Trust & security
Security review materials
Architecture documentation, pen-test summaries, data-flow diagrams, and pre-filled SIG and CAIQ questionnaires, delivered under NDA, usually same day.
Request the security pack
Email us for the materials below. Usually same-day delivery under NDA.
- ✓ Security architecture overview
- ✓ Pen-test summary
- ✓ Cryptography & key management design
- ✓ Sub-processor list and data flow diagrams
- ✓ Pre-filled SIG and CAIQ questionnaires
Compliance roadmap
SOC 2 Type II and ISO 27001 audits are underway. We do not yet hold either certification. We will update this page when reports are issued. We do not claim certifications we have not earned.
SOC 2 Type II
Audit underway
Independent annual audit; certification pending
ISO/IEC 27001
Audit underway
ISMS certification pending
HIPAA
In progress
BAA support in progress
GDPR
In progress
DPA available; region pinning and DSAR automation on the roadmap
How a record is designed to flow
The target architecture for one record. Steps marked Planned are on our roadmap and not yet generally available; steps marked Available are live today.
Captured in transit
AvailableData travels over TLS 1.3 with no plaintext fallback. Client-side / BYOK encryption at capture is on the roadmap.
Stored as ciphertext
PlannedTarget architecture: the vault stores ciphertext and wrapped data keys in region-pinned storage and returns a token to your app.
Used through policy
PlannedTarget architecture: detokenization requires identity, context, MFA, and stated purpose; policy returns plaintext, redacted data, or nothing.
Audited
AvailableEvery access is recorded in a tamper-evident, hash-chained log retained for six years. Cryptographic erasure on retention expiry is on the roadmap.
Design principles
Our target security model. Each principle is labeled with what is live today versus on the roadmap — we don't describe controls we haven't shipped as if they exist.
Encrypted in transit, encrypting at rest
In progressTLS 1.3 protects data in transit today. Field-level encryption at rest for all stored PII is in progress; secrets (API keys, credentials, MFA) are already encrypted.
- TLS 1.3, no plaintext fallbacks (available)
- AES-256-GCM for stored secrets today; per-record field encryption planned
- Independent cryptography review available
You hold the keys
PlannedRoadmap: BYOK from AWS KMS, GCP KMS, Azure Key Vault, or HashiCorp Vault, with HYOK keeping the master key in your HSM.
- One-click revocation in your KMS
- Automatic rotation, zero downtime
- PIIsafe cannot decrypt without your authorization
Access is policy, not ad hoc
AvailableEvery read is governed by role-based access control and recorded in a tamper-evident log. JIT elevation and multi-sig key controls are on the roadmap.
- RBAC and column-level access conditions (available)
- Tamper-evident, hash-chained audit log of access (available)
- JIT elevation with auto-expiry and multi-sig key export (planned)
Privacy operations built in
PlannedRoadmap: DSAR export, redaction, and erasure through API calls instead of manual engineering sprints.
- Region-pinned vaults (US, EU, UK, Canada, APAC)
- DSAR search, export, redact, erase
- Cryptographic shredding on retention expiry
Commitments in plain language
Your customers stay yours
PIIsafe does not contact your customers or appear in user-facing flows unless you configure it.
No selling, no model training
Customer data is never sold, shared with ad networks, or used to train AI. Written into the DPA.
Secrets are encrypted at rest
API keys, integration credentials, and MFA secrets are stored encrypted with AES-256-GCM. Full field-level encryption for all stored PII is on our roadmap.
You can leave anytime
Export tokens, ciphertext, and audit logs in migration-friendly formats.
Sub-processors published in advance
Material changes announced 30 days ahead.
Breach notification
If unauthorized access is detected, we notify affected customers without undue delay and within HIPAA-required timeframes.
Why we built this
Most breaches come from small details: a logged plaintext field, an unencrypted backup, an internal tool that stored too much. Encryption is the easy part. Consistency across teams, audit evidence, and reliable erasure is the hard part.
PIIsafe is the platform we wanted when running those incidents: one API for tokenization, keys, policy, and audit instead of a growing internal platform team.
Get in touch
Questions for your security review?
Email us your use case (payments, health records, HR data, or AI workloads) and we will answer the questions your security team asks.