Skip to content

Privacy-Preserving Architecture

We tokenize customer PII before persistence and encrypt it with per-tenant KMS keys. Built for security-first teams that need credibility with customers and auditors.

Your customer data is tokenized before storage

We never see PII — emails, phone numbers, and sensitive fields are encrypted at ingestion

Tokenize before persistenceEncrypted with per-tenant KMS keysAudit & control

Tokenize Before Persistence

Sensitive fields are transformed before storage. Inputs like email and phone never land as plaintext.

Encrypted PII at Rest

Customer PII is tokenized via Cloud DLP, encrypted with per-tenant KMS keys. Your team accesses real values via authorized client-side detokenization.

Audit & Control

Logs for key actions, BYOK and regional residency. Least-privilege access across services.

Data Protection

  • Tokenize before persistence — emails, phones, IDs, cards via Cloud DLP
  • AES-256 encryption at rest with per-tenant KMS keys, TLS 1.3 in transit
  • Client-side de-tokenization for authorized users only
  • Automated data retention policies and right to deletion via crypto-shredding

Compliance & Standards

  • SOC 2 Type II audit in progress
  • GDPR and CCPA compliant data handling
  • Annual penetration testing and security audits
  • 99.9% uptime target
  • Public subprocessor list with 30-day change notice (Subprocessors)

Infrastructure Security

Zero-Trust Network

All services authenticated and authorized at every layer

DDoS Protection

Cloudflare Enterprise protection with WAF rules

Audit Logging

Immutable logs with 90-day retention standard

Access Control & Authentication

  • Single Sign-On (SSO) via SAML 2.0 included on all plans
  • Role-based access control with custom permission sets
  • Multi-factor authentication (MFA) required for admin accounts
  • API keys with granular scopes and automatic rotation
  • Session management with configurable timeout policies

Enterprise Security Options

Available on Custom plans

BYOK

Bring your own encryption keys

Data Residency

Choose your data location

Private Deploy

VPC or on-premise options

Custom SLA

99.95%+ uptime guarantee

Responsible Disclosure

Report potential vulnerabilities to security@granminerva.com. See security.txt for details.

Ready to see our security in action?

Get early access and start protecting revenue with 100MB free.

Get Early AccessPrivacy policy
Gran Minerva | Revenue Protection and Intelligence