Which Personal Identifiable Information (PII) are stored in the Piano systems?
This depends on the client's Piano ID configuration. Basic set of collected data is described here. If there are specific fields in custom fields which are collected, then these are stored as well.
How is this information / database encrypted?
All data is encrypted at rest. Moreover, all data is encrypted in transit.
How long is the PII stored (retention) in Piano after deletion request sent by Client?
Data is anonymised within 30 days of receiving the request for deletion. Moreover, there is an API method prepared for deletion requests, which our clients can use: https://docs.piano.io/api/?endpoint=post~2F~2Fpublisher~2Fgdpr~2Fdelete
What encryption methods are used to pass the data?
SSL and TLS 1.2 and higher.
What is your request intake process (e.g., web intake form or email)?
Email.
How do you perform access requests?
We provide the data controller with a password encrypted csv of the data.
What PI will be pulled from your systems (e.g., account profiles, activity logs, etc.)?
Account profiles, transaction data.
For updated security information, or if you have further questions, contact security@piano.io.