Secure PII Database: Protect Customer Records in Under 10 Minutes

Databunker is a lighting-fast, open-source service developed in Go for secure storage of sensitive personal records. Protect user records from SQL and GraphQL injections with a simple API. Streamline GDPR, HIPAA, ISO 27001, and SOC2 compliance.

Book a Demo View Docs

With Databunker, you can rest assured that cybercriminals will not be able to steal your customers' data via SQL injection!

💡 What Problems Does Databunker Solve?

  1. Prevents Data Breaches

    • Eliminates SQL injection vulnerabilities
    • Protects against GraphQL data exposure
    • Segregates sensitive data from your main database
  2. Simplifies Compliance

    • GDPR, CCPA, HIPAA ready out of the box
    • Built-in consent management
    • Automated data minimization
    • Full audit trail of all operations
  3. Reduces Development Time

    • Simple REST API for all operations
    • SDK available for popular languages
    • Drop-in replacement for your user table
    • Built-in session management

Deploying Databunker in your organization simplifies compliance by addressing most security RFCs and certification questionnaires.

1. Secure Data Storage

SOC2 ISO 27001 PCI DSS HIPAA GDPR

Databunker acts as an encrypted vault for PII, PHI, PCI, and KYC data, going beyond traditional database encryption.

Compliance Impact: Meets stringent data protection requirements across multiple standards.

2. Advanced Encryption & Tokenization

SOC2 ISO 27001 PCI DSS HIPAA GDPR

Employs encryption for data at rest and in transit, with no clear text storage and secure indexing.

Compliance Impact: Ensures data confidentiality and integrity as mandated by various regulations.

3. Robust Access Controls

SOC2 ISO 27001 PCI DSS HIPAA GDPR

Implements strict access control mechanisms and API-based communication, restricting bulk data retrieval.

Compliance Impact: Prevents unauthorized access and maintains principle of least privilege.

4. Comprehensive Audit Trails

SOC2 ISO 27001 PCI DSS HIPAA GDPR

Provides detailed logging of all data operations and access attempts.

Compliance Impact: Enables thorough auditing and supports incident investigations.

5. Pseudonymization & Data Minimization

HIPAA GDPR

Generates random user tokens and supports data segregation to enhance privacy.

Compliance Impact: Enhances data protection and supports privacy-by-design principles.

6. Consent Management

CPRA HIPAA GDPR

Offers a platform for obtaining, storing, and managing user consent in a compliant manner.

Compliance Impact: Ensures lawful data processing based on valid consent.

7. Open-Source Codebase

SOC2 ISO 27001 GDPR

Benefits from community contributions and scrutiny, ensuring continuous improvements and security fixes.

Compliance Impact: Supports transparency and allows for independent security audits.

8. User-Centric Access

CPRA HIPAA GDPR

Provides an optional user interface for individuals to access, review, and modify their personal data.

Compliance Impact: Facilitates compliance with individual data rights and access requirements.

9. Automated Data Retention

SOC2 ISO 27001 PCI DSS HIPAA GDPR

Enforces data lifecycle management, automatically deleting obsolete data.

Compliance Impact: Ensures data is not kept longer than necessary, reducing compliance risks.

10. Compliance Reporting

SOC2 ISO 27001 PCI DSS CPRA HIPAA GDPR

Assists in generating reports and collecting evidence for compliance audits.

Compliance Impact: Streamlines compliance demonstrations and simplifies audit processes.

Databunker is a powerful encrypted vault specifically designed for developers to protect sensitive records. You can use it to store:

  • Personally Identifiable Information (PII)
  • Personal Health Information (PHI)
  • Know Your Customer (KYC) records
  • Payment Card Industry (PCI) data

In today’s cybercriminal landscape, data breaches pose a significant threat.

Developers can rely on Databunker’s robust security measures, built with a strong emphasis on security by design and privacy by design principles. It effectively safeguards against SQL injections and unfiltered GraphQL requests, significantly reducing the risk of exposing sensitive records.

The API is developer-friendly, so you can easily store and retrieve encrypted user records, just like working with a NoSQL database. In addition, Databunker creates a quick search index using hashed data, so you can quickly find user records based on email, token, phone number, or login name.

By default, Databunker takes a proactive approach to security by disabling the API call that allows dumping all user records at once. This crucial measure mitigates the potential for attackers to extract all sensitive data in a single attempt. It provides an additional layer of security to the system.

Pseudonymized identity

Additional resources:

  1. A perfect KYC backend for a crypto startup

By using Databunker, developers can benefit from a built-in tokenization service that securely encrypts and stores sensitive user records (PII/PHI/KYC/PCI records) while providing efficient search capabilities without compromising personal data privacy.

Tokenization is the process of transforms sensitive data into nonsensitive data called “tokens”, which can be used in databases or internal systems.

A common use-case of tokenization involves the tokenization of credit card numbers, where the original credit card number is replaced with a token that no longer holds identifiable information.

In traditional tokenization services, each individual value is tokenized separately. For instance, if you have a user’s email address, social security number, and credit card details, you would generate three separate tokens: one for the email, one for SSN, and one for the credit card.

Databunker digram

Databunker, however, takes a unique approach to tokenization. Rather than tokenizing individual values, it processes the entire user object as a JSON structure and generates a random user token in UUID format. This token is then sent back to the calling party, which can store it in the regular database or logs as a user identity. Using Databunker’s API, developers can easily retrieve or update user details using this token.

Databunker Pro provides a standard format-preserving tokenization able to process millions of records.

In the ever-evolving landscape of web applications, securing user data is paramount. One critical aspect is the storage of session data, which includes vital information like user email addresses, permissions, and error messages.

A session acts as a server-side storage solution that persists throughout a user’s interaction with the website or web application. However, with some of this data being classified as Personally Identifiable Information (PII) or Personal Health Information (PHI), ensuring its protection becomes a top priority.

If your company serves European customers, GDPR compliance is non-negotiable, irrespective of your location. GDPR emphasizes key principles, such as integrity and confidentiality, which require the implementation of appropriate security measures to safeguard personal data.

We wanted to simplify the way developers can use session data in a secure way. This is one of the reasons we built Databunker. Databunker provides a special API that enables developers to store session objects securely within an encrypted data store.

Our team has built Node.js modules and examples to simplify integration with Databunker built-in session storage API.

Pseudonymized identity

Additional resources:

  1. Temporary record identity
  2. Critical data segregation
  3. Secure session storage
  4. Data minimization
  5. Privacy portal for customers
  6. Privacy by design and by default

Critical data segregation is the practice of separating sensitive or critical data from other less sensitive data within a system or organization. The goal is to enhance security and minimize the risk of unauthorized access or compromise of the critical information.

Databunker provides a one-stop-shop solution to implement critical data segregation for your organization. Databunker can be used to store customer personal records in secure and compliant way.

  • Personally Identifiable Information (PII)
  • Personal Health Information (PHI)
  • Know Your Customer (KYC) records
  • Payment Card Industry (PCI) data

In today’s cybercriminal landscape, data breaches pose a significant threat.

Developers can rely on Databunker’s robust security measures, built with a strong emphasis on security by design and privacy by design principles. It effectively safeguards against SQL injections and unfiltered GraphQL requests, significantly reducing the risk of exposing sensitive records.

With Databunker’s user-friendly API, developers can easily store and retrieve encrypted user records, similar to working with a NoSQL database. In addition, Databunker creates a secure hash-based search index for quick user record lookup using email address, token id, phone number, or login name.

By default, Databunker takes a proactive approach to security by disabling the API call that allows dumping all user records at once. This crucial measure mitigates the potential for attackers to extract all sensitive data in a single attempt. It provides an additional layer of security to the system.

In case you built a web app on top of Databunker and you have an SQL injection - customer personal data remains safe within Databunker, isolated from the main database. This isolation prevents unauthorized access to sensitive information, safeguarding user privacy.

Pseudonymized identity

Additional resources:

  1. Temporary record identity
  2. Critical data segregation
  3. Secure session storage
  4. Data minimization
  5. Privacy portal for customers
  6. Privacy by design and by default

Security by design and privacy by design are important for software developers because they help mitigate risks, ensure legal compliance, build user trust, gain a competitive advantage, save costs, fulfill ethical responsibilities, and create adaptable and future-proof software solutions.

Databunker is a special encrypted vault for personal records. This tool can be a foundation for your organization security by design and privacy by design implementation.

By leveraging Databunker, developers can bolster data security, protect privacy, and demonstrate a commitment to safeguarding sensitive information, thus enhancing their overall security and privacy posture.

In case you built a web app on top of Databunker and you have an SQL injection - customer personal data remains safe within Databunker, isolated from the main database. This isolation prevents unauthorized access to sensitive information, safeguarding user privacy.

Pseudonymized identity

Additional resources:

  1. Temporary record identity
  2. Critical data segregation
  3. Secure session storage
  4. Data minimization
  5. Privacy portal for customers
  6. Privacy by design and by default

In the world of data management, capturing crucial events and changes on the database server is vital. However, without a well-defined process in place, essential data may slip through the cracks.

Databunker’s default auditing capability addresses the requirements of GDPR Article 15: Right of access by the data subject. By providing a detailed audit of events related to personal data, Databunker enables users to access their information while adhering to data privacy regulations.

In addition to regular log of audit events, Databunker provides a drill-down view. Users can examine specific changes made to their records, enhancing transparency and trust.

Pseudonymized identity

The world of cybersecurity follows the principle of least privilege, where user or application processes are granted minimal privileges to perform their tasks. Similarly, in GDPR compliance, we encounter a similar concept known as data minimization. This principle emphasizes the importance of keeping customer data to the bare minimum required to provide a service.

If your company serves European customers, GDPR compliance is non-negotiable, irrespective of your location.

Data minimization is a fundamental aspect of GDPR, aiming to protect user privacy and reduce unnecessary data exposure. Companies are obligated to retain only the essential information necessary for providing their services. This ensures that user data is not stored or processed beyond what’s required, promoting better data security and privacy practices.

Databunker offers automatic data minimization capabilities, allowing companies to effortlessly comply with GDPR’s requirements. Databunker allows you to create data retention policies that ensure that personal records of expired trial users or users who leave the service are removed when they are no longer needed.

By implementing automatic data minimization with Databunker, companies can bolster their data protection efforts. Reducing data exposure not only reduces the risk of data breaches but also enhances trust with customers. With the burden of data management lifted, organizations can focus on providing excellent services while staying GDPR compliant.

consent management

As an open-source solution, Databunker enjoys a vibrant and collaborative community of developers and security experts. With a growing number of contributors, many skilled individuals are actively reviewing the codebase, suggesting security fixes, and strengthening the platform’s resilience.

By embracing the collective expertise of the open-source community, Databunker enhances its security posture, making it an ideal choice for organizations seeking GDPR, HIPAA, SOC2, and ISO 27001 compliance. Leveraging the insights and contributions from a diverse range of experts, Databunker remains at the forefront of cutting-edge security practices, ensuring your data is protected against emerging threats.

The active engagement of the open-source community not only provides valuable security insights but also fosters continuous improvement and innovation in Databunker’s security features. As security challenges evolve, Databunker keeps pace, offering robust protection for your sensitive data and bolstering your compliance journey.

By harnessing the power of open-source Databunker, organizations gain access to a dynamic community of security-focused minds, instilling confidence that their data remains in the hands of a platform fortified by collaborative expertise and relentless dedication to data security.

Pseudonymized identity

Databunker comes with an optional user privacy portal. Databunker empowers customers to exercise their rights, maintain control over their personal data, and enhance their privacy experience with your organization. This user-centric approach fosters trust and strengthens the relationship between customers and businesses.

Databunker’s user privacy portal equips customers with essential capabilities, allowing them to:

  1. Access: Securely sign into their Databunker account to access and review personal data, viewing their account history through the account audit feature.

  2. Withdraw: Exercise the ability to withdraw previously given consents or agreements, giving them control over their data usage.

  3. Update: Easily modify personal data stored in Databunker, such as updating email addresses or making other necessary changes.

  4. Delete: Initiate a “forget-me” request through Databunker, prompting the removal of their account and associated personal data from your systems.

  5. Restrict: Effectively manage their privacy agreements by utilizing Databunker’s features to control and restrict data processing activities based on their preferences.

Pseudonymized identity