PII Data Protection Vault

Databunker is an open-source vault and API that ensures GDPR, HIPAA, ISO 27001, and SOC2 compliance. Protect sensitive user records against GraphQL and SQL injections without the need for expensive custom coding.

⭐⭐⭐⭐⭐ a perfect kyc backend

How it works Online demo

Databunker can accelerate your GDPR, SOC2, HIPAA, and ISO 27001 compliance:

1. Secure Data Storage:

  • Benefit: Databunker acts as a powerful encrypted vault specifically designed to protect sensitive records, including Personally Identifiable Information (PII), personal health information (PHI), and other critical data.
  • Compliance Impact: Databunker helps organizations meet the data protection requirements of GDPR, HIPAA, SOC2, and ISO 27001 by safeguarding sensitive data from unauthorized access or data breaches.

2. Access Controls:

  • Benefit: Databunker provides robust access control mechanisms that allow organizations to define and enforce permissions for accessing sensitive data.
  • Compliance Impact: Databunker aids compliance with GDPR, SOC2, HIPAA, and ISO 27001 by ensuring that only authorized individuals can access and handle sensitive data, reducing the risk of data exposure.

3. Audit Trails and Logging:

  • Benefit: Databunker offers audit trails and logging features to track and monitor access to sensitive data, providing a comprehensive record of data access and activities.
  • Compliance Impact: Databunker assists in meeting compliance requirements of GDPR, SOC2, HIPAA, and ISO 27001 by enabling transparency and accountability in data processing and facilitating investigations during security incidents.

4. Data Encryption:

  • Benefit: Databunker’s encryption measures protect data both at rest and in transit, ensuring the confidentiality and integrity of sensitive information.
  • Compliance Impact: Databunker aligns with GDPR, SOC2, HIPAA, and ISO 27001 requirements for encrypting data, mitigating the risk of unauthorized disclosure or tampering.

5. User-Centric Access:

  • Benefit: Databunker’s user interface allows individuals to access, review, and modify their personal data, empowering organizations to fulfill GDPR’s individual rights provisions.
  • Compliance Impact: Databunker enables compliance with GDPR’s requirements for providing individuals with control over their personal data, enhancing transparency and accountability.

6. Pseudonymization:

  • Benefit: Databunker employs pseudonymization techniques by generating random user tokens to replace direct user identities, enhancing privacy and complying with GDPR’s recommendation for pseudonymizing personal data.
  • Compliance Impact: Pseudonymization reduces the risk of directly associating personal data with an identified individual, reinforcing data protection and privacy principles.

7. Governance and Open-Source Community:

  • Benefit: As an open-source solution, Databunker benefits from the contributions and scrutiny of a wide community of developers, researchers, and security experts, leading to continuous improvements and security fixes.
  • Compliance Impact: Databunker’s open-source nature fosters transparency and accountability, aligning with various data compliance standards, such as ISO 27001, by promoting peer review and collaborative security measures.

8. Compliance Reporting:

  • Benefit: Databunker can assist in compliance reporting, such as generating reports or facilitating the collection of evidence, streamlining the process of demonstrating compliance with GDPR, SOC2, HIPAA, and ISO 27001 requirements.
  • Compliance Impact: Databunker’s reporting capabilities contribute to meeting the documentation and reporting requirements of various compliance standards, supporting organizations in their compliance efforts.

9. Data Segregation:

  • Benefit: Databunker allows organizations to segregate critical data from less sensitive data, enhancing security and minimizing the risk of unauthorized access.
  • Compliance Impact: Data segregation aligns with ISO 27001 and GDPR requirements for data protection and data security, reducing the likelihood of data breaches and unauthorized access.

10. Simplified Consent Management:

  • Benefit: Databunker’s consent management platform enables organizations to obtain, store, and manage user consent in a compliant manner.
  • Compliance Impact: Databunker assists in fulfilling GDPR’s consent requirements, ensuring organizations obtain explicit consent for data processing activities, promoting data privacy and transparency.

Pseudonymized identity

Databunker is a powerful encrypted vault specifically designed for developers to protect sensitive records. You can use it to store:

  • Personally Identifiable Information (PII)
  • Personal Health Information (PHI)
  • Know Your Customer (KYC) records
  • Payment Card Industry (PCI) data

In today’s cybercriminal landscape, data breaches pose a significant threat.

Developers can rely on Databunker’s robust security measures, built with a strong emphasis on security by design and privacy by design principles. It effectively safeguards against SQL injections and unfiltered GraphQL requests, significantly reducing the risk of exposing sensitive records.

The API is developer-friendly, so you can easily store and retrieve encrypted user records, just like working with a NoSQL database. In addition, Databunker creates a quick search index using hashed data, so you can quickly find user records based on email, token, phone number, or login name.

By default, Databunker takes a proactive approach to security by disabling the API call that allows dumping all user records at once. This crucial measure mitigates the potential for attackers to extract all sensitive data in a single attempt. It provides an additional layer of security to the system.

Pseudonymized identity

Additional resources:

  1. A perfect KYC backend for a crypto startup

By using Databunker, developers can benefit from a built-in tokenization service that securely encrypts and stores sensitive user records (PII/PHI/KYC/PCI records) while providing efficient search capabilities without compromising personal data privacy.

Tokenization is the process of transforms sensitive data into nonsensitive data called “tokens”, which can be used in databases or internal systems.

A common use-case of tokenization involves the tokenization of credit card numbers, where the original credit card number is replaced with a token that no longer holds identifiable information.

In traditional tokenization services, each individual value is tokenized separately. For instance, if you have a user’s email address, social security number, and credit card details, you would generate three separate tokens: one for the email, one for SSN, and one for the credit card.

Databunker digram

Databunker, however, takes a unique approach to tokenization. Rather than tokenizing individual values, it processes the entire user object as a JSON structure and generates a random user token in UUID format. This token is then sent back to the calling party, which can store it in the regular database or logs as a user identity. Using Databunker’s API, developers can easily retrieve or update user details using this token.

In the ever-evolving landscape of web applications, securing user data is paramount. One critical aspect is the storage of session data, which includes vital information like user email addresses, permissions, and error messages.

A session acts as a server-side storage solution that persists throughout a user’s interaction with the website or web application. However, with some of this data being classified as Personally Identifiable Information (PII) or Personal Health Information (PHI), ensuring its protection becomes a top priority.

If your company serves European customers, GDPR compliance is non-negotiable, irrespective of your location. GDPR emphasizes key principles, such as integrity and confidentiality, which require the implementation of appropriate security measures to safeguard personal data.

We wanted to simplify the way developers can use session data in a secure way. This is one of the reasons we built Databunker. Databunker provides a special API that enables developers to store session objects securely within an encrypted data store.

Our team has built Node.js modules and examples to simplify integration with Databunker built-in session storage API.

Pseudonymized identity

Additional resources:

  1. Temporary record identity
  2. Critical data segregation
  3. Secure session storage
  4. Data minimization
  5. Privacy portal for customers
  6. Privacy by design and by default

Critical data segregation is the practice of separating sensitive or critical data from other less sensitive data within a system or organization. The goal is to enhance security and minimize the risk of unauthorized access or compromise of the critical information.

Databunker provides a one-stop-shop solution to implement critical data segregation for your organization. Databunker can be used to store customer personal records in secure and compliant way.

  • Personally Identifiable Information (PII)
  • Personal Health Information (PHI)
  • Know Your Customer (KYC) records
  • Payment Card Industry (PCI) data

In today’s cybercriminal landscape, data breaches pose a significant threat.

Developers can rely on Databunker’s robust security measures, built with a strong emphasis on security by design and privacy by design principles. It effectively safeguards against SQL injections and unfiltered GraphQL requests, significantly reducing the risk of exposing sensitive records.

With Databunker’s user-friendly API, developers can easily store and retrieve encrypted user records, similar to working with a NoSQL database. In addition, Databunker creates a secure hash-based search index for quick user record lookup using email address, token id, phone number, or login name.

By default, Databunker takes a proactive approach to security by disabling the API call that allows dumping all user records at once. This crucial measure mitigates the potential for attackers to extract all sensitive data in a single attempt. It provides an additional layer of security to the system.

In case you built a web app on top of Databunker and you have an SQL injection - customer personal data remains safe within Databunker, isolated from the main database. This isolation prevents unauthorized access to sensitive information, safeguarding user privacy.

Pseudonymized identity

Additional resources:

  1. Temporary record identity
  2. Critical data segregation
  3. Secure session storage
  4. Data minimization
  5. Privacy portal for customers
  6. Privacy by design and by default

Security by design and privacy by design are important for software developers because they help mitigate risks, ensure legal compliance, build user trust, gain a competitive advantage, save costs, fulfill ethical responsibilities, and create adaptable and future-proof software solutions.

Databunker is a special encrypted vault for personal records. This tool can be a foundation for your organization security by design and privacy by design implementation.

By leveraging Databunker, developers can bolster data security, protect privacy, and demonstrate a commitment to safeguarding sensitive information, thus enhancing their overall security and privacy posture.

In case you built a web app on top of Databunker and you have an SQL injection - customer personal data remains safe within Databunker, isolated from the main database. This isolation prevents unauthorized access to sensitive information, safeguarding user privacy.

Pseudonymized identity

Additional resources:

  1. Temporary record identity
  2. Critical data segregation
  3. Secure session storage
  4. Data minimization
  5. Privacy portal for customers
  6. Privacy by design and by default

In the world of data management, capturing crucial events and changes on the database server is vital. However, without a well-defined process in place, essential data may slip through the cracks.

Databunker’s default auditing capability addresses the requirements of GDPR Article 15: Right of access by the data subject. By providing a detailed audit of events related to personal data, Databunker enables users to access their information while adhering to data privacy regulations.

In addition to regular log of audot events, Databunker provides a drill-down view. Users can examine specific changes made to their records, enhancing transparency and trust.

Pseudonymized identity

The world of cybersecurity follows the principle of least privilege, where user or application processes are granted minimal privileges to perform their tasks. Similarly, in GDPR compliance, we encounter a similar concept known as data minimization. This principle emphasizes the importance of keeping customer data to the bare minimum required to provide a service.

If your company serves European customers, GDPR compliance is non-negotiable, irrespective of your location.

Data minimization is a fundamental aspect of GDPR, aiming to protect user privacy and reduce unnecessary data exposure. Companies are obligated to retain only the essential information necessary for providing their services. This ensures that user data is not stored or processed beyond what’s required, promoting better data security and privacy practices.

Databunker offers automatic data minimization capabilities, allowing companies to effortlessly comply with GDPR’s requirements. Databunker allows you to create data retention policies that ensure that personal records of expired trial users or users who leave the service are removed when they are no longer needed.

By implementing automatic data minimization with Databunker, companies can bolster their data protection efforts. Reducing data exposure not only reduces the risk of data breaches but also enhances trust with customers. With the burden of data management lifted, organizations can focus on providing excellent services while staying GDPR compliant.

consent management

As an open-source solution, Databunker enjoys a vibrant and collaborative community of developers and security experts. With a growing number of contributors, many skilled individuals are actively reviewing the codebase, suggesting security fixes, and strengthening the platform’s resilience.

By embracing the collective expertise of the open-source community, Databunker enhances its security posture, making it an ideal choice for organizations seeking GDPR, HIPAA, SOC2, and ISO 27001 compliance. Leveraging the insights and contributions from a diverse range of experts, Databunker remains at the forefront of cutting-edge security practices, ensuring your data is protected against emerging threats.

The active engagement of the open-source community not only provides valuable security insights but also fosters continuous improvement and innovation in Databunker’s security features. As security challenges evolve, Databunker keeps pace, offering robust protection for your sensitive data and bolstering your compliance journey.

By harnessing the power of open-source Databunker, organizations gain access to a dynamic community of security-focused minds, instilling confidence that their data remains in the hands of a platform fortified by collaborative expertise and relentless dedication to data security.

Pseudonymized identity

Databunker comes with an optional user privacy portal. Databunker empowers customers to exercise their rights, maintain control over their personal data, and enhance their privacy experience with your organization. This user-centric approach fosters trust and strengthens the relationship between customers and businesses.

Databunker’s user privacy portal equips customers with essential capabilities, allowing them to:

  1. Access: Securely sign into their Databunker account to access and review personal data, viewing their account history through the account audit feature.

  2. Withdraw: Exercise the ability to withdraw previously given consents or agreements, giving them control over their data usage.

  3. Update: Easily modify personal data stored in Databunker, such as updating email addresses or making other necessary changes.

  4. Delete: Initiate a “forget-me” request through Databunker, prompting the removal of their account and associated personal data from your systems.

  5. Restrict: Effectively manage their privacy agreements by utilizing Databunker’s features to control and restrict data processing activities based on their preferences.

Pseudonymized identity

Databunker encrypts customer records

Encrypt customer records to follow best practices in compliance and security

Old style solution

Avatar

"Select *" will return data in clear text even if you use database encryption. The data is encrypted only on disk. In the case of SQL Injection, the attacker will copy all your private data.

Databunker solution

Avatar

"Select *" on backend SQL will return encrypted data. Personal data can be fetched only by using Databunker API after passing numerous security checks.

docker run -p 3000:3000 -d --rm --name dbunker securitybunker/databunker demo Unable to find image 'securitybunker/databunker:latest' locally latest: Pulling from securitybunker/databunker 1cb83b1b7b4e5bc0fd331f448e59ba3a69 curl -s http://localhost:3000/v1/user -X POST -H "X-Bunker-Token: DEMO" \ -H "Content-Type: application/json" \ -d '{"first":"John","last":"Doe","login":"john", "phone":"4444","email":"user@gmail.com"}' {"status":"ok","token":"31debb9e-64cf-616d-d8ae-c1b383c81e24"} curl -s -H "X-Bunker-Token: DEMO" -X GET http://localhost:3000/v1/user/email/user@gmail.com {"status":"ok","token":"31debb9e-64cf-616d-d8ae-c1b383c81e24", "data":{"email":"user@gmail.com","first":"John","last":"Doe","login":"john","phone":"4444"}}

Examples

1. Node.js example implementing passwordless login using Databunker: https://github.com/securitybunker/databunker-nodejs-passwordless-login

2. Node.js example with Passport.js, Magic.Link and Databunker: https://github.com/securitybunker/databunker-nodejs-example

3. Secure Session Storage for Node.js apps: https://databunker.org/use-case/secure-session-storage/


For developers, by developers

Documentation

Protect User Records with Managed Databunker!

Claim Your $1,000 Coupon Today for Ultimate Data Protection