Back to Home
SOC 2 Type II Certified

Security at PiyAPI

Your data security is our top priority. We implement industry-leading practices to protect your information.

Encryption at Rest

All data is encrypted using AES-256 encryption with customer-managed keys available for enterprise.

Encryption in Transit

TLS 1.3 for all API communications. Certificate pinning available for mobile SDKs.

PHI Detection

Automatic detection and redaction of Protected Health Information for HIPAA compliance.

Zero-Knowledge Option

Bring your own encryption keys. Data encrypted before leaving your infrastructure.

Compliance & Certifications

Certified

SOC 2 Type II

Annual audit by independent assessor

Ready

HIPAA

BAA available for healthcare customers

Compliant

GDPR

EU data residency and SCCs available

In Progress

ISO 27001

Expected Q2 2026

Security Practices

Regular penetration testing by third-party security firms
Bug bounty program for responsible disclosure
Employee security training and background checks
Principle of least privilege for all access
Audit logging with immutable storage
Incident response team with 24/7 monitoring
Automated vulnerability scanning in CI/CD
Disaster recovery with geo-redundant backups

Found a vulnerability?

We appreciate responsible disclosure. Report security issues to our team.

Report Security Issue

Related Resources

Privacy PolicyTerms of ServiceData Processing AgreementCompliance Dashboard