# Protecting PII and Customer Data ## Intro PII protection is crucial. The two most common use cases for PII protection are: 1. Your company needs to **comply with HIIPA, SOC 2, PCI DSS, GDPR** or other compliance standards and regulations that require safeguarding **Personal Identifiable Information**. 2. To enable sales and client satisfaction, you need to **put guardrails around customer data**; they want to know **access is highly restricted to their tenant and their data**. Apono is here help! {% hint style="info" %} [Read more](https://gdpr.eu/eu-gdpr-personal-data/) about PII and why it's so important {% endhint %} ## How to protect PII with Apono Apono specializes in protecting data. With Access Flows, you can control exactly who can access DBs with any permission (read, write, create, delete, duplicate, admin, and more): 1. We support all common databases and keep adding more:\ ![Apono integration with MySQL, PostgreSQL, Elasticsearch, Redshift, RDS, Bigquery](https://files.readme.io/115c27d-image.png) 2. We help you manage access with full granularity and flexibility: {% hint style="success" %} Apono can automate access management for clusters and databases, but also for collections and schemas {% endhint %} ![](https://files.readme.io/2389528-image.png) #### How it works 1. Integrate Apono with your data repository 2. Apono will auto-discover clusters, databases, collections and schemas 3. Create an Access Flow for the resource type you want to control 4. Fully auditable with logs and reports out-of-the-box ## How to secure customer data with Apono Database access control is key to customer satisfaction - customers want to (and are required to) ensure least privilege to their data and their customers' data by their vendors. This may include metadata, like users, resource names (like DBs, repositories, etc.), DaaS (data as a service) titles and paths, and also actual data, especially Personal Identifiable Information of customers and employees (names, IDs, addresses, emails, phone numbers, and any other personal attribute). Apono handles the access workflow for each user who needs to access a customer environment, account, tenant or database, including approval, provisioning, secure access details, revocation and audit: ![](https://files.readme.io/0c98bfa-image.png) #### How it works 1. Put your customers at ease with Apono's documentation and [architecture](/docs/about-apono/security-and-architecture.md). Contact us and we'll provide **out-of-the-box, white-labeled documentation**! 2. Integrate Apono with your data repository 3. Apono will auto-discover clusters, databases, collections and schemas 4. Create an Access Flow for the resource type you want to control. Limit access using: 1. Tags for customers' resources 2. Specific environments or tenants 3. Specific customer databases 5. Users will be able to request access to perform any action (READ, WRITE, DELETE, ADMIN, etc.) on customer data --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.apono.io/docs/access-flows/common-use-cases/protecting-pii-and-customer-data.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.