You agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

News - Piiano Achieves PCI DSS and SOC2 Certification

Table of content:
Join our newsletter

Your privacy is important to us, privacy policy.

Dual certification reinforces commitment to help organizations meet security, confidentiality standards

Piiano, a data protection and privacy company, today announced that its Piiano Vault has successfully achieved PCI DSS Level 1 certification, complementing its existing SOC2 Type II certification. These latest accreditations mark significant milestones in its commitment to data security and make data security-by-design accessible to organizations of all sizes and levels of maturity.  

The dual certifications--combined with advanced technology offered by the Piiano Vault SaaS platform--establish the highest level of trust from enterprise users to confidently offload the secure storage and tokenization of payment information, as well as other types of sensitive and personal data like PII, PHI and secrets. In doing so, Piiano helps organizations overcome technical and cost-related limitations, enabling them to achieve robust data protection.  

“We're very proud of our efforts to create and bring to market the first privacy-focused AI device,” said Matt Domko, head of security at Rabbit. “Partnering with Piiano has made it easy for our engineers to deliver innovative features in a way that provides built-in controls for data governance. Knowing that our customer data is vaulted with a partner who maintains both PCI and SOC2 compliance reinforces that decision.”

The Piiano Vault SaaS platform secures payment details and sensitive data, and functions as a proxy to payment providers. To ensure comprehensive and efficient interaction with Piiano Vault’s features and functionalities, development teams can integrate with the platform using language-specific SDKs and REST APIs. 

With Piiano Vault, organizations can: 

  • Confidently and securely collect and use payment data 
  • Reduce PCI compliance effort to a minimum, or even skip it completely 
  • Deploy a turnkey solution with a simple API integration 
  • Escape vendor lock-in and skip transactional fees 
  • Work with any payment provider to optimize costs 

Piiano is a comprehensive data security solution for developers that protects sensitive customer data right from the source. Piiano Vault enables organizations to store, manage, encrypt and tokenize sensitive data with privacy-by-design controls for building secure applications. Piiano Flows helps companies manage data exposure risk at the code level by statically analyzing code changes and preventing data leaks from reaching production. 


SOC2 is a reporting framework to address growing needs of assurance around data security and privacy practices for organizations that collect personal information. The framework requires the implementation of strict policies and procedures for handling information, such as data security, privacy, availability, processing integrity and confidentiality. It must be maintained with regular monitoring, testing and auditing. It is very reputable for its effectiveness in driving and improving throughout organizations. 


PCI DSS emerged from a collaborative effort within the payment card industry, by companies that include Visa and AMEX to address concerns about credit card fraud, data breaches and the facilitation of secure payments. The framework is made up of a strict set of security standards specifically designed to protect cardholder data during payment transactions. 

Achieving these certifications was done with the help of Acytal. Scytale’s expertise and technology helped take our compliance to the next level by automating the lengthy processes involved with SOC 2 and PCI DSS compliance, providing a single source of truth to track and monitor all our audit requirements.

Share article

Powering Data Protection

Skip PCI compliance with our tokenization APIs

Skip PCI compliance with our tokenization APIs




It all begins with the cloud, where applications are accessible to everyone. Therefore, a user or an attacker makes no difference per se. Technically, encrypting all data at rest and in transit might seem like a comprehensive approach, but these methods are not enough anymore. For cloud hosted applications, data-at-rest encryption does not provide the coverage one might expect.

John Marcus

Senior Product Owner

const protectedForm = 
pvault.createProtectedForm(payment Div, 
Thank you! Your submission has been received!

We care about your data in our privacy policy

Oops! Something went wrong while submitting the form.