diff --git a/src/app/(dashboard)/reports/page.tsx b/src/app/(dashboard)/reports/page.tsx
index a59e15d..d4cc9d1 100644
--- a/src/app/(dashboard)/reports/page.tsx
+++ b/src/app/(dashboard)/reports/page.tsx
@@ -1,6 +1,11 @@
 import { auth } from "@/auth"
+import { prisma } from "@/lib/prisma"
 import { getReportData } from "@/lib/reports"
+import { parseReportFilters, filtersToQuery } from "@/lib/reports/filters"
+import { PRESET_DATA_TYPES } from "@/lib/dataTypes"
 import { ReportToolbar } from "@/components/reports/ReportToolbar"
+import { ReportFilterBar } from "@/components/reports/ReportFilterBar"
+import { ReportCanvas, type ReportSectionEntry } from "@/components/reports/ReportCanvas"
 import { KeyFindingsSection } from "@/components/reports/KeyFindingsSection"
 import { ExposureSection } from "@/components/reports/ExposureSection"
 import { DataTypeSection } from "@/components/reports/DataTypeSection"
@@ -10,19 +15,46 @@ import { EmployeeSection } from "@/components/reports/EmployeeSection"
 import { ComplianceSection } from "@/components/reports/ComplianceSection"
 
 function formatGeneratedAt(iso: string): string {
-  return new Date(iso).toLocaleString("en-US", {
-    dateStyle: "long",
-    timeStyle: "short",
-  })
+  return new Date(iso).toLocaleString("en-US", { dateStyle: "long", timeStyle: "short" })
 }
 
-export default async function ReportsPage() {
+type SearchParams = Record<string, string | string[] | undefined>
+
+export default async function ReportsPage({ searchParams }: { searchParams: Promise<SearchParams> }) {
   const session = await auth()
-  const data = await getReportData(session!.user.companyId)
+  const companyId = session!.user.companyId
+
+  const sp = await searchParams
+  const params = new URLSearchParams()
+  for (const [k, v] of Object.entries(sp)) {
+    if (typeof v === "string") params.set(k, v)
+  }
+  const filters = parseReportFilters(params)
+  const filterQuery = filtersToQuery(filters)
+
+  const [data, deptGroups] = await Promise.all([
+    getReportData(companyId, filters),
+    prisma.employee.groupBy({ by: ["department"], where: { companyId } }),
+  ])
+
+  const departments = [
+    ...deptGroups.map((d) => d.department).filter((d): d is string => d !== null).sort(),
+    ...(deptGroups.some((d) => d.department === null) ? ["Unknown"] : []),
+  ]
   const companyName = session!.user.name ?? ""
 
+  const sections: ReportSectionEntry[] = [
+    { id: "findings", title: "Key Findings", defaultSpan: 12, content: <KeyFindingsSection findings={data.findings} /> },
+    { id: "exposure", title: "Exposure", defaultSpan: 12, content: <ExposureSection data={data.exposure} /> },
+    { id: "datatypes", title: "Data Types", defaultSpan: 6, content: <DataTypeSection rows={data.dataTypes} /> },
+    { id: "departments", title: "Departments", defaultSpan: 6, content: <DepartmentSection rows={data.departments} /> },
+    { id: "trends", title: "Trends", defaultSpan: 12, content: <TrendsSection data={data.trends} /> },
+    { id: "employees", title: "Employees", defaultSpan: 12, content: <EmployeeSection rows={data.employees} /> },
+    { id: "compliance", title: "Compliance", defaultSpan: 12, content: <ComplianceSection data={data.compliance} /> },
+  ]
+
   return (
-    <div id="report-root" className="h-full overflow-y-auto p-6">
+    <div id="report-root" className="flex h-full flex-col overflow-y-auto p-6">
       <div className="mb-6 hidden print:block">
         <h1 className="text-xl font-semibold text-foreground">DataShield Security Report</h1>
         <p className="text-sm text-muted-foreground">
@@ -30,24 +62,26 @@ export default async function ReportsPage() {
         </p>
       </div>
 
-      <div className="mb-6 flex items-start justify-between gap-4 print:hidden">
+      <div className="no-print mb-4 flex items-start justify-between gap-4">
         <div>
           <h2 className="text-lg font-semibold text-foreground">Reports</h2>
-          <p className="text-sm text-muted-foreground">
-            Exposure, employees, trends and compliance overview
-          </p>
+          <p className="text-sm text-muted-foreground">Exposure, employees, trends and compliance overview</p>
         </div>
-        <ReportToolbar generatedAt={data.generatedAt} />
+        <ReportToolbar generatedAt={data.generatedAt} filterQuery={filterQuery} />
+      </div>
+
+      <div className="no-print mb-4">
+        <ReportFilterBar filters={filters} departments={departments} dataTypes={PRESET_DATA_TYPES.map((t) => ({ key: t.key, label: t.label }))} />
       </div>
 
-      <div className="space-y-6">
-        <KeyFindingsSection findings={data.findings} />
-        <ExposureSection data={data.exposure} />
-        <DataTypeSection rows={data.dataTypes} />
-        <DepartmentSection rows={data.departments} />
-        <TrendsSection data={data.trends} />
-        <EmployeeSection rows={data.employees} />
-        <ComplianceSection data={data.compliance} />
+      {/* Interactive grid (screen) */}
+      <ReportCanvas sections={sections} />
+
+      {/* Print-only stacked layout */}
+      <div className="hidden space-y-6 print:block">
+        {sections.map((s) => (
+          <div key={s.id}>{s.content}</div>
+        ))}
       </div>
     </div>
   )
diff --git a/src/app/api/reports/export/route.ts b/src/app/api/reports/export/route.ts
index 9be8b77..08220e4 100644
--- a/src/app/api/reports/export/route.ts
+++ b/src/app/api/reports/export/route.ts
@@ -1,5 +1,6 @@
 import { requireAuth } from "@/lib/apiAuth"
 import { getReportData } from "@/lib/reports"
+import { parseReportFilters } from "@/lib/reports/filters"
 import { reportCsv, type CsvSection } from "@/lib/reports/csv"
 
 const SECTIONS: CsvSection[] = [
@@ -20,10 +21,12 @@ export async function GET(request: Request): Promise<Response> {
   const { session, error } = await requireAuth()
   if (error) return error
 
-  const section = new URL(request.url).searchParams.get("section") ?? "all"
+  const sp = new URL(request.url).searchParams
+  const section = sp.get("section") ?? "all"
   if (!isSection(section)) return new Response("Invalid section", { status: 400 })
 
-  const data = await getReportData(session.user.companyId)
+  const filters = parseReportFilters(sp)
+  const data = await getReportData(session.user.companyId, filters)
   const csv = reportCsv(section, data)
 
   return new Response(csv, {
diff --git a/src/components/reports/ReportCanvas.tsx b/src/components/reports/ReportCanvas.tsx
new file mode 100644
index 0000000..99f21b0
--- /dev/null
+++ b/src/components/reports/ReportCanvas.tsx
@@ -0,0 +1,298 @@
+"use client"
+
+import { useState, useCallback, useEffect, useRef, type ReactNode } from "react"
+import {
+  DndContext,
+  DragOverlay,
+  closestCenter,
+  PointerSensor,
+  useSensor,
+  useSensors,
+  type DragEndEvent,
+  type DragStartEvent,
+} from "@dnd-kit/core"
+import {
+  SortableContext,
+  rectSortingStrategy,
+  useSortable,
+  arrayMove,
+} from "@dnd-kit/sortable"
+import { CSS } from "@dnd-kit/utilities"
+import { Settings2, Check, GripVertical, Eye, EyeOff, RotateCcw } from "lucide-react"
+import { Button } from "@/components/ui/button"
+import { cn } from "@/lib/utils"
+
+const STORAGE_KEY = "datashield:reports:layout:v2"
+
+export type Span = 4 | 6 | 12
+
+export type ReportSectionEntry = {
+  id: string
+  title: string
+  content: ReactNode
+  defaultSpan?: Span
+}
+
+type Saved = { order: string[]; spans: Record<string, Span>; hidden: string[] }
+
+const SPAN_CLASS: Record<Span, string> = {
+  4: "col-span-12 md:col-span-4",
+  6: "col-span-12 md:col-span-6",
+  12: "col-span-12",
+}
+
+const SPAN_OPTIONS: { value: Span; label: string }[] = [
+  { value: 4, label: "1/3" },
+  { value: 6, label: "1/2" },
+  { value: 12, label: "Full" },
+]
+
+function SortableSection({
+  section,
+  span,
+  editing,
+  onSpan,
+}: {
+  section: ReportSectionEntry
+  span: Span
+  editing: boolean
+  onSpan: (span: Span) => void
+}) {
+  const { attributes, listeners, setNodeRef, setActivatorNodeRef, transform, transition, isDragging } =
+    useSortable({ id: section.id, disabled: !editing })
+
+  return (
+    <div
+      ref={setNodeRef}
+      data-section-id={section.id}
+      style={{ transform: CSS.Transform.toString(transform), transition }}
+      className={cn(
+        SPAN_CLASS[span],
+        "relative",
+        isDragging && "opacity-0",
+        editing && "rounded-xl outline outline-2 outline-primary/30",
+      )}
+    >
+      {editing && (
+        <div className="absolute right-2 top-2 z-30 flex items-center gap-1">
+          <div className="flex items-center overflow-hidden rounded-md border border-border bg-card/95 shadow-sm backdrop-blur-sm">
+            {SPAN_OPTIONS.map((o) => (
+              <button
+                key={o.value}
+                type="button"
+                onClick={() => onSpan(o.value)}
+                className={cn(
+                  "px-2 py-1 text-[10px] font-medium transition-colors",
+                  span === o.value ? "bg-primary text-primary-foreground" : "text-muted-foreground hover:bg-muted",
+                )}
+                title={`Width: ${o.label}`}
+              >
+                {o.label}
+              </button>
+            ))}
+          </div>
+          <button
+            ref={setActivatorNodeRef}
+            type="button"
+            {...attributes}
+            {...listeners}
+            className="flex cursor-grab items-center gap-1 rounded-md border border-primary/40 bg-card/95 px-2 py-1 text-[10px] font-medium text-muted-foreground shadow-sm backdrop-blur-sm transition-colors hover:text-foreground active:cursor-grabbing"
+            title="Drag to reorder"
+          >
+            <GripVertical className="size-3" />
+            Move
+          </button>
+        </div>
+      )}
+      {section.content}
+    </div>
+  )
+}
+
+export function ReportCanvas({ sections }: { sections: ReportSectionEntry[] }) {
+  const [editing, setEditing] = useState(false)
+  const [order, setOrder] = useState<string[]>(() => sections.map((s) => s.id))
+  const [spans, setSpans] = useState<Record<string, Span>>(
+    () => Object.fromEntries(sections.map((s) => [s.id, s.defaultSpan ?? 12])),
+  )
+  const [hidden, setHidden] = useState<string[]>([])
+  const [sectionsMenuOpen, setSectionsMenuOpen] = useState(false)
+  const [activeId, setActiveId] = useState<string | null>(null)
+  const [overlayW, setOverlayW] = useState<number>()
+  const menuRef = useRef<HTMLDivElement>(null)
+  const gridRef = useRef<HTMLDivElement>(null)
+
+  const sensors = useSensors(useSensor(PointerSensor, { activationConstraint: { distance: 4 } }))
+
+  // Hydrate from localStorage after mount (avoids SSR mismatch).
+  useEffect(() => {
+    try {
+      const raw = localStorage.getItem(STORAGE_KEY)
+      if (!raw) return
+      const saved: Saved = JSON.parse(raw)
+      const ids = new Set(sections.map((s) => s.id))
+      const savedOrder = (saved.order ?? []).filter((id) => ids.has(id))
+      const missing = sections.map((s) => s.id).filter((id) => !savedOrder.includes(id))
+      setOrder([...savedOrder, ...missing])
+      setSpans((prev) => ({ ...prev, ...saved.spans }))
+      setHidden((saved.hidden ?? []).filter((id) => ids.has(id)))
+    } catch {
+      /* ignore corrupt storage */
+    }
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+  }, [])
+
+  useEffect(() => {
+    if (!sectionsMenuOpen) return
+    const handler = (e: MouseEvent) => {
+      if (!menuRef.current?.contains(e.target as Node)) setSectionsMenuOpen(false)
+    }
+    document.addEventListener("mousedown", handler)
+    return () => document.removeEventListener("mousedown", handler)
+  }, [sectionsMenuOpen])
+
+  const persist = useCallback((next: Partial<Saved>) => {
+    try {
+      const cur: Saved = { order, spans, hidden, ...next }
+      localStorage.setItem(STORAGE_KEY, JSON.stringify(cur))
+    } catch {
+      /* storage unavailable */
+    }
+  }, [order, spans, hidden])
+
+  const byId = new Map(sections.map((s) => [s.id, s]))
+  const visibleOrder = order.filter((id) => !hidden.includes(id))
+
+  const onDragStart = (e: DragStartEvent) => {
+    setActiveId(e.active.id as string)
+    const el = gridRef.current?.querySelector(`[data-section-id="${e.active.id}"]`)
+    setOverlayW(el?.getBoundingClientRect().width)
+  }
+
+  const onDragEnd = (e: DragEndEvent) => {
+    setActiveId(null)
+    const { active, over } = e
+    if (!over || active.id === over.id) return
+    setOrder((prev) => {
+      const next = arrayMove(prev, prev.indexOf(active.id as string), prev.indexOf(over.id as string))
+      persist({ order: next })
+      return next
+    })
+  }
+
+  const setSpan = (id: string, span: Span) => {
+    setSpans((prev) => {
+      const next = { ...prev, [id]: span }
+      persist({ spans: next })
+      return next
+    })
+  }
+
+  const toggleHidden = (id: string) => {
+    setHidden((prev) => {
+      const next = prev.includes(id) ? prev.filter((h) => h !== id) : [...prev, id]
+      persist({ hidden: next })
+      return next
+    })
+  }
+
+  const reset = () => {
+    const o = sections.map((s) => s.id)
+    const sp = Object.fromEntries(sections.map((s) => [s.id, s.defaultSpan ?? 12])) as Record<string, Span>
+    setOrder(o)
+    setSpans(sp)
+    setHidden([])
+    persist({ order: o, spans: sp, hidden: [] })
+  }
+
+  return (
+    <div className="flex flex-col">
+      {/* Toolbar */}
+      <div className="no-print mb-3 flex shrink-0 items-center justify-end gap-2">
+        {editing && (
+          <>
+            <p className="mr-auto text-xs text-muted-foreground">Drag to reorder, set width, toggle sections</p>
+            <div ref={menuRef} className="relative">
+              <button
+                onClick={() => setSectionsMenuOpen((o) => !o)}
+                className="flex h-8 items-center gap-1.5 rounded-md border border-border px-3 text-xs font-medium text-muted-foreground transition-colors hover:bg-muted hover:text-foreground"
+              >
+                <Eye className="size-3.5" />
+                Sections
+              </button>
+              {sectionsMenuOpen && (
+                <div className="absolute right-0 top-full z-50 mt-1 min-w-[200px] rounded-md border border-border bg-popover p-1 shadow-md">
+                  {sections.map((s) => {
+                    const isHidden = hidden.includes(s.id)
+                    return (
+                      <button
+                        key={s.id}
+                        onClick={() => toggleHidden(s.id)}
+                        className="flex w-full items-center gap-2 rounded-sm px-2.5 py-1.5 text-xs hover:bg-muted"
+                      >
+                        {isHidden ? <EyeOff className="size-3.5 text-muted-foreground" /> : <Eye className="size-3.5 text-primary" />}
+                        <span className={cn(isHidden && "text-muted-foreground")}>{s.title}</span>
+                      </button>
+                    )
+                  })}
+                </div>
+              )}
+            </div>
+            <button
+              onClick={reset}
+              className="flex h-8 items-center gap-1.5 rounded-md border border-border px-3 text-xs font-medium text-muted-foreground transition-colors hover:bg-muted hover:text-foreground"
+            >
+              <RotateCcw className="size-3.5" />
+              Reset
+            </button>
+          </>
+        )}
+        {editing ? (
+          <Button size="sm" onClick={() => setEditing(false)} className="gap-1.5">
+            <Check className="size-3.5" />
+            Done
+          </Button>
+        ) : (
+          <Button variant="outline" size="sm" onClick={() => setEditing(true)} className="gap-1.5">
+            <Settings2 className="size-3.5" />
+            Customize
+          </Button>
+        )}
+      </div>
+
+      {/* Flow grid (screen) */}
+      <DndContext
+        sensors={sensors}
+        collisionDetection={closestCenter}
+        onDragStart={onDragStart}
+        onDragEnd={onDragEnd}
+        onDragCancel={() => setActiveId(null)}
+      >
+        <SortableContext items={visibleOrder} strategy={rectSortingStrategy}>
+          <div ref={gridRef} className="no-print grid grid-cols-12 items-start gap-4">
+            {visibleOrder.map((id) => {
+              const section = byId.get(id)
+              if (!section) return null
+              return (
+                <SortableSection
+                  key={id}
+                  section={section}
+                  span={spans[id] ?? section.defaultSpan ?? 12}
+                  editing={editing}
+                  onSpan={(span) => setSpan(id, span)}
+                />
+              )
+            })}
+          </div>
+        </SortableContext>
+        <DragOverlay>
+          {activeId ? (
+            <div style={{ width: overlayW }} className="rounded-xl outline outline-2 outline-primary/50">
+              {byId.get(activeId)?.content}
+            </div>
+          ) : null}
+        </DragOverlay>
+      </DndContext>
+    </div>
+  )
+}
diff --git a/src/components/reports/ReportFilterBar.tsx b/src/components/reports/ReportFilterBar.tsx
new file mode 100644
index 0000000..e696993
--- /dev/null
+++ b/src/components/reports/ReportFilterBar.tsx
@@ -0,0 +1,102 @@
+"use client"
+
+import { useRouter, usePathname } from "next/navigation"
+import { useTransition } from "react"
+import { X, Filter } from "lucide-react"
+import { NO_DEPARTMENT, filtersToQuery, hasActiveFilters, type ReportFilters } from "@/lib/reports/filters"
+
+type DataTypeOption = { key: string; label: string }
+
+const fieldCls =
+  "h-8 rounded-md border border-border bg-card px-2 text-xs text-foreground outline-none focus:border-primary"
+
+export function ReportFilterBar({
+  filters,
+  departments,
+  dataTypes,
+}: {
+  filters: ReportFilters
+  departments: string[]
+  dataTypes: DataTypeOption[]
+}) {
+  const router = useRouter()
+  const pathname = usePathname()
+  const [pending, startTransition] = useTransition()
+
+  const apply = (next: ReportFilters) => {
+    const qs = filtersToQuery(next)
+    startTransition(() => router.push(qs ? `${pathname}?${qs}` : pathname, { scroll: false }))
+  }
+
+  const set = (patch: Partial<ReportFilters>) => apply({ ...filters, ...patch })
+
+  return (
+    <div className="no-print flex flex-wrap items-center gap-2 rounded-lg border border-border bg-muted/30 px-3 py-2">
+      <span className="flex items-center gap-1.5 text-xs font-medium text-muted-foreground">
+        <Filter className="size-3.5" />
+        Filters
+      </span>
+
+      <label className="flex items-center gap-1 text-xs text-muted-foreground">
+        From
+        <input
+          type="date"
+          value={filters.from ?? ""}
+          max={filters.to ?? undefined}
+          onChange={(e) => set({ from: e.target.value || null })}
+          className={fieldCls}
+        />
+      </label>
+      <label className="flex items-center gap-1 text-xs text-muted-foreground">
+        To
+        <input
+          type="date"
+          value={filters.to ?? ""}
+          min={filters.from ?? undefined}
+          onChange={(e) => set({ to: e.target.value || null })}
+          className={fieldCls}
+        />
+      </label>
+
+      <select
+        value={filters.department ?? ""}
+        onChange={(e) => set({ department: e.target.value || null })}
+        className={fieldCls}
+        aria-label="Department"
+      >
+        <option value="">All departments</option>
+        {departments.map((d) => (
+          <option key={d} value={d === "Unknown" ? NO_DEPARTMENT : d}>
+            {d}
+          </option>
+        ))}
+      </select>
+
+      <select
+        value={filters.dataType ?? ""}
+        onChange={(e) => set({ dataType: e.target.value || null })}
+        className={fieldCls}
+        aria-label="Data type"
+      >
+        <option value="">All data types</option>
+        {dataTypes.map((t) => (
+          <option key={t.key} value={t.key}>
+            {t.label}
+          </option>
+        ))}
+      </select>
+
+      {hasActiveFilters(filters) && (
+        <button
+          type="button"
+          onClick={() => apply({ from: null, to: null, department: null, dataType: null })}
+          className="flex items-center gap-1 rounded-md px-2 py-1 text-xs text-muted-foreground transition-colors hover:bg-muted hover:text-foreground"
+        >
+          <X className="size-3" />
+          Clear
+        </button>
+      )}
+      {pending && <span className="text-xs text-muted-foreground">...</span>}
+    </div>
+  )
+}
diff --git a/src/components/reports/ReportToolbar.tsx b/src/components/reports/ReportToolbar.tsx
index fc54131..5c8a5c3 100644
--- a/src/components/reports/ReportToolbar.tsx
+++ b/src/components/reports/ReportToolbar.tsx
@@ -21,8 +21,9 @@ function formatTimestamp(iso: string): string {
   })
 }
 
-export function ReportToolbar({ generatedAt }: { generatedAt: string }) {
+export function ReportToolbar({ generatedAt, filterQuery = "" }: { generatedAt: string; filterQuery?: string }) {
   const [open, setOpen] = useState(false)
+  const suffix = filterQuery ? `&${filterQuery}` : ""
 
   return (
     <div className="no-print flex items-center gap-2">
@@ -47,7 +48,7 @@ export function ReportToolbar({ generatedAt }: { generatedAt: string }) {
               {CSV_SECTIONS.map((s) => (
                 <a
                   key={s.key}
-                  href={`/api/reports/export?section=${s.key}`}
+                  href={`/api/reports/export?section=${s.key}${suffix}`}
                   download
                   onClick={() => setOpen(false)}
                   className="block rounded-md px-2.5 py-1.5 text-sm text-foreground hover:bg-muted"
diff --git a/src/lib/employees.ts b/src/lib/employees.ts
index 4fd3e91..a7aeec5 100644
--- a/src/lib/employees.ts
+++ b/src/lib/employees.ts
@@ -1,4 +1,10 @@
 import { prisma } from "@/lib/prisma"
+import type { Prisma } from "@prisma/client"
+
+export type GetEmployeesOpts = {
+  where?: Prisma.EmployeeWhereInput
+  recordWhere?: Prisma.BreachRecordWhereInput
+}
 
 export type RiskLevel = "CRITICAL" | "HIGH" | "MEDIUM" | "LOW" | "OK"
 
@@ -24,11 +30,12 @@ export type EmployeeRow = {
   breachRecords: BreachRecordDetail[]
 }
 
-export async function getEmployees(companyId: string): Promise<EmployeeRow[]> {
+export async function getEmployees(companyId: string, opts?: GetEmployeesOpts): Promise<EmployeeRow[]> {
   const employees = await prisma.employee.findMany({
-    where: { companyId },
+    where: { companyId, ...opts?.where },
     include: {
       breachRecords: {
+        where: opts?.recordWhere,
         include: { breach: true },
         orderBy: { detectedAt: "desc" },
       },
diff --git a/src/lib/reports/by-employee.ts b/src/lib/reports/by-employee.ts
index 034969a..c845e4f 100644
--- a/src/lib/reports/by-employee.ts
+++ b/src/lib/reports/by-employee.ts
@@ -1,8 +1,12 @@
 import { getEmployees } from "@/lib/employees"
+import { breachRecordSome, employeeWhere, type ReportFilters } from "./filters"
 import type { EmployeeReportRow } from "./types"
 
-export async function getEmployeeBreakdown(companyId: string): Promise<EmployeeReportRow[]> {
-  const employees = await getEmployees(companyId)
+export async function getEmployeeBreakdown(companyId: string, f: ReportFilters): Promise<EmployeeReportRow[]> {
+  const employees = await getEmployees(companyId, {
+    where: employeeWhere(companyId, f),
+    recordWhere: breachRecordSome(f),
+  })
 
   return employees.map((e) => ({
     name: `${e.firstName} ${e.lastName}`,
diff --git a/src/lib/reports/compliance.ts b/src/lib/reports/compliance.ts
index 5429dda..cfade7a 100644
--- a/src/lib/reports/compliance.ts
+++ b/src/lib/reports/compliance.ts
@@ -1,26 +1,23 @@
 import { prisma } from "@/lib/prisma"
 import { rate } from "./utils"
+import { alertWhere, employeeWhere, exposedEmployeeWhere, type ReportFilters } from "./filters"
 import type { ComplianceSummary } from "./types"
 
-export async function getCompliance(companyId: string): Promise<ComplianceSummary> {
+export async function getCompliance(companyId: string, f: ReportFilters): Promise<ComplianceSummary> {
   const thirtyDaysAgo = new Date(Date.now() - 30 * 24 * 60 * 60 * 1000)
+  const base = alertWhere(companyId, f)
 
   const [monitored, exposed, total, open, acknowledged, resolved, criticalOpen, staleCriticalOpen] =
     await Promise.all([
-      prisma.employee.count({ where: { companyId } }),
-      prisma.employee.count({ where: { companyId, breachRecords: { some: {} } } }),
-      prisma.alert.count({ where: { companyId } }),
-      prisma.alert.count({ where: { companyId, status: "OPEN" } }),
-      prisma.alert.count({ where: { companyId, status: "ACKNOWLEDGED" } }),
-      prisma.alert.count({ where: { companyId, status: "RESOLVED" } }),
-      prisma.alert.count({ where: { companyId, status: "OPEN", severity: "CRITICAL" } }),
+      prisma.employee.count({ where: employeeWhere(companyId, f) }),
+      prisma.employee.count({ where: exposedEmployeeWhere(companyId, f) }),
+      prisma.alert.count({ where: base }),
+      prisma.alert.count({ where: { ...base, status: "OPEN" } }),
+      prisma.alert.count({ where: { ...base, status: "ACKNOWLEDGED" } }),
+      prisma.alert.count({ where: { ...base, status: "RESOLVED" } }),
+      prisma.alert.count({ where: { ...base, status: "OPEN", severity: "CRITICAL" } }),
       prisma.alert.count({
-        where: {
-          companyId,
-          status: "OPEN",
-          severity: "CRITICAL",
-          createdAt: { lt: thirtyDaysAgo },
-        },
+        where: { ...base, status: "OPEN", severity: "CRITICAL", createdAt: { lt: thirtyDaysAgo } },
       }),
     ])
 
diff --git a/src/lib/reports/data-types.ts b/src/lib/reports/data-types.ts
index b4180c8..8f1308e 100644
--- a/src/lib/reports/data-types.ts
+++ b/src/lib/reports/data-types.ts
@@ -2,13 +2,14 @@ import { prisma } from "@/lib/prisma"
 import { CRITICAL_DATA } from "@/lib/employees"
 import { PRESET_DATA_TYPES } from "@/lib/dataTypes"
 import { rate } from "./utils"
+import { breachRecordWhere, type ReportFilters } from "./filters"
 import type { DataTypeExposure } from "./types"
 
 const LABELS = new Map<string, string>(PRESET_DATA_TYPES.map((t) => [t.key, t.label]))
 
-export async function getDataTypeExposure(companyId: string): Promise<DataTypeExposure[]> {
+export async function getDataTypeExposure(companyId: string, f: ReportFilters): Promise<DataTypeExposure[]> {
   const records = await prisma.breachRecord.findMany({
-    where: { employee: { companyId } },
+    where: breachRecordWhere(companyId, f),
     select: { exposedData: true },
   })
 
diff --git a/src/lib/reports/departments.ts b/src/lib/reports/departments.ts
index 5fe9ed5..6aaac79 100644
--- a/src/lib/reports/departments.ts
+++ b/src/lib/reports/departments.ts
@@ -1,11 +1,15 @@
 import { prisma } from "@/lib/prisma"
 import { rate } from "./utils"
+import { breachRecordSome, employeeWhere, type ReportFilters } from "./filters"
 import type { DepartmentRow } from "./types"
 
-export async function getDepartmentBreakdown(companyId: string): Promise<DepartmentRow[]> {
+export async function getDepartmentBreakdown(companyId: string, f: ReportFilters): Promise<DepartmentRow[]> {
   const employees = await prisma.employee.findMany({
-    where: { companyId },
-    select: { department: true, _count: { select: { breachRecords: true } } },
+    where: employeeWhere(companyId, f),
+    select: {
+      department: true,
+      breachRecords: { where: breachRecordSome(f), select: { id: true }, take: 1 },
+    },
   })
 
   const depts = new Map<string, { total: number; exposed: number }>()
@@ -13,7 +17,7 @@ export async function getDepartmentBreakdown(companyId: string): Promise<Departm
     const name = e.department ?? "Unknown"
     const entry = depts.get(name) ?? { total: 0, exposed: 0 }
     entry.total++
-    if (e._count.breachRecords > 0) entry.exposed++
+    if (e.breachRecords.length > 0) entry.exposed++
     depts.set(name, entry)
   })
 
diff --git a/src/lib/reports/exposure.ts b/src/lib/reports/exposure.ts
index 80681f4..99c2458 100644
--- a/src/lib/reports/exposure.ts
+++ b/src/lib/reports/exposure.ts
@@ -1,22 +1,30 @@
 import { prisma } from "@/lib/prisma"
 import { calculateRiskScore, getRiskLevel } from "@/lib/risk"
 import { rate } from "./utils"
+import {
+  alertWhere,
+  breachRecordSome,
+  employeeWhere,
+  exposedEmployeeWhere,
+  type ReportFilters,
+} from "./filters"
 import type { ExposureSummary, TopBreach } from "./types"
 
 type Severity = "CRITICAL" | "HIGH" | "MEDIUM" | "LOW"
 
-function countOpenAlerts(companyId: string, severity: Severity): Promise<number> {
-  return prisma.alert.count({ where: { companyId, status: "OPEN", severity } })
+function countOpenAlerts(companyId: string, f: ReportFilters, severity: Severity): Promise<number> {
+  return prisma.alert.count({ where: { ...alertWhere(companyId, f), status: "OPEN", severity } })
 }
 
-async function getTopBreaches(companyId: string): Promise<TopBreach[]> {
+async function getTopBreaches(companyId: string, f: ReportFilters): Promise<TopBreach[]> {
+  const recordFilter = { employee: employeeWhere(companyId, f), ...breachRecordSome(f) }
   const breaches = await prisma.breach.findMany({
-    where: { records: { some: { employee: { companyId } } } },
+    where: { records: { some: recordFilter } },
     select: {
       name: true,
       source: true,
       breachDate: true,
-      records: { where: { employee: { companyId } }, select: { employeeId: true } },
+      records: { where: recordFilter, select: { employeeId: true } },
     },
   })
 
@@ -31,22 +39,23 @@ async function getTopBreaches(companyId: string): Promise<TopBreach[]> {
     .slice(0, 10)
 }
 
-export async function getExposureSummary(companyId: string): Promise<ExposureSummary> {
+export async function getExposureSummary(companyId: string, f: ReportFilters): Promise<ExposureSummary> {
   const thirtyDaysAgo = new Date(Date.now() - 30 * 24 * 60 * 60 * 1000)
+  const recentRecord = { ...breachRecordSome(f), detectedAt: { gte: thirtyDaysAgo } }
 
   const [total, exposed, breaches, critical, high, medium, low, recent, topBreaches] =
     await Promise.all([
-      prisma.employee.count({ where: { companyId } }),
-      prisma.employee.count({ where: { companyId, breachRecords: { some: {} } } }),
-      prisma.breach.count({ where: { records: { some: { employee: { companyId } } } } }),
-      countOpenAlerts(companyId, "CRITICAL"),
-      countOpenAlerts(companyId, "HIGH"),
-      countOpenAlerts(companyId, "MEDIUM"),
-      countOpenAlerts(companyId, "LOW"),
-      prisma.breachRecord.count({
-        where: { employee: { companyId }, detectedAt: { gte: thirtyDaysAgo } },
+      prisma.employee.count({ where: employeeWhere(companyId, f) }),
+      prisma.employee.count({ where: exposedEmployeeWhere(companyId, f) }),
+      prisma.breach.count({
+        where: { records: { some: { employee: employeeWhere(companyId, f), ...breachRecordSome(f) } } },
       }),
-      getTopBreaches(companyId),
+      countOpenAlerts(companyId, f, "CRITICAL"),
+      countOpenAlerts(companyId, f, "HIGH"),
+      countOpenAlerts(companyId, f, "MEDIUM"),
+      countOpenAlerts(companyId, f, "LOW"),
+      prisma.breachRecord.count({ where: { employee: employeeWhere(companyId, f), ...recentRecord } }),
+      getTopBreaches(companyId, f),
     ])
 
   const riskScore = calculateRiskScore({
diff --git a/src/lib/reports/filters.ts b/src/lib/reports/filters.ts
new file mode 100644
index 0000000..002357b
--- /dev/null
+++ b/src/lib/reports/filters.ts
@@ -0,0 +1,101 @@
+import type { Prisma } from "@prisma/client"
+
+// Sentinel for the "Unknown" department bucket (employees with department = null).
+export const NO_DEPARTMENT = "__none__"
+
+export type ReportFilters = {
+  from: string | null // ISO date (YYYY-MM-DD)
+  to: string | null
+  department: string | null
+  dataType: string | null
+}
+
+export const EMPTY_FILTERS: ReportFilters = {
+  from: null,
+  to: null,
+  department: null,
+  dataType: null,
+}
+
+export function parseReportFilters(params: URLSearchParams): ReportFilters {
+  const get = (k: string) => {
+    const v = params.get(k)
+    return v && v.trim() !== "" ? v : null
+  }
+  return {
+    from: get("from"),
+    to: get("to"),
+    department: get("department"),
+    dataType: get("dataType"),
+  }
+}
+
+export function hasActiveFilters(f: ReportFilters): boolean {
+  return Boolean(f.from || f.to || f.department || f.dataType)
+}
+
+// Serialize back to a query string (for export links etc.). Skips empty values.
+export function filtersToQuery(f: ReportFilters): string {
+  const p = new URLSearchParams()
+  if (f.from) p.set("from", f.from)
+  if (f.to) p.set("to", f.to)
+  if (f.department) p.set("department", f.department)
+  if (f.dataType) p.set("dataType", f.dataType)
+  return p.toString()
+}
+
+function dateRange(f: ReportFilters): Prisma.DateTimeFilter | undefined {
+  if (!f.from && !f.to) return undefined
+  const range: Prisma.DateTimeFilter = {}
+  if (f.from) range.gte = new Date(`${f.from}T00:00:00.000`)
+  if (f.to) range.lte = new Date(`${f.to}T23:59:59.999`)
+  return range
+}
+
+function departmentClause(f: ReportFilters): { department: string | null } | undefined {
+  if (!f.department) return undefined
+  return { department: f.department === NO_DEPARTMENT ? null : f.department }
+}
+
+// Record-level constraints (date + exposed data type), no employee clause.
+export function breachRecordSome(f: ReportFilters): Prisma.BreachRecordWhereInput {
+  const where: Prisma.BreachRecordWhereInput = {}
+  const range = dateRange(f)
+  if (range) where.detectedAt = range
+  if (f.dataType) where.exposedData = { has: f.dataType }
+  return where
+}
+
+// Employee population filtered by department.
+export function employeeWhere(companyId: string, f: ReportFilters): Prisma.EmployeeWhereInput {
+  return { companyId, ...departmentClause(f) }
+}
+
+// Employees considered "exposed" within the active filters: matching department AND
+// having at least one breach record inside the date / data-type constraints.
+export function exposedEmployeeWhere(companyId: string, f: ReportFilters): Prisma.EmployeeWhereInput {
+  const some = breachRecordSome(f)
+  return {
+    companyId,
+    ...departmentClause(f),
+    breachRecords: { some: Object.keys(some).length ? some : {} },
+  }
+}
+
+// Breach records scoped to the company + all active filters.
+export function breachRecordWhere(companyId: string, f: ReportFilters): Prisma.BreachRecordWhereInput {
+  return {
+    employee: employeeWhere(companyId, f),
+    ...breachRecordSome(f),
+  }
+}
+
+// Alerts scoped to the company + date range + department (via linked employee).
+export function alertWhere(companyId: string, f: ReportFilters): Prisma.AlertWhereInput {
+  const where: Prisma.AlertWhereInput = { companyId }
+  const range = dateRange(f)
+  if (range) where.createdAt = range
+  const dept = departmentClause(f)
+  if (dept) where.employee = dept
+  return where
+}
diff --git a/src/lib/reports/index.ts b/src/lib/reports/index.ts
index b491192..4d9675a 100644
--- a/src/lib/reports/index.ts
+++ b/src/lib/reports/index.ts
@@ -5,19 +5,24 @@ import { getEmployeeBreakdown } from "./by-employee"
 import { getTrends } from "./trends"
 import { getCompliance } from "./compliance"
 import { buildFindings } from "./findings"
+import { EMPTY_FILTERS, type ReportFilters } from "./filters"
 import type { ReportData } from "./types"
 
 export type { ReportData } from "./types"
+export type { ReportFilters } from "./filters"
 
-export async function getReportData(companyId: string): Promise<ReportData> {
+export async function getReportData(
+  companyId: string,
+  filters: ReportFilters = EMPTY_FILTERS,
+): Promise<ReportData> {
   const [exposure, dataTypes, departments, employees, trends, compliance] =
     await Promise.all([
-      getExposureSummary(companyId),
-      getDataTypeExposure(companyId),
-      getDepartmentBreakdown(companyId),
-      getEmployeeBreakdown(companyId),
-      getTrends(companyId),
-      getCompliance(companyId),
+      getExposureSummary(companyId, filters),
+      getDataTypeExposure(companyId, filters),
+      getDepartmentBreakdown(companyId, filters),
+      getEmployeeBreakdown(companyId, filters),
+      getTrends(companyId, filters),
+      getCompliance(companyId, filters),
     ])
 
   return {
diff --git a/src/lib/reports/trends.ts b/src/lib/reports/trends.ts
index b3fefa9..cce7205 100644
--- a/src/lib/reports/trends.ts
+++ b/src/lib/reports/trends.ts
@@ -1,5 +1,6 @@
 import { prisma } from "@/lib/prisma"
 import { monthKey } from "./utils"
+import { employeeWhere, NO_DEPARTMENT, type ReportFilters } from "./filters"
 import type { MonthlyPoint, Trends } from "./types"
 
 function emptyMonths(): Map<string, MonthlyPoint> {
@@ -13,18 +14,26 @@ function emptyMonths(): Map<string, MonthlyPoint> {
   return months
 }
 
-export async function getTrends(companyId: string): Promise<Trends> {
+export async function getTrends(companyId: string, f: ReportFilters): Promise<Trends> {
   const since = new Date()
   since.setMonth(since.getMonth() - 11)
   since.setDate(1)
 
+  const alertDept = f.department
+    ? { employee: { department: f.department === NO_DEPARTMENT ? null : f.department } }
+    : {}
+
   const [records, alerts] = await Promise.all([
     prisma.breachRecord.findMany({
-      where: { employee: { companyId }, detectedAt: { gte: since } },
+      where: {
+        employee: employeeWhere(companyId, f),
+        detectedAt: { gte: since },
+        ...(f.dataType && { exposedData: { has: f.dataType } }),
+      },
       select: { detectedAt: true },
     }),
     prisma.alert.findMany({
-      where: { companyId, createdAt: { gte: since } },
+      where: { companyId, createdAt: { gte: since }, ...alertDept },
       select: { createdAt: true },
     }),
   ])