Skip to content
Piiano Vault
The secure home for sensitive personal data
Safely store sensitive personal data in your own cloud environment with automated compliance controls.
Built from scratch for developers
Designed for developers on a mission to build data protection and privacy compliance into their applications. Comes with simple dev-friendly and fully documented REST APIs.
Stores any type of sensitive personal data
Build systems that store and protect sensitive personal data, such as PII, PCI, PHI, KYC, and other sensitive documents, as well as customers’ secrets or tokens.
Simplifies governance and compliance requirements
Our unique privacy-based data model enables out-of-the-box support for data subject access rights, consent, retention, minimization, encryption, tokenization and more.
Super Customized for Your Own Needs
# Allow server to store SSNs
[policies.AllowSSNWrite]
operations = ["write"]
resources = ["customers/types/ssn"]
# Allow server to only read masked SSNs
[policies.AllowSSNMask]
operations = ["read"]
resources = ["customers/types/ssn.mask"]The diagram below shows how Vault allows high-granularity ACLs.
SSNs are always protected, even if the server is fully compromised.
// Object Level Security with JWT Validation
function view(context, object, value) {
token = JWT.parseAndValidate(context.param)
// If JWT subject matches the object subject
if (token && token.subject === object.subject) {
return value;
}
return null;
}Enforce access based on the end user credentials to fully access SSN.
This prevents Broken Access Control (OWASP #1).
// Allow access to an email only if user has consented
// the desired access reason
function view(context, object, value) {
// email_consent can be e.g. "Analytics,Marketing"
const allowed_reasons = object.email_consent.split(",");
// Check if the access reason is allowed
if (allowed_reasons.includes(context.reason)) {
return value;
}
return null;
}// US admin can only access emails of US citizens
function view(context, object, value) {
if (context.role === "Admin_US" && object.residency === "US") {
return value;
}
return null;
}# Allow server to store SSNs
[policies.AllowSSNWrite]
operations = ["write"]
resources = ["customers/types/ssn"]
# Allow server to only read masked SSNs
[policies.AllowSSNMask]
operations = ["read"]
resources = ["customers/types/ssn.mask"]The diagram below shows how Vault allows high-granularity ACLs.
SSNs are always protected, even if the server is fully compromised.
// Object Level Security with JWT Validation
function view(context, object, value) {
token = JWT.parseAndValidate(context.param)
// If JWT subject matches the object subject
if (token && token.subject === object.subject) {
return value;
}
return null;
}
// Allow access to an email only if user has consented
// the desired access reason
function view(context, object, value) {
// email_consent can be e.g. "Analytics,Marketing"
const allowed_reasons = object.email_consent.split(",");
// Check if the access reason is allowed
if (allowed_reasons.includes(context.reason)) {
return value;
}
return null;
}// US admin can only access emails of US citizens
function view(context, object, value) {
if (context.role === "Admin_US" && object.residency === "US") {
return value;
}
return null;
}Supported Technologies
Enjoy Breach Immunity
By tokenizing sensitive data and isolating it into a highly secure vault, Piiano reduces the risk of privacy exposure — rendering breaches harmless to your customers.
Take Full Control of Data
Instead of translating legal requirements into software requirements and building it yourself, the Piiano Vault stores, encrypts and tightly controls and records all access to sensitive data for you.
Eliminate DIY Privacy
Easily build privacy-by-design, privacy-by-default and zero trust systems with a vault dedicated to sensitive data. Data remains under your ownership and control within your own cloud environment.
The Piiano Vault Helps
Developers
easy-to-use and fully documented REST APIs.
Privacy Officers
pre-built privacy features for sensitive data protection, governance & compliance.
DevOps
Easily achieve a scalable privacy and security aware infrastructure.
Privacy Teams
Build privacy-aware architectures and implement privacy-by-design to facilitate compliance and satisfy audits of sensitive data usage.
Security Teams
Configure granular access policies and gain full audit of sensitive data access.
Privacy Teams
Build privacy-aware architectures and implement privacy-by-design to facilitate compliance and satisfy audits of sensitive data usage.
Privacy Officers
pre-built privacy features for sensitive data protection, governance & compliance.
Developers
easy-to-use and fully documented REST APIs.
DevOps
Build privacy-aware architectures and implement privacy-by-design to facilitate compliance and satisfy audits of sensitive data usage.
Security Teams
Configure granular access policies and gain full audit of sensitive data access.
Deploying
the Piiano Vault
Super secure & highly compliant infrastructure
Supports GDPR, CCPA, SOC2 and PCI DSS, and future-proofs regulatory compliance.
Cloud native and self-hosted
Piiano Vault deploys anywhere in minutes. It can run in your testing, staging and production environments. The data always stays within your organization and is based on Kubernetes or Docker containers.
Fully managed
Choose between self-management or let Piiano operate it for you – by facilitating deployment, software updates, backups, scalability and monitoring.
Built for performance
Provides low latency, resiliency, robustness, scalability and security, and is implemented with the highest standards.
Key Features
Privacy-based
Data Model
Our engine simplifies sensitive data management and ensures data integrity by:
- Organizing data based on persons and their associated data, including documents
- Employing semantic (tagged) data types, transformations and ownerships, including tenants
- Using an entire object’s lifecycle to support different states, time tracking, soft-deletion and automatic retention
Compliance
The Piiano Vault provides the technological means to efficiently comply with various regulations, accelerating the automation of privacy-oriented activities by:
- Facilitating privacy requirements, such as the right to be forgotten (RTBF), data subject access requests (DSAR), data retention and data de-identification
- Staying current with compliance for emerging regulations and changes with automatic updates
- Monitoring all activities relating to sensitive data, from software resources to logical operations
Security
The Piiano Vault reduces exposure and mitigates data breaches by:
- Employing leak-prevention mechanisms
- Encrypting data at rest, in motion and at the application level
- Integrating seamlessly with KMS, including provisioning and rotation of keys
- Using advanced access policies with granular ACLs, metadata and context
- Holding payment information with the option to become PCI scope
Standardize PII/PCI/PHI protection with out-of-the-box privacy compliance capabilities through APIs.
