Trust & security

Security review materials

Architecture documentation, pen-test summaries, data-flow diagrams, and pre-filled SIG and CAIQ questionnaires, delivered under NDA, usually same day.

Request the security pack

Email us for the materials below. Usually same-day delivery under NDA.

  • Security architecture overview
  • Pen-test summary
  • Cryptography & key management design
  • Sub-processor list and data flow diagrams
  • Pre-filled SIG and CAIQ questionnaires

security@piisafe.io

Compliance roadmap

SOC 2 Type II and ISO 27001 audits are underway. We do not yet hold either certification. We will update this page when reports are issued. We do not claim certifications we have not earned.

SOC 2 Type II

Audit underway

Independent annual audit; certification pending

ISO/IEC 27001

Audit underway

ISMS certification pending

HIPAA

In progress

BAA support in progress

GDPR

In progress

DPA available; region pinning and DSAR automation on the roadmap

How a record is designed to flow

The target architecture for one record. Steps marked Planned are on our roadmap and not yet generally available; steps marked Available are live today.

1

Captured in transit

Available

Data travels over TLS 1.3 with no plaintext fallback. Client-side / BYOK encryption at capture is on the roadmap.

2

Stored as ciphertext

Planned

Target architecture: the vault stores ciphertext and wrapped data keys in region-pinned storage and returns a token to your app.

3

Used through policy

Planned

Target architecture: detokenization requires identity, context, MFA, and stated purpose; policy returns plaintext, redacted data, or nothing.

4

Audited

Available

Every access is recorded in a tamper-evident, hash-chained log retained for six years. Cryptographic erasure on retention expiry is on the roadmap.

Design principles

Our target security model. Each principle is labeled with what is live today versus on the roadmap — we don't describe controls we haven't shipped as if they exist.

Encrypted in transit, encrypting at rest

In progress

TLS 1.3 protects data in transit today. Field-level encryption at rest for all stored PII is in progress; secrets (API keys, credentials, MFA) are already encrypted.

  • TLS 1.3, no plaintext fallbacks (available)
  • AES-256-GCM for stored secrets today; per-record field encryption planned
  • Independent cryptography review available

You hold the keys

Planned

Roadmap: BYOK from AWS KMS, GCP KMS, Azure Key Vault, or HashiCorp Vault, with HYOK keeping the master key in your HSM.

  • One-click revocation in your KMS
  • Automatic rotation, zero downtime
  • PIIsafe cannot decrypt without your authorization

Access is policy, not ad hoc

Available

Every read is governed by role-based access control and recorded in a tamper-evident log. JIT elevation and multi-sig key controls are on the roadmap.

  • RBAC and column-level access conditions (available)
  • Tamper-evident, hash-chained audit log of access (available)
  • JIT elevation with auto-expiry and multi-sig key export (planned)

Privacy operations built in

Planned

Roadmap: DSAR export, redaction, and erasure through API calls instead of manual engineering sprints.

  • Region-pinned vaults (US, EU, UK, Canada, APAC)
  • DSAR search, export, redact, erase
  • Cryptographic shredding on retention expiry

Commitments in plain language

Your customers stay yours

PIIsafe does not contact your customers or appear in user-facing flows unless you configure it.

No selling, no model training

Customer data is never sold, shared with ad networks, or used to train AI. Written into the DPA.

Secrets are encrypted at rest

API keys, integration credentials, and MFA secrets are stored encrypted with AES-256-GCM. Full field-level encryption for all stored PII is on our roadmap.

You can leave anytime

Export tokens, ciphertext, and audit logs in migration-friendly formats.

Sub-processors published in advance

Material changes announced 30 days ahead.

Breach notification

If unauthorized access is detected, we notify affected customers without undue delay and within HIPAA-required timeframes.

Why we built this

Most breaches come from small details: a logged plaintext field, an unencrypted backup, an internal tool that stored too much. Encryption is the easy part. Consistency across teams, audit evidence, and reliable erasure is the hard part.

PIIsafe is the platform we wanted when running those incidents: one API for tokenization, keys, policy, and audit instead of a growing internal platform team.

Read the FAQ

Get in touch

Questions for your security review?

Email us your use case (payments, health records, HR data, or AI workloads) and we will answer the questions your security team asks.