NachoNacho Taps Skyflow to Help Put Privacy First

NachoNacho is building the world's first and largest true B2B marketplace for SaaS subscriptions. In this post, we’ll look at why they chose Skyflow to protect sensitive customer data and help inspire customer trust.

Read More
with the contribution of

July 28, 2022

Accelerate Innovation with a Privacy by Design Approach

By building your products with privacy by design principles, you can accelerate your time to market while retaining customer trust and protecting the privacy of sensitive data.

Read More

July 26, 2022

Securely Send Checks with Skyflow APIs

Skyflow’s new prebuilt connection with PostGrid lets you send checks to customers, companies, and organizations without having sensitive customer PII and automated clearinghouse (ACH) data touch your backend systems.

Read More

July 20, 2022

Does Hashing Sensitive Customer Data Protect Privacy?

Hashing is common practice when storing customer passwords and is a natural place for engineers to start when faced with the challenge of protecting their customer’s sensitive personal data. However, hashing has many limitations when it comes to protecting PII and is far from a complete data privacy solution.

Read More

July 12, 2022

Encryption Key Management and its Role in Modern Data Privacy

When managing your company’s most sensitive data, encryption is a must. To fit your overall data protection strategy, you need a wide range of options for managing your encryption keys so you can generate, store, and rotate them as needed.

Read More

June 27, 2022

A Brief History of Data Privacy, and What Lies Ahead

There are very few concepts that have undergone such rapid transformation, both in terms of how it’s understood and the level of public awareness, as data privacy. Although the concept is not new, the meteoric growth of personal data collection over the last two decades has completely altered how people, companies, and governments look at privacy. 

Read More

June 23, 2022

What is a Data Privacy Vault?

A data privacy vault is a technology that isolates, secures, and tightly controls access to manage, monitor, and use sensitive data. In this post, I’ll provide a deep dive into how a data privacy vault helps you to ensure the privacy of sensitive data without sacrificing data utility. 

Read More

June 14, 2022

How to De-identify and Secure PII in Snowflake

If you’re aggregating data from multiple sources into a Snowflake data warehouse, despite your best efforts, you’re likely to end up with sensitive PII in data workloads. In this post, I explain how to use Snowflake’s External Functions with Skyflow’s Data Privacy Vault to de-risk and de-scope data privacy, security, and compliance from your data application infrastructure, so you can leverage the power of Snowflake while protecting PII.

Read More

June 2, 2022

Demystifying Tokenization: What Every Engineer Should Know

If you’re storing sensitive user data, you’re right to be concerned about the potential for compliance and security risks. One method to secure sensitive data is tokenization. In this post, we break down what every engineer should know about tokenization – what it is, how and when to use it, the use cases it enables, and more.

Read More

May 17, 2022

Skyflow Partners with MuleSoft to Enable API-based Data Privacy, Security, and Compliance across Mulesoft Gateway Integrations

Today we announced the release of a new MuleSoft Certified Connector for Skyflow on MuleSoft’s Anypoint Exchange and joined the MuleSoft Technology Partner Program. With this connector, MuleSoft customers can leverage Skyflow to ensure data privacy, security, and compliance as they integrate PII data flows with MuleSoft.

Read More

May 4, 2022

How to Keep Sensitive Data Out of Your Logs: Nine Best Practices

Millions of people have been impacted by the exposure of their sensitive data because it can often be found in companies’ log files and database backups. Read on to learn the best practices for keeping sensitive data out of your logs.

Read More

April 29, 2022

Handle with Care: Why You Should Isolate and Protect PII

Businesses run on data and they’re collecting more and more all the time. But not all data is equally important. Some data, like sensitive user data, requires better protection than others. Some data is special.

Read More

April 27, 2022

Application Data Privacy is Evolving — Are You Evolving With It?

Skyflow recently partnered with DarkReading Research to learn how developers view and interact with current data security challenges.

Read More

April 21, 2022

Skyflow Partners with Plaid to Help Developers Build Fast and Protect Financial Data Privacy

Today we announced our new partnership with Plaid to help developers protect sensitive data and build financial data privacy into their applications.

Read More

April 12, 2022

The State of Data Privacy: My Interview with ISMG

Data privacy, security, and compliance are no longer only the concern of the security team. Because every person at your company interacts with sensitive data, security has become an “everyone problem”. I recently spoke with Tom Field of ISMG about this shift in priorities. 

Read More

April 7, 2022

Effective Privacy is Always Proactive

As Skyflow’s Chief Privacy Officer, I’m excited to help drive a “shift left” in proactive data privacy, making privacy by design easier than ever for companies of all sizes.

Read More

April 6, 2022

Why We’re Continuing to Invest in the Developer Experience

We love developers and want them to love using Skyflow. That’s why we’re continually looking for ways to incorporate your feedback and reduce friction across our products. In this post, we highlight a few recent improvements, including our new Skyflow Docs site and our intuitive policy expression language.

Read More

March 30, 2022

Our Take on the Okta Security Incident

While the recent Okta security incident did not impact Skyflow or our users, it does present a great opportunity to share our thoughts – and a few reminders – about security practices. 

Read More

March 14, 2022

Skyflow Data Types: Where Data Privacy Meets Usability

Many workflows only require partial information. You might only need a phone number’s area code or the year from a date of birth to verify a customer’s location or age. But creating a service that can run privacy preserving computation on data that’s only partially decrypted is highly complex. That's why we created over 50 different data types native to the Skyflow Data Privacy Vault: so you can easily make sensitive data safe and useful while preserving privacy.

Read More

March 2, 2022

How to Securely Store Social Security Numbers

Do you meed to store sensitive data like a social security number? In this post, we’ll go over your options for storing this kind of sensitive data, the pros and cons of each approach, and all the requirements and features you should be aware of before tackling this problem.

Read More

February 28, 2022

Skyflow Achieves PCI Level 1 Service Provider Certification

This certification demonstrates Skyflow’s continued investment in rigorous controls and processes, following our recent completion of SOC 2 Type 1 compliance certification.

Read More

February 22, 2022

Are You Protecting Your Customers’ ACH Banking Data? Here’s Why You Should

If you process transactions using PCI data and ACH banking data, you might have noticed that the regulations around PCI data management are stringent but equivalent regulations for ACH data are nearly non-existent. In this post, we’ll explain why you should still take extensive measures to protect ACH data.

Read More

February 16, 2022

Top Five Reasons to Re-evaluate Your Privacy Posture

A strong data privacy posture is as important to your company as good posture is to your back — and both benefit from a thoughtful approach.

Read More

February 11, 2022

De-identifying Analytics Data: An AWS Sample Application

If your company has a data analytics pipeline to a data warehouse, you’re right to be concerned about the impact of aggregating customer PII, PHI, and PCI on data privacy and security. In this post we’ll explain how you can de-identify data in a pipeline built on AWS so you can use sensitive data while preserving privacy.

Read More

January 27, 2022

Software Engineering’s Next Great Challenge: Data Privacy

The evolution of our technology stack has been a direct result of creative engineers meeting the needs and demands of their users. However, our technology and product processes are ill-equipped to deal with a new user demand, the demand for privacy. In this post, we explore why existing technology is failing to meet new user demands for privacy and what engineers can do to address this problem.

Read More

January 20, 2022

Go Beyond Basics with Skyflow’s Quickstart Environment

Committing to a solution always feels better when you get the chance to try it out first with no risk. If you’re interested in Skyflow but are unsure how it will fit into your architecture, Skyflow’s new trial environment and Quickstart experience give you an easy way to try it out.

Read More

January 18, 2022

Why I Joined Skyflow After Building a Team at Google

I left a growing team, path to promotion, massages, and free food as Team Lead and Manager of Developer Relations at Google to join Skyflow. This post explains why I made this decision and why I’m so excited for the future.

Read More

December 29, 2021

Is Privacy Really a Tech Problem?

Many businesses still approach data privacy as a compliance and risk mitigation problem. Instead of viewing data privacy as an operational challenge, leading companies recognize that data privacy is really a technology and infrastructure challenge.

Read More

December 21, 2021

Build for Frictionless Growth by Avoiding PCI Data Lock-in

When you’re racing to get to market, storing your PCI data with a payment processor and offloading compliance to them seems like an easy way to save time. But what are the long term risks?

Read More

December 15, 2021

Facing Reserve Bank of India Payment Regulations? Skyflow's Fintech Vault Has Solutions

If your company deals with customer data — personal information, credit or debit card details, and so on — you know that you have an enormous responsibility to your users. Beyond the usual concerns around security breaches and the increasing customer expectations of privacy, new regulations from the Reserve Bank of India (RBI) are forcing companies to reevaluate how they handle their customer data.

Read More

November 29, 2021

Skyflow Connections: Mission-critical Integrations that Don’t Break Privacy

For many workflows, you need to send PCI, PHI, or PII data to a third-party service for processing. And you need to do all of this while remaining compliant with stringent regulatory requirements like PCI DSS.

Read More

October 19, 2021

Never Create a Category, Unless You Must

Building the data privacy vault

Read More

October 12, 2021

De-identifying Analytics Data With Skyflow

Despite your best attempts at preventing it, you likely find that sensitive data ends up in your data analytics pipelines, creating security, privacy, and compliance risk.

Read More

October 6, 2021

Introducing the Fintech Data Privacy Vault

We’re excited to announce today the general availability of Skyflow Fintech Data Privacy Vault for PII and PCI data privacy. Delivered as a simple API with support for card issuance, card acceptance, money movement, customer onboarding, and customer data management, it can serve as the data privacy infrastructure for the most important fintech apps and workflows. Leading fintechs are already using the Fintech Data Privacy Vault to get to market faster while ensuring privacy, security, and compliance for sensitive customer data.

Read More

September 7, 2021

Skyflow’s Approach to Zero Trust

Skyflow is the world’s first data privacy vault delivered as an API. Here’s how zero trust informed our approach to authentication and authorization.

Read More

September 1, 2021

Apple Ships Driver Licenses with Privacy-Centric Design

Apple now securely manages your driver licenses in its phone vault. Not only that, they have figured out how to do this while preserving your privacy even when you have to show your proof of driver license to a cop (or any validating entity).

Read More

August 16, 2021

Securing Your Databases Is Good, Securing Your Data Is Better

[Earth had] a problem, which was this: most of the people living on it were unhappy for pretty much all of the time. Many solutions were suggested for this problem, but most of these were largely concerned with the movements of small green pieces of paper, which is odd because on the whole it wasn’t the small green pieces of paper that were unhappy. — Hitchhiker's Guide to the Galaxy

Read More

August 11, 2021

Skyflow is Certified SOC 2 Compliant

We’re excited to announce another major compliance milestone: Skyflow is now SOC 2 Type 1 certified. [EDIT July 11, 2022: Skyflow is now SOC 2 Type 2 certified.]

Read More

August 3, 2021

Accelerating Healthtech Innovation: Introducing the Healthcare Data Privacy Vault

Some of the most difficult challenges that healthtech companies face today involve the handling of highly sensitive PHI data. How can you build an app that ensures data privacy and security but also lets you use PHI data to provide services and drive health outcomes? How can you ensure that data is available only in the right places, used in the right ways, and shared properly with third-party partners? How can you ensure compliance with all the rules and regulations that govern healthcare data?

Read More

July 21, 2021

Introducing the Skyflow Data Governance Engine

Securely storing sensitive data is not enough. The real value comes when you can store and use the data securely, both with a privacy-first design. Today, we’re excited to announce Skyflow’s new Governance Engine, a set of platform features (shared across all our data privacy vaults) that will help you get the most value out of your sensitive data while also ensuring it is kept secure and private. We’re rolling it out today for all customers as part of our launch of the new PII Data Privacy Vault.

Read More

July 21, 2021

Solving Customer Data Privacy Challenges: Introducing the PII Data Privacy Vault

We’re excited today to announce Skyflow’s new PII Data Privacy Vault. This new vault, delivered via our API, makes it easy for any app or workflow to safely and properly handle highly sensitive personally identifiable information (PII) (i.e., customer data). With Skyflow’s PII Vault, developers can quickly solve the difficult problems inherent to PII data--including regulatory compliance, data security, data governance, data residency, secure data sharing, and more — freeing them to innovate on features and UX.

Read More

July 14, 2021

Five Essential Ingredients of a Data Privacy Vault

Over the last few years we’ve seen a massive increase in the amount of PII data being collected as well as a proliferation of user data regulations. As a result, large enterprises like Google and Netflix have started using proprietary data privacy vaults to manage and secure sensitive data. A new paradigm in the security and compliance world, the data privacy vault combines security tools and best practices with sophisticated access management to provide strict limits on how much sensitive data is shared by internal systems.

Read More

June 30, 2021

Skyflow Joins the Visa Fintech Connect Program to Help Payment Card Issuers Ship Faster

Skyflow is one of the 24 fintech companies selected for the program.

Read More

June 22, 2021

Data Privacy vs. Product Innovation: A False Choice

In this day and age, data is the key to building amazing apps. Successful businesses rely on insights derived from datasets to serve their customers better, whether it's Starbucks personalizing your drink order (order your usual) or Netflix predicting the likelihood of you liking a movie that just came out (53% match for you!)

Read More

June 15, 2021

My Customer Data Journey From Salesforce to Skyflow

Customer data platforms helped us collect all this personal data to help us serve our customers better. Now we need to protect it.

Read More

May 18, 2021

Data Privacy and the API Economy: Why I Joined Skyflow

It’s been the case for at least the last ten years that software developers write less and less of the code in their apps. And yet, over the same time, apps have gotten increasingly sophisticated and complex, and run more code than ever. How can both be true? 

Read More

May 12, 2021

How Skyflow Could Have Helped Me Build Features at Google

One of the main reasons I joined Skyflow was because I had experienced the privacy-versus-personalization tradeoff first-hand in a prior role at Google.

Read More

April 21, 2021

Secure Fintech Built Faster: Introducing Skyflow Payments Vault

Today, we’re excited to launch the Skyflow Payments Data Privacy Vault, a new product designed to help fintech companies quickly build and bring to market, privacy-first fintech applications.

Read More

April 12, 2021

What is Polymorphic Encryption?

Over the last decade, businesses have significantly increased the amount of sensitive data they collect in order to create personalized customer experiences and unlock new growth opportunities. During this time, numerous high-profile data breaches have shined a light on the outdated data privacy and security practices of most businesses.

Read More

April 6, 2021

Auth0 Was Destined to Fail. What Happened?

Okta surprised a lot of people with the news that they were acquiring Auth0 for $6.5B. Why was Auth0 so successful and why did almost everyone miss their rise?

Read More

April 3, 2021

Open Standards and Proven Technology: Why Skyflow Joined the Vaccination Credentials Initiative and PathCheck Foundation

With the increasing vaccination rates of recent months, we are beginning to see the spread of Covid-19 come under control, bringing hope that the pandemic era may soon come to an end.

Read More

March 30, 2021

Why I Went From Payments Company Exec to Employee #43 at Skyflow

I just joined Skyflow to help fintech companies ship faster while protecting customer’s sensitive data.

Read More

February 26, 2021

PCI Compliance, Demystified

As consumers continue to adopt e-commerce and e-commerce providers streamline the ecommerce buying process, the systems used to process online card payments become popular targets for hacking and fraud. To combat this, in 2001, the PCI SSC was created. The PCI SSC is a joint venture between Visa, Mastercard, American Express, Discover, and JCB which created the Payment Card Industry Data Security Standard (PCI DSS). This standard sought to require any company that works with payment card information, whether collecting it, storing it, processing it, or transferring it, to take certain actions to protect that data.

Read More

February 7, 2021

Understanding PII in the Age of Data Privacy

Personally Identifiable Information, or PII, is data that can be used to identify an individual. For a user of your product, their PII is the data that they input to identify themselves when creating an account, such as an email address or a phone number.  

Read More

December 7, 2020

Build Fast and Don’t Break Privacy

At Skyflow, our focus is on radically simplifying how companies manage, access, and govern sensitive customer data. In the last 12 months, we have seen the emergence of a new category: the data privacy vault, with Skyflow as its flag bearer.

Read More

December 2, 2020

Skyflow Says "Hello World"

One of the many tricky things about running a startup in stealth mode is picking the perfect time to say “Hello, world”. Introductions are tough, particularly when you’ve spent two years building a company in secret. However, I’ve been dreaming about writing this blog post since we built our first prototype and I didn’t want to wait any longer, so without further ado, let me introduce myself and share what we’ve been working on.

Read More

September 15, 2020

Snowflake Was Destined to Fail. What Happened?

Snowflake seems like such an obvious winner today with the likes of risk-averse Berkshire Hathaway taking an unprecedented stake in their IPO. But it wasn’t always the case.

Read More

May 18, 2020

Covid-19: How Can We Reopen Without Compromising Privacy?

We can create a queryable federated Coronavirus health data store that’s locally controlled and managed by providers ensuring privacy of individuals. By solving the problem of data ownership, governance, and privacy, we can truly enable the interoperability we so desperately seek.

Read More

February 13, 2020

Apple Rethinks Privacy With Hide My Email

Email is at the heart of your online identity. We use it everywhere  —  to log in to our banks, our health records, and even our social networks. But why do I have to give my email address to all these companies who can then turn around and spam me for life?

Read More