GDPR compliance in a box

GDPR compliance in a box

TrueVault is a plug and play solution that fits seamlessly into any infrasturcture. When you externalize your PII with TrueVault, you instantly become compliant with GDPR data handling regulations.

Fastest way to compliance

Fastest way to compliance

Trying to determine how to handle PII according to GDPR requirements is time consuming. Use TrueVault-provided components and your data is GDPR ready.

Scalability + Insurance

Scalability + Insurance

TrueVault’s pricing model is designed to scale with your business. For additional peace of mind, all data stored in TrueVault is covered under our Cyber Liability/Breach Insurance.

TrueVault Is A Turnkey GDPR Solution

TrueVault provides everything your team needs to ensure you’re GDPR compliant. Our solution will make your product, database, and data warehouses GDPR compliance so you can focus on product, not compliance.

What is GDPR?

The General Data Protection Regulation (GDPR) sets the global standard for protecting information. It was implemented with the intention of preventing data misuse and abuse by companies.

Right to be forgotten

The right to erasure or right to be forgotten grants data subjects the right to have their personal data deleted if they don’t want them processed anymore and when there is no legitimate reason for a data controller to keep it.

Right to be informed

Individuals have the right to be informed about the collection and use of their personal data. This includes your purposes for processing their personal data, your retention periods for that personal data, and who it will be shared with.

Data Portability

Data subjects have a right to receive personal data which concern them and which they have provided to a controller organization in a structured, commonly used and machine-readable format. This way, data can be reasonably transferred to other organizations


Data subjects have a right to receive personal data which concern them and which they have provided to a controller organization in a structured, commonly used and machine-readable format. This way, data can be reasonably transferred to other organizations.

Achieve higher security standards with Advanced Security

TrueVault Compliance Advanced Security includes additional security features to meet your higher security standards. Your users and their data will be protected from a wide range of attacks including social engineering and ransomware attacks. These features are not only necessary in today's cybersecurity climate, they may also be mandated by many Covered Entities.

User MFA

User MFA

Safeguard your users from phishing and other social engineering attacks by enabling Multi-Factor Authentication. Even if a user’s password is guessed or stolen, your data is protected behind a second layer of authentication.

Immutable Document Versioning

Immutable Document Versioning

Protect yourself from ransomware attacks and accidental loss by keeping a tamper-proof secondary copy of each version of your data. No matter what happens, you can always restore records to previous versions quickly, without the loss-windows that come with periodic backups.

Password Policy

Password Policy

Comply with organization security rules by requiring strong passwords. TrueVault lets you customize your password requirements so you can be flexible in the face of partner requirements and security assessments.


How is TrueVault Different?

TrueVault is the only product that allows you to comply with personal data regulations without overhauling your entire application and migrating your infrastructure. This makes TrueVault the easiest way to become compliant with data privacy laws, but being compliant isn’t enough to prevent breaches. TrueVault goes further by offering to provide earnest, systemic security that will help you keep your data secure and private. At TrueVault, protecting PII is our priority and our passion. We’ll make you compliant with personal data regulations quickly, and we’ll keep your data secure as your business grows.

Can I write custom code in TrueVault?

TrueVault is designed to complement your existing infrastructure, so you don’t need to write code in TrueVault. By following the de-identification path to compliance, you can write your application in any technology stack you like and run it anywhere you like. As long as you deidentify the data you process on your servers, and store the identifying information securely in TrueVault, you can run your code anywhere you like. Your developers will love the flexibility of using the right tool for the job, and you’ll benefit from better performance at a lower cost.

Will you help me in a security assessment?

Absolutely. One of the advantages of using TrueVault is our platform makes it easy to satisfy security assessments, and our team’s experience helps ensure a smooth approval. Over the years we’ve helped customers through countless third party security assessments. Most assessments follow a common pattern, so we’ve built up a suite of documentation to help auditors and partners easily understand the security advantages of TrueVault. When we run into new questions, we’re happy to help you find the right answers.

Do I have to port my code to run on TrueVault?

Nope! If you have an existing application that you want to make compliant using TrueVault, you can continue running your existing code the way you do today with small tweaks here and there to de-identify your data. If you store all the identifying information securely in TrueVault, then the de-identified data set can be stored and processed anywhere, with no obligation to adhere to the safeguards mandated by HIPAA, GDPR, or any other data privacy regulation.

Why is it better to use TrueVault than compliant-hosting?

Compliant hosting offerings are only able to solve a very narrow slice of Compliance: the physical safeguards. Your hosting provider sees your application as a black box, so they can’t help you build authentication securely, enforce access control, or even keep a complete Audit Log. TrueVault does all of these things out of the box. In addition to our compliant and secure data store, we also handle user authentication and access control, comprehensive and tamper-proof audit logging, as well as protection from advanced threats like ransomware. TrueVault is simultaneously more comprehensive, and more flexible. Because our API is modular, you can pick and choose how deep your integration with TrueVault is and how much of the compliance burden you offload. In some cases, we serve as the only backend for web and mobile applications. In others, we manage users’ identity and their access to sensitive data, but nothing else. Your team can decide how to get the most out of TrueVault, and our onboarding and support teams are here to ensure your integration is tailor fit to your needs.

How much work is it to switch to TrueVault?

If you have an existing application that you want to make compliant using TrueVault, you may be surprised how quick and easy the process is. By following the de-identification path to compliance, you can leave the vast majority of your application untouched. Start using TrueVault to store identifying information, such as names and phone numbers, and leave your non-identifying information as it is. You will need to edit your application source to make this change, but many customers find that it can be done in a matter of days. Of course, this depends on your specific use case. To learn more about what it takes, schedule a free whiteboarding session with the TrueVault team to talk about your specific application.

Did we miss your question?

Send us your question, or ask it on StackOverflow (tag it with 'truevault')