Hierarchy
Piiano Vault is implemented by the Vault Server. Within Vault Server, data is stored and organized in vaults. A vault then contains collections of objects of sensitive data that share a common data schema. This page describes these architectural components.
Vault Server
Vault Server is the software that implements Piiano Vault. You can deploy one or many Vault Servers. For example, you can use multiple Vault Servers when managing personal data by geographical region.
Vault Server is a multi-tenant system where each vault can be assigned to a client.
Several editions of Vault Server are available to cover use cases such as development and testing and high throughput production sites.
Vaults
A vault is a logical and isolated container for personal information. Optionally, it can be assigned to a tenant.
Vault supports one vault within the server. The Vault roadmap includes the ability to create many vaults in a Vault Server.
For example, you may run separate e-commerce and loan applications. Different privacy statements and legal agreements govern each application, and they have separate sets of customers, partners, and personal information. In this case, each application can use a different vault as a separate tenant.
Collections
A collection is a container for objects holding personal data that conforms to a common data schema. Collections are defined from a list of schema prototypes for persons, payment information, or any other sensitive data.
Vault supports PERSONS
and DATA
schema prototypes for personally identifiable information.
For example, you can create two collections for your e-commerce application, one to store personal information about partners and another to store personal information about your partners' customers.
Objects
An object holds values specified by the properties in the collection's schema. Each property is defined with a semantic personal data type that provides a validator and can support transformations that desensitized personal information with masks.