Secure Vault for Customer Personal Records in Under 10 Minutes

Databunker is an open-source vault for secure storage of PII, PHI, KYC, and PCI records. Protect user records from SQL and GraphQL injections with a simple API. Streamline GDPR, HIPAA, ISO 27001, and SOC2 compliance.

Live demo  Learn more 

docker run -p 3000:3000 -d securitybunker/databunker demo
# save user records
curl -s http://localhost:3000/v1/user -X POST -H "X-Bunker-Token: DEMO" -H "Content-Type: application/json" \
-d '{"first":"John","last":"Doe","login":"john","email":"user@gmail.com"}'
# user lookup by login, email, phone, or token
curl -s -H "X-Bunker-Token: DEMO" -X GET http://localhost:3000/v1/user/login/john

How to implement log retention policy without breaking GDPR compliance

When it comes to handling Personal Identifiable Information (PII), identifying strong and weak user identifiers becomes essential. Strong identifiers include usernames or email addresses, while weak identifiers consist of IP addresses, browser user agents, cookies, or session IDs. Combining weak identifiers can create a strong user identifier, raising privacy concerns.

If your company serves European customers, GDPR compliance is non-negotiable, irrespective of your location.

Saving log events must be done carefully to ensure GDPR compliance. Simply storing customer IP addresses, browser user agents, or cookie IDs in web server or cloud logs may render your system non-compliant unless specific measures are taken.

You can take several steps to make your logging GDPR compliant:

  1. Use Short Log Retention Policy: Implement an automatic log retention policy, removing log events older than a few weeks or up to one month, minimizing data storage and privacy risks.
  2. Encrypt Strong and Weak Identifiers: Before saving any personal records in logs, ensure all strong and weak identifiers are encrypted, protecting sensitive information.
  3. Use Databunker Session Tokens: Databunker offers a unique session token to be saved in server log files. This special token allows you to access session information without an additional password for a limited time, typically up to one month.

Unlocking the Power of Databunker Session Token:

Databunker presents a specialized session token designed to enhance your logging practices. With Databunker’s additional API, access session information is made convenient and secure without the need for an extra password, maintaining privacy standards.

Additional info

For an in-depth review of different methods to make your logs GDPR compliant take a look at the following article:



Introducing a Free Takeaway 🚀

Databunker is a free, open-source project available under the commercially friendly MIT license.

- Check out the getting started guide

- Review the installation guide

- View the source code

🚀 Databunker:

Secure Vault for User PII Data

(Open source / MIT license)

- Check out the getting started guide

- View the source code

🤝 Get 1-to-1 advice and guidance from an expert

Do you have any specific data protection, privacy or security challenges you'd like an expert to help with?

Book a call now for in-depth discussion.

Book a call

Premium Support for Databunker

Learn more