Frequently Asked Questions

With such a unique and revolutionary way to solve such a massive, and global, problem, we get a lot of the same questions asked of us. Check out the list below to see if your questions are there. If not, feel free to reach out and ask us directly.

Contact Support

General PII Questions

What is personally identifiable information (PII)?

PII is any information that permits the identity of an individual to be directly or indirectly determined or inferred, including any information that is linked or linkable to that individual. Examples of common PII are names, addresses, birthdates, etc.

Which policies protect PII?

The best policies are those which take the responsibility of managing and storing PII very seriously. There are countless solutions out there but we classify most of them as either ‘Fences’ or ‘Guard dogs’. The ‘fences’ are designed to keep everyone out and the ‘guard dogs’ job is the sniff and growl at everyone so nobody does anything they shouldn’t.

PII Vault takes the approach of removing the PII so that if anyone does get in, or you need to share your data outside of our fence that there is no identifying information to be lost or stolen.

Does anything happen when corporations lose personally identifiable information?

Yes, lots. Just check out what happened to Target and Equifax who are just two of the better-known examples of companies whose data was (very publicly) hacked and lost.

What is the potential cost of exposure of PII?

There are many potential consequences of exposing the PII under your responsibility. Included in this list are loss of reputation, loss of customer trust and the cancellation of partnerships. Additionally, the potential monetary costs cannot be under-emphasized. According to a 2020 study by IBM and Ponemon the average cost of exposure per record of data, with PII, is $150. However, that cost jumps to over $450 per record if the data includes financial or healthcare related information. If that is not scary enough, if data on the residents of the European Union are exposed then costs can go to 3% of an organizations GLOBAL revenue.

BTW, PII Vault can ensure none of this ever happens for pennies per record.

What is the best protection method for sharing personally identifiable information?

People have been arguing over this question since before it became a problem. At Anonomatic we believe the best way is to not share it but to use PII Vault instead. By using PII Vault you get all the benefits of sharing PII but none of the risks.

We have our own definition of what data is private or identifying. How can you help?

PII Vault was made for situations like this. We know every organization’s needs are different so our model allows you to anonymize anything. People, IP addresses, physical addresses, you name it.

General Product Questions

Where can the PII Vault data privacy system be used?

The PII Vault can be used in any vertical, including financial services, healthcare, retail, media & entertainment, and utilities. We have found that many analytics efforts are stymied, or even prevented, because of the concerns or overhead associated with the sharing of PII. When the risk associated with sharing PII is removed, not only can more projects be green-lighted, but the overhead costs dramatically decrease.

What if there are only two sources of data with PII, do we still need you?

Yes. It’s not how many sources of data you have; it’s whether you need to protect your fact data from risk of exposure and identification in order to use it.

How do I use the PII Vault without having to send you our PII?

One thing we realized immediately is that no one wants to take the risks inherent with sending their PII anywhere. That is why the PII Vault can be deployed anywhere you need it; your private or hybrid cloud, your own public cloud, on-premises, or even hosted by a trusted and neutral third – party. You can get the full benefits of everything the PII Vault does without having the risk of sending your data anywhere you don’t want it to go.

There are a lot of solutions out there, what makes Anonomatic different?

Have you seen us dance? People often call us ‘different’ when they see that. But seriously, most companies have a ‘we do it all’ approach. Their products tend to be large, complex and expensive. They require extensive setup, training and constant management. PII Vault was designed to be completely different. It can be setup and operational in minutes. With no screens, report or other user access to data we are the ultimate in PII protection.

We do business in the EU. Those rules are a nightmare! How can you help?

Complying with GDPR is much more complex than a simple FAQ answer. However, we are helping multiple organizations satisfy their GDPR obligations for a fraction of the cost they would otherwise incur. Let’s talk and see what we can do for you.

Account Questions

Do I need to set up an account with you?

Yes. We do collect just enough information to support your use of our products and for billing.

How do I change and check my account details?

Use the Log In option on our website. Provide your credentials and review your details there.

I’ve forgotten my password.

You can always reset your password on the Log In page.

My account has been suspended.

Please contact Anonomatic Support if there are any problems with your account. It is why we are here.

Purchasing Questions

What payment methods do you accept?

Anonomatic uses Stripe for online payment processing and they take pretty much everything. For enterprise accounts quarterly billing is available.

Any discounts?

Anonomatic does offer multi-unit discounts. If you have more than five(5) instances of the PII Vault please contact Sales via sales@anonomatic.com.

How do you price?

We price our service based on the amount of unique profiles, or records, we secure and anonymize. The cost per profile goes down with each successively higher tier. There is even a discount for an annual plan. You only pay for ten months per year.

Can I run the PII Vault in my own datacenter or cluster?

Absolutely! We know your PII is one of your most sensitive collections of data. So we provide all our capabilities as a ‘Black Box’, stand-alone Docker Container. This means you can run it wherever you like. In your public cloud or your private / hybrid cloud.

Data Security Questions

How do I anonymize data?

There are many answers to this question. Most of them depend on what it is that you plan to do with the data once it is anonymized.

Luckily for you, there is one solution which works regardless of where and how the data will be used. With the PII Vault, we are your segregated PII storage solution. When your PII is in the PII Vault, you have full use of your data with none of the risk or overhead of storing the PII with it.

How does the Anonomatic PII vault system secure my data?

Many standard techniques can secure data both at rest and in motion. At Anonomatic we use every method that makes sense. However, we do even more. Almost every software system has multiple access points to the data. There are reports, exports, front-ends, vendor portals, etc. In PII Vault, there is only one way for data to get in and one way for it to get out. We have no reports running against your data, nor are there any front-ends, graphical or other interfaces. Having a single entry point drastically reduces risks. Beyond that, we encrypt your data three different ways with three different technologies. The entire database is encrypted with AES-256 encryption, which you probably expected. However, we also encrypt every row with our patent-pending Data Sundering technology and encrypt individual column values with arithmetic encoding.

What is Data Sundering?

Data Sundering is a technology we developed that was designed to provide all of the benefits of encryption but that also allows “fuzzy” matching. Most importantly, it keeps your data secure at rest in such a way that even we can’t read it until we’re sent your half of the Sunder Key.

What if someone were to hack into the PII Vault system and my organizations system? Can the hacker recombine the data?

The short answer to that question is no. The longer answer is that with Poly-Anonymization, the values of the keys we keep in our own database are different from the values we distribute. Therefore, there is no common value that would allow any bad actor or intruder to combine this data.

What industry security controls and practices does Anonomatic follow?

Anonomatic has already implemented its own security architecture starting with industry best practices, and then beyond that with our own custom technology. We also continuously work to achieve higher standards such as SANS Top 20 Controls for Internet Security, Consensus Audit Guidelines, NIST guidelines and Internet standards.

Anonomatic also retains a security firm to identify application or network-level security issues that could adversely affect the integrity of PII Vault on a regular basis.

Data Storage / Access Questions

Who will have direct access to my organization’s data?

When your data is stored in the PII Vault, the short answer is no one has direct access to it. The PII Vault is a collection of APIs which perform limited number of pre-defined functions on your data. There is no interface for anyone to get in and look at, manipulate or export this data. Only someone using the API, with the appropriate access keys is able to use the PII Vault at all.

What happens to the PII once my organization sends it to the PII Vault system?

The data you send to the PII Vault is stored there for use but only to perform one of the functions of PII Vault such as Poly-Anonymization, Anonymous Data Matching, Poly-Pseudonyms or PII Redaction. There are no other uses for your data other than those provided by the PII Vault API. This means there are no forms or windows to access the data, no reports, no analytics, nothing.

How does my organization decide what data to send to the PII Vault system?

There are lots of different sources out there to help you determine what data should be considered PII and what is not. Some things such as people’s names, driver’s license numbers
and birthdates are easy to pick out as PII. Others are not so clear. The final choice is up to you, but you should also be careful about not only directly identifying data but also re-identifying
data. Also, if you’re in a regulated industry such as the medical field, there are published regulations that dictate what is PII. Always follow those rules.

You collect a lot of data. Do you monetize it.

Absolutely not. The data we collect, store and protect doesn’t belong to us; we are simply its stewards. We don’t leverage your data in any way for our benefit; in fact, we can’t even read it unless you’re asking us to act on it.

How do we clean out old data from the PII Vault?

There are two main ways to remove data from the PII Vault. The first is all of the data can be easily purged with one authorized call to our service. On the other hand, if you want to remove a single account, you can do that too.

We need to implement the Right to be Forgotten. Can you do that?

Absolutely. We have a pre-defined API call specifically for this purpose.

Sharing Data Questions

Our organization wants to collect data with PII from other organizations, but they are reluctant to share it. Can you help?

Yes! When you incorporate PII Vault in your data collection, you can sidestep most, if not all, of the collecting, securing and sharing issues surrounding the collection of PII. This is because when you use PII Vault, our unique solution allows you to never receive any PII.

We are being asked to share our data, with PII, to another organization, but are afraid of the risk and liability. How can Anonomatic help?

Sharing PII is like hitchhiking: a risk-taker is sharing data with a risk-taker. Our advice: Don’t get in that car. Instead, PII Vault allows you to share your fact data with complete anonymity. Wave that risky car away and grab a ride on the PII Vault bus instead.

There Are A Lot Of Organizations Who Will Need To Send Data. What Now?

There is no limit to how many accounts (data sources) one of our subscribers (data processors) can have. If you have specific questions or think your situation is unique, please reach out to us. We are here to help.

I have custom needs for matching profiles. How can I use my proprietary rules with the PII Vault?

Just let us know what you need. We can work with you to create a custom matching algorithm.

Anonymization / Data Privacy Technology Questions

Do you use hashing?

Like most technologies, hashing has its uses. At Anonomatic, we believe it also had its time as the best solution out there but that time is now over. Poly-Anonyimization has more benefits of hashing and none of the downsides.

How are you better than Differential Privacy?

Quite simply, differential privacy is the process of injecting noise into your data so that anyone who accesses it will not be able to separate the noise from the actual data. There are use cases where this makes sense. However, there are many more use cases, like when you are going to be performing calculations on the data and need accurate numbers where differential privacy just doesn’t work very well. With PII Vault there is no abstraction, dilution or pollution of the data so your results will be 100% accurate.

How does Poly-Anonymization work?

Poly-Anonymization works by placing one obstacle after another in the way of anyone attempting to trace one record back to another. We keep one anonymized value in our database (internal), and then we calculate an external value that is distributed. We never, ever store the external value, so hackers can’t find it. Additionally, the calculation of the external values is dynamic, so even if someone were to find out both values for one record, there is no guarantee they could do it for any other record.

How much data can the PII Vault effectively manage?

We don’t think there is a limit. First off, even if the data source providing us the PII has hundreds of billions of records, we are only storing unique PII so that will be only a fraction of the source data in both rows and columns.

What about performance?

Like any other software vendor, we are constantly working on improving our performance. As of June 2021, we can currently process over 2,000 new, unique profiles every second. Whatever your performance needs, we believe PII Vault will be part of your solution, not your problem.

Is PII Vault data encrypted?

Is it ever! We actually use three levels of encryption. We encrypt the entire database with AES-256 encryption. Not satisfied with that, we also encrypt every data row with our patent-pending Data Sundering. To finish it off, we do cell-level encryption using Arithmetic Coding with a 1024-bit key. Yeah, we think your data is safe in the PII Vault.

What about access to the data? Who has access?

That’s an easy question. The answer is, other than through the use of the API with the appropriate access keys, no one has access to the data in the PII Vault. The PII Vault is installed in our ‘black-box Docker container’ so it is already protected by your own infrastructure keeping all external parties, including Anonomatic, out. Additionally, there is absolutely no other access to the data other than through our API. There are no screens, forms, reports, or analytics. Anyone trying to access the PII Vault through database access will need all of your access keys, plus all of ours, plus other details we only talk about under the Cone of Silence.

API Questions

How do I access the PII Vault API?

When an account is created, the data source provider will receive an email with the credentials they need to access the web service. In addition, Anonomatic has documentation specific to how to use the API. We also created an application you can download from Git to demonstrate how you can try out our solution.

How are the API Calls Secured?

We use HTTPS for all our API endpoints. Using your own signed certificates to encrypt the calls is a simple process.