Simple APIs -
store, manage and protect sensitive data

Piiano Data Privacy Vault eliminates the pain of storing and controlling customer sensitive data in your backend. Cloud hosted or self hosted anywhere.

Create your Vault and use our APIs now.

Free 7-days trial!
Or book a demo.


Why customers choose Piiano

Engineering managers love what we do, it saves them incredible amount of development time. They are saying our level of support and documentation is excellent.


Numbers don’t lie

In 20 minutes of work the value of Piiano Vault was clear. Using the self-hosted version, we got 80% of our PCI-DSS vault complete, storing credit card numbers independently.

Or Z. @ Forter

Senior Software Developer



We support protecting millions of sensitive data records.



We easily benchmarked our Vault with tens of thousands of requests per second.




We designed our Vault to satisfy requests within a single digit milli-seconds!


Achieve personal data protection in days. Even for existing applications



Use our cloud hosted Vault, or deploy our Vault anywhere you like.


# Run the Docker command
docker run --rm --init -d \
  -p 8123:8123 \
  -e PVAULT_DEVMODE=true \
  -e PVAULT_SERVICE_LICENSE=<enter your license here> \







<!-- Add this to your pom.xml file -->



// Add this to your Java class file
@Table(name = "customers")
@TypeDef(name = "Encrypted", typeClass = Encrypted.class)
public class Customer {
    @Column(name = "ssn")
    @Type(type = "Encrypted")
    private String ssn;



# Install Django Encryption using pip
% pip install django-encryption



# Import necessary Django Encryption fields
from django_encryption.fields import EncryptedCharField, EncryptedEmailField

# Define the Customer model
class Customer(models.Model):
    email = EncryptedEmailField(data_type_name='EMAIL')
    ssn = EncryptedCharField(data_type_name='SSN')
    balance = DecimalField()



// Install TypeORM Encryption using npm
npm install @piiano/typeorm-encryption



// Define the Customer entity
export class Customer extends BaseEntity {
  id: number;

  @Column({encrypt: true})
  email: string;





# Send POST request to the API
curl --request POST \
	--url 'http://localhost:8123/api/pvlt/1.0/data/collections/buyers/encrypt/objects?reason=Maintenance' \
	--header 'Authorization: Bearer pvaultauth' \
	--header 'Content-Type: application/json' \
	--data '[ {
    "object": {
      "fields": {
        "email": "",
        "phone_number": "555-555-5555"
    },} ]'
// 2. Decrypt

# Send POST request to the API for decryption
curl --request POST \
	--url 'http://localhost:8123/api/pvlt/1.0/data/collections/customers/decrypt/objects?reason=Maintenance' \
	--header 'Authorization: Bearer pvaultauth' \
	--header 'Content-Type: application/json' \
	--data '[ {
    "encrypted_object": "...",

Why Piiano Vault

Own the data. Protect your customers.

Piiano Vault is an engineering data protection service. It helps you manage and protect sensitive data in the backend. It can be consumed as a SaaS or be deployed anywhere.
Save years of development and focus on what matters for your business.

Data Breaches Mitigation

Lock down your customer crown jewels against the rising cyber threats.

Full Data Control

Get rid of the pain of storing sensitive data while fully owning your customer data.

Standards and Compliance

Get app-level GDPR, CCPA, HIPAA, SOC2, and PCI-DSS implementation in days.


Enjoy a fully documented and self-serve cloud native infrastructure.

Built as a Platform

Grow with all-in-one security and privacy engineering solution. It's all waiting for you.

Self Hosted or SaaS

Optionally deploy Piiano Vault anywhere you need it. Or start right away with our SaaS Vault.


Embed PII Vault into your application's backend

Data Access Policies

Lock your sensitive data with granular access controls via a security policy engine.

Key Management & Rotation

Forget about key management, it's transparent for you, and key rotation is one API call away.

Tokenization & Encryption

Conceal your secrets with an advanced yet simple engine for tokenizing and encrypting data.

Privacy Functionality

Utilize out-of-the-box building blocks for DSAR, RTBF, automatic data deletion, traceability and many more.

Data Model

Manage your sensitive data easily, with object lifecycle, hierarchies, semantic types and transformations.

Customizable Data Types

Build your own smart data types using JavaScript for native data localization.

Questions & Answers

Learn more about Piiano Vault

Where does the Piiano Vault run?

Piiano Vault is a SaaS based solution for simplicity. But for those who want to fully be in charge, it can also run as a self-hosted solution, that operates within your cloud environment, becoming an integral part of your backend system.

Does Piiano Vault augment existing databases and plugs transparently into my architecture?

No, Piiano Vault is a standalone cloud-native secure data service solution, designed for developers. It is equipped with its own CRUD APIs, security and privacy features, and designed to ensure the utmost security of your data.

What’s the difference between Piiano Vault and Hashicorp Vault?

Hashicorp Vault is specifically designed to protect secrets of the production environment, utilizing a key-value store. It caters to the needs of DevOps teams. On the other hand, Piiano Vault is purpose-built to safeguard customer personal data in production, employing a full object store and comprehensive privacy compliance functionality. It is designed for application developers.

Does Piiano have access to stored data?

Absolutely not. Our design ensures that you are the sole owner of your data and we don’t have any access to it in any way.

What information does the self-hosted Piiano Vault transmit externally?

Piiano Vault only transmits metrics and diagnostic information, never including your actual data. This information is utilized for proactive monitoring of our customers' vaults to ensure optimal performance. It is important to note that this feature is optional and can be disabled as per your preference.

Who manages Piiano Vault?

For the SaaS based solution, we do everything for you.

As for the self-hosted version, running in your own cloud environment, you’re responsible to manage and operationalize it.

We support many ways to deploy it on top of AWS, GCP and Azure. And we guide our customers and provide deployment scripts in various frameworks.

How do we regularly update the self-hosted Piiano Vault?

We regularly update our product, similar to any software server, it is available for download on our website. The use of containers makes the process of updating Piiano Vault in production simple and straightforward.

How do I back up Piiano Vault?

For the SaaS based solution, we do it for you. As for the self-hosted version, it relies on a Postgres-compatible SQL server, such as RDS, Aurora, Cloud SQL, and similar services. As the database runs within your cloud environment, you have complete access to it, including the responsibility for operating your own backups. Learn more here.

Who is responsible for backing up the encryption keys and what is the recommended method for doing so?

Piiano Vault uses a KMS to hold the key-encryption key (KEK), which should be included in your KMS backup process. The data-encryption keys (DEK) are stored securely alongside the data in the database. As long as you back up the database, you will have the necessary DEKs.

Does Piiano Vault support high availability?

Yes, Piiano Vault operates using containers, which enables automatic scaling to meet demand. Additionally, the cloud provided SQL databases (like RDS) can be configured and leveraged to support the same scalability requirements.

Which encryption algorithms does Piiano Vault utilize?

The data in Piiano Vault is encrypted using AES 256 symmetric encryption. For the encryption implementation, we utilize the Google Tink open-source library, which provides robust and secure encryption capabilities.

Does Piiano Vault support PCI-DSS?

Only the self-hosted version can be used to securely store credit card numbers directly as a PCI zone. It incorporates tokenization functionality specifically designed for this use case. Piiano Vault has successfully undergone external audits with our customers, ensuring its compliance. For more information about this specific use case, you can refer to our provided documentation here. Should you require additional materials for your auditor, we will gladly supply them once we start collaborating.

Does Piiano Vault assist in expediting the implementation of GDPR, CCPA, HIPAA, and other privacy compliance requirements?

Yes, Piiano Vault provides specific functionality to address privacy compliance regulation requirements, including features such as handling data subject access requests (DSAR), implementing the right to be forgotten (RTBF), automatic data deletion, and more. You can refer to our compliance documentation page here for detailed information on how Piiano Vault supports these requirements.

Is Piiano SOC2 compliant?

Yes, Piiano is SOC2 compliant. We have undergone the necessary audits and assessments, by EY, to ensure compliance with SOC2 standards. This certification validates that our systems and processes meet the strict security and privacy requirements outlined by SOC2.


Didn’t find the answer you are looking for? Contact our support

Contact our support

Recent posts

Learn more about securing cloud applications

We are security experts that love writing how to practically and pragmatically secure cloud applications. You will find many tips and gems in our posts.

click for more knowledge

Create your account and start now for free!

Protect PII/PCI/PHI data with out-of-the-box privacy compliance capabilities through APIs.

You agree to the storing of cookies on your device to enhance site
navigation, analyze site usage, and assist in our marketing efforts.
View our Privacy Policy for more information.