Skip to main content


Vault is designed for data privacy, and traceability is embedded. Traceability means specifying a reason—a "purpose" in privacy terminology—whenever data is accessed. That reason is recorded as part of the audit logs retained by Vault, enabling the reasons for all data changes to be traced later.

Moreover, the policy management engine uses the reason to control access to data.

Vault includes these built-in reasons:

  • AppFunctionality
  • Analytics
  • Notifications
  • Marketing
  • ThirdPartyMarketing
  • FraudPreventionSecurityAndCompliance
  • AccountManagement
  • Maintenance
  • DataSubjectRequest
  • Other, used when an ad-hoc reason is specified.

For example, this Get an object CLI call uses the FraudPreventionSecurityAndCompliance reason to record the request for all of an object's details:

pvault object get \
--collection=customers \
--id=b86718a3-f4a7-4e40-bb59-681f22b62649 \
--all-unsafe \