Skip to main content

Security policy


Piiano has a SOC2 certification and the Vault has a PCI certification.

Our approach to security

We work hard to ensure the security of our products. We follow an SDLC (secure development life cycle) process in our R&D. The steps we take to ensure product security include penetration tests, automated scans, and internal and external reviews of the code, secure design, and architecture. However, vulnerabilities may still be discovered in Vault or one of its dependencies.

Vulnerabilities reporting and fixing

If you discover a vulnerability in Vault, please inform us at We make small awards, at our discretion, for correct and legitimate reports.

We fix vulnerabilities discovered in any dependencies as part of the regular release cycle. All dependencies are updated and checked for vulnerabilities during a release using automated tools. If a critical vulnerability is found, we will issue an urgent update for Vault to fix the vulnerability and inform all users when necessary.