate model deployment for model diversity, reducing correlated errors
• If the verification agrees with the first pass, the confidence scores are averaged (typically increasing the final confidence)
• If the verification disagrees, the lower confidence score is used, the verification's classification is adopted, and the result is force-flagged for human review

Document Chunking for Long Documents

Documents that exceed the model's context budget (default: ~112,000 characters) are automatically split into deterministic chunks for processing. Chunking is designed to maintain classification accuracy:

• Sentence-boundary aware — chunks are split at sentence boundaries, never mid-sentence, preserving semantic coherence
• Overlapping — adjacent chunks share ~200 characters of overlap, ensuring context continuity across chunk boundaries
• Deterministic — the same document always produces the same chunks, ensuring reproducible results
• Fallback splitting — if a single sentence exceeds the chunk limit, it falls back to word-boundary splitting with overlap

When a document is chunked, each chunk is classified independently, and results are aggregated using a weighted voting system:

• Each chunk's prediction is weighted by its confidence score
• Chunks that return null (no classifiable content) are excluded from the vote, not counted as evidence
• The winning prediction is determined by total confidence-weighted score, with tie-breaking by peak single-chunk confidence
• A unanimity bonus increases confidence when all chunks agree; disagreement reduces it
• A dissent penalty is applied when any dissenting chunk has high confidence (≥ 0.70), with a note recommending manual review

Classification sets track runs with detailed progress reporting: total documents, documents processed, errors encountered, and token usage for cost attribution. Completed runs automatically create a saved search containing the classified documents for downstream processing.

Classification runs support parallel processing — multiple documents are classified concurrently (default: 6 simultaneous LLM calls) to maximise throughput while staying within AI rate limits. Runs can be cancelled at any time, and cancellation takes effect cleanly after the current document finishes processing.

The classification progress view shows real-time processing with a live console, document-by-document results including confidence scores, and estimated time remaining. You can continue working while classification runs in the background.

After a classification run completes, reviewers can examine the results. Each document receives a result for every configured field, containing:

Reviewers can take the following actions on any prediction:

• Approve — accept the AI's prediction as the final decision for this document and field
• Correct — override the AI's prediction with a different value chosen by the reviewer. The correction is logged alongside the original AI prediction for audit purposes.
• Reject — dismiss the prediction entirely, leaving the field uncoded for this document

All review actions are logged in the audit trail with the reviewer's identity, timestamp, the original AI prediction, and the reviewer's decision. This provides a defensible record of how every classification decision was made — whether by AI with human approval, by human correction of an AI suggestion, or by purely manual coding.

Prevalence Sampling

For large document sets, Dezcry supports prevalence sampling — classifying a statistically representative subset of documents before committing to a full run. This allows teams to:

• Validate that the classification instructions produce accurate results before processing the full set
• Estimate the prevalence of each category in the collection (e.g. "approximately 30% of documents are responsive")
• Calculate precision and recall metrics by comparing AI predictions against manual coding on the sample
• Refine instructions based on sample results before running the full classification

Sampling results are stored as ClassificationSample records, preserving both the AI prediction and the human-coded ground truth for quality measurement and defensibility.

AI Redaction is Dezcry's flagship feature — a 5-layer detection pipeline that identifies personal data, sensitive content, and legally privileged material for redaction. The system is designed as a reviewer aid, not an autonomous tool: every AI suggestion is reviewable, editable, and logged before it is applied.

Redaction runs on large language models within the same Azure environment. No document data is sent to any third-party service. The pipeline combines deterministic pattern matching with LLM analysis and cross-document entity resolution for comprehensive coverage.

Dezcry supports three redaction protocols, each tailored to a different use case:

When creating a redaction set, you select which entity categories the AI should detect. Each category has a distinct colour for visual identification in the review interface:

Sensitive categories — health information, sexual orientation,political opinions, and auth credentials — use a lower default auto-apply confidence threshold (0.70) to ensure more conservative handling.

Dezcry processes each document through a 5-layer redaction pipeline, combining multiple detection methods for comprehensive coverage:

After a redaction set completes processing, navigate to the Review page to examine and approve the AI's suggestions. The review queue presents each detected entity with:

• Original text — the exact text the AI identified for redaction
• Model category — the entity type (names, emails, etc.) with colour-coded badge
• Source layer — which pipeline layer detected it (L1, L2, L3, L4)
• Confidence score — how certain the AI is that this is a genuine entity
• Verification status — confirmed, rejected, upgraded, or new (from L3)
• Page location — the page number and pixel coordinates within the document

Reviewers can filter the queue by layer, model category, and confidence threshold. For each entry, reviewers can:

• Approve — accept the redaction and apply it to the document
• Reject — dismiss the suggestion as a false positive
• Flag for review — escalate to a senior reviewer for a second opinion

The review queue paginates at 100 entries per page. All review decisions are logged in the audit trail with the reviewer's identity, timestamp, and action taken.

In addition to AI-assisted redaction, reviewers can manually draw redaction boxes on any document using the markup viewer. Manual redactions are applied directly to the document's markup images and are tracked alongside AI redactions in the audit trail.

For spreadsheet documents, Dezcry provides a specialised spreadsheet markup viewer that allows cell-level redaction — reviewers can select individual cells or ranges to redact.

Dezcry automatically generates LLM-powered summaries for every document in a matter. Summaries are 1–2 sentence overviews that give reviewers quick context to assess relevance, decide on inclusion or exclusion, and move through large review sets faster.

Summaries are generated by a dedicated language model running on GPU infrastructure within the same Azure environment. No document data is sent to third-party services. Summaries are generated in the background and are available alongside the document in the metadata panel.

• Summaries are generated automatically on upload and during background backfill
• The summary language is configurable per matter (English, German, French, Spanish, etc.)
• Summaries are searchable and appear in the document metadata panel
• Administrators can trigger summary regeneration for any document or batch

The Document Chat panel provides conversational AI for asking questions about documents. Available from the document viewer, chat uses Retrieval-Augmented Generation (RAG) to find relevant content and generate accurate answers with source citations.

How it works:

1. 1
   Ask a question — Type a natural-language question in the chat panel (e.g. "What are the key dates mentioned in this document?")
2. 2
   Hybrid search — Dezcry searches for relevant content using both keyword search (Elasticsearch) and semantic search (vector embeddings), combining results via Reciprocal Rank Fusion.
3. 3
   AI generates answer — The LLM reads the relevant document chunks and generates a response with inline citations referencing specific documents.
4. 4
   Source verification — Each response includes clickable source document references (e.g. [DOC-00028]) so reviewers can verify the AI's answer.

AI OCR (Optical Character Recognition) extracts searchable text from image-based documents — scanned PDFs, photographs, screenshots, and other image files that don't contain embedded text. Dezcry uses the Azure Computer Vision Read API for high-accuracy text extraction.

OCR can be enabled automatically during upload (as a processing option) or run manually on specific documents or batches after ingestion.

Navigate to the AI OCR page within a matter to manage OCR jobs:

1. 1
   Create a job — Select the scope — all documents or a saved search — and start the OCR job.
2. 2
   Processing — Dezcry sends each image document to the Azure Computer Vision API for text extraction. Progress is tracked in real-time with 4-second polling intervals.
3. 3
   Results — Extracted text is stored in the document record and immediately becomes searchable. Per-document results include pages extracted, characters extracted, confidence scores, and processing duration.

OCR job results track each document individually, reporting:

• Pages and characters extracted per document
• Per-document status (completed, failed, skipped)
• Error messages for failed documents
• Processing duration per document

Jobs can be cancelled while running or queued. The AI OCR dashboard shows aggregate metrics: total jobs, completed jobs, active jobs, and total documents processed.

The Password Bank stores passwords and credentials for encrypted documents within a matter. When Dezcry encounters password-protected files during ingestion (encrypted PDFs, password-protected ZIPs, protected Office documents, encrypted PST files), it attempts to decrypt them using passwords from the Password Bank.

Navigate to the Password Bank page within a matter to manage credentials:

• Add passwords — enter passwords with optional labels and tags for organisation
• Labels — human-readable hints to identify what the password is for (the label is visible, the password itself is hidden)
• Tags — categorise passwords (e.g. "client", "custodian-smith", "batch-3")
• Usage tracking — each password tracks when it was last used and how many times it has been applied
• Edit and delete — update or remove passwords with confirmation dialogs

Passwords are reusable across all uploads within the matter. When new documents are uploaded, all passwords in the bank are tried against any encrypted files. The upload summary reports how many files were successfully decrypted and how many failed decryption.

Dezcry's Export system produces disclosure-ready output packages with Bates numbering, metadata load files, burned redactions, and full decision history. Exports are configured through a multi-step wizard and can be re-run with updated settings.

Two export types are supported:

• Production — formal disclosure packages with Bates numbering, branded headers/footers, and structured volume organisation. Used for regulatory submissions and formal DSAR responses.
• Review — simpler packages for internal review or transfer to external counsel, without production-level numbering requirements.

The export wizard guides you through a 6-step configuration process:

1. 1
   Scope — Select which documents to export — all documents in the matter or a saved search.
2. 2
   Name & Type — Name the export set and choose Production or Review type.
3. 3
   Output Components — Select which output types to include: metadata load file, natives, images, text files, and/or PDFs.
4. 4
   Numbering & Branding — Configure Bates numbering (prefix, suffix, start number, padding) and optional header/footer branding.
5. 5
   Load File & Volumes — Configure the metadata load file format, encoding, date formats, and volume organisation settings.
6. 6
   Review & Run — Review all settings in a summary view and launch the export.

Export scope defines which documents are included in the output package. You can choose:

• All documents — exports every document in the matter
• Saved search — exports only documents matching a previously saved search query and filters

The wizard displays a document count for the selected scope so you can verify the volume before proceeding. The scope is frozen at run time — new documents added to the matter after the export starts will not be included.

Select which output types to include in the export package:

Production exports support Bates-style document numbering:

Optional branding adds headers and footers to PDF output:

• Header and footer with left, centre, and right sections
• Template tokens: {BatesNumber}, {PageX}, {PageY}
• Default footer: "CONFIDENTIAL"

Load file settings control the metadata output format:

Volume settings control the physical organisation of the export package:

Once an export run completes, the output package is available for download. The export page shows:

• Run status — running, completed, failed, or cancelled
• Progress — documents processed vs. total
• Output size — total size of the generated package
• Duration — time taken to generate the export
• Error and warning counts — per-document issues encountered
• Settings snapshot — the exact configuration used for this run

Redaction integration allows you to burn redactions into the export output. Select a completed redaction set and choose the placeholder mode:

• None — no redaction placeholders (redacted areas are simply blacked out)
• Brackets — redacted text replaced with category labels in brackets
• Redaction block — solid black boxes over redacted content

All export actions — creation, run start, download — are logged in the audit trail.

Every significant action in Dezcry is recorded in an immutable audit log, providing a defensible trail for regulators, legal review, and internal governance. The audit log captures:

Each audit entry includes: the action type, target (which document, set, or resource was affected),user identity (who performed it), timestamp, and details (rich context including file names, counts, old/new values). The audit log is filterable by action type, target type, user, and date range, with pagination at 50 entries per page.

Matter-level audit is accessible from the Audit page within each matter. System-wide audit is available to administrators from the Admin section.

The Reporting page provides analytics dashboards with visualisations across eight tabs:

Dashboards include KPI cards, bar charts, line charts, pie charts, and area charts. Reports can be exported as PDF with embedded charts, matter information headers, and generation timestamps.

The Billing page shows storage usage and costs for each matter. Storage is broken down into seven categories:

The billing dashboard shows current usage (total GB and projected monthly cost), storage breakdown by category, usage history over time, and invoice details. Pricing is per-GB with regional variations and volume tier discounts.

The Admin page (accessible to admin and super_admin roles) provides a central interface for managing all users in the organisation. The user list shows:

• Email address and full name
• Assigned role
• Account status (active, inactive, pending, invited, locked, deactivated)
• 2FA/MFA enablement status
• Last login date
• Number of matter assignments

Administrators can search by email or name, and filter by status or role. Available actions include creating users, editing details, changing roles, sending invitations, resetting passwords, and activating or deactivating accounts.

Dezcry uses a hierarchical role-based access control (RBAC) system with four roles. Roles are hierarchical — each role inherits all permissions from the roles below it. Access is enforced at two levels: role-level (what actions a user can perform across the platform) and matter-level (which specific matters a user can access).

Role Hierarchy

Detailed Permission Matrix

The following table shows the minimum role required for each action in the platform. Higher roles automatically inherit all permissions from lower roles.

Matter-Level Access Control

Access to individual matters is controlled separately from role permissions:

• Super Admin and Admin roles have implicit access to every matter in the tenant. They do not need to be explicitly assigned — they can see and manage all matters automatically.
• Reviewer and Read Only roles require explicit assignment to each matter. An administrator must grant access by assigning the user to the matter. Until assigned, the matter is completely invisible to the user — it does not appear in their matter list and cannot be accessed via direct URL.

This two-level model enables organisations to enforce segregation of duties andneed-to-know access. For example, a reviewer handling HR DSARs can be restricted to only HR-related matters, while a different reviewer handles customer DSARs — even though both have the same role, they see entirely different matter sets.

Tenant Isolation

All access controls operate within a tenant boundary. Every database query is scoped to the authenticated user's tenant, and every matter-level operation verifies that the matter belongs to the same tenant. Cross-tenant access is architecturally impossible — there is no mechanism in the application layer to access another organisation's data, even with a Super Admin role.

Document-Level Access

Access to individual documents follows the matter access model. If a user has access to a matter, they can see all documents within that matter (subject to their role permissions for viewing vs. editing). There is no per-document access restriction — access is controlled at the matter level, which is the standard approach in eDiscovery and DSAR review workflows where reviewers need to see the full context of a matter to make defensible decisions.

Administrators invite new users by providing their email address, name, and assigned role. The invitee receives an email with a single-use invitation link that guides them through:

1. 1
   Set password — Create a strong password (minimum 12 characters, must include uppercase, lowercase, and a number).
2. 2
   Configure 2FA — Scan a QR code with an authenticator app (Google Authenticator, Authy, etc.) and enter the verification code.
3. 3
   Complete setup — Account is activated and the user can sign in.

Invitation links are single-use and have an expiration date. The invitation tracks who created it, when it was used, and the IP address of the accepting user.

The Admin Dashboard provides tenant-wide analytics and operational oversight:

• Users overview — total, active, locked, invited users; 2FA adoption rate; role distribution; currently online users
• Matters overview — total matters; status distribution (open/closed/archived); type distribution; document count and storage per matter
• Documents overview — total document count; total storage; status distribution; encrypted, corrupt, and duplicate counts
• Processing status — recent upload batches; active classification, redaction, and export runs
• Storage breakdown — detailed storage usage by category across all matters
• Recent audit activity — latest system-wide audit entries

The System Audit page in the Admin section provides a tenant-wide view of all audit log entries across all matters. This allows administrators to monitor platform-wide activity, investigate security events, and produce compliance reports. The same filtering and search capabilities from the matter-level audit are available at the system level.

Dezcry is hosted entirely on Microsoft Azure, using Azure Container Apps, Azure PostgreSQL, and Azure Storage. All infrastructure runs within a single resource group with network-level isolation. The GPU worker service that handles AI inference runs on internal-only ingress and is not accessible from the public internet.

The platform operates a logically isolated multi-tenant architecture. Each organisation's data — documents, metadata, reviewer decisions, and audit logs — is segregated at the application and database level. Uploaded files are stored in organisation-scoped storage paths. Cross-tenant data access is not possible through the application layer.

All data is encrypted in transit using TLS 1.2+ for all connections between services, storage, and the database. Data is encrypted at rest using Azure-managed encryption keys via Azure Storage Service Encryption and Azure Database encryption. Uploaded files, processed outputs, and database records are all covered.

Dezcry supports regional data residency — each matter can be hosted in a specific Azure region to meet local data protection requirements:

• Australia East — default region
• Switzerland North — for Swiss data protection requirements
• Germany — for German/EU data residency
• United Kingdom — for UK data protection requirements

AI models are deployed regionally — Australian data uses Australian AI endpoints, Swiss data uses Swiss endpoints, and so on. Enterprise customers can discuss deployment in additional regions or dedicated/on-premises environments.

Dezcry runs its own AI models for redaction, classification, and summarisation. No document data is sent to third-party AI services. All AI inference happens within the same Azure environment as the rest of the platform:

• Classification and redaction use large language models deployed within the Azure environment
• Chat and summaries use a dedicated language model running on GPU infrastructure
• Embeddings are generated on CPU within the same container environment

AI-assisted redaction is designed as a reviewer aid, not an autonomous system. The AI surfaces likely sensitive content for human review. Reviewers approve, reject, or edit every suggestion before it is applied. All AI-generated suggestions and reviewer decisions are logged in the audit trail.

Customer data is never used to train or fine-tune models shared across tenants.