Built for regulated data — and architected to hold the least of it.
MyVaultMate finds unprotected PII without becoming a new place that PII piles up. Here's exactly how your data is handled.
Metadata only — by design
For every finding we store the PII type, severity, file location, the compliance frameworks it implicates, and at most a short redacted sample such as ***-**-1234 (capped at 64 characters). There is no field anywhere in the platform that holds a raw PII value. Your files never leave your machines — the agent submits findings, not files.
Encrypted in transit
All traffic is served over TLS with HTTP Strict Transport Security (one-year max-age, includeSubDomains, preload), automatic HTTPS redirection, secure-only session and CSRF cookies, and content-type-sniffing protection.
Agent authentication
Each device authenticates with an organization-scoped API token, sent as a bearer credential. Tokens are shown once at creation and stored only as a SHA-256 hash, are individually revocable, are rate-limited per token, and are never tied to a user's password. Revoke a token and that device stops in its tracks.
Payments via Stripe
All billing runs through Stripe. We never receive or store card data — only the amount, status, and a link to Stripe's hosted invoice.
You control the scope
Administrators set the scan schedule and the exact paths the agent covers, and manage devices and tokens from the dashboard. Nothing scans until you say so, and you can pull a device's access at any time.
Business Associate Agreement
A signed BAA is available for covered entities and their business associates. Review our standard BAA or talk to sales to put one in place.
Compliance & roadmap
We're a veteran-owned team building toward the formal attestations regulated buyers expect. If your due-diligence process needs details on data residency, encryption at rest, sub-processors, or the agent's read-only operating guarantees, we'll walk you through where we stand today.