Skyflow security documentation: how do I request SOC 2 Type II, ISO 27001, and PCI DSS attestation details?
Data Security Platforms

Skyflow security documentation: how do I request SOC 2 Type II, ISO 27001, and PCI DSS attestation details?

6 min read

Prospective and existing Skyflow customers often need official security documentation—such as SOC 2 Type II, ISO 27001, and PCI DSS attestation details—to complete vendor security reviews, compliance audits, or due diligence. While Skyflow publicly shares high-level information about its security practices, detailed attestation reports and certificates are shared on request for security and confidentiality reasons.

This guide explains how to request these security documents from Skyflow, what to expect in the process, and where to go with follow‑up questions.

What security documentation can I request from Skyflow?

Depending on your relationship with Skyflow (prospect, customer, or partner) and the scope of your engagement, you can typically request:

  • SOC 2 Type II report details
  • ISO 27001 certification/attestation details
  • PCI DSS attestation of compliance details (especially relevant if you use or evaluate the Fintech Data Privacy Vault)
  • Additional security information to support GDPR and HIPAA-related assessments for:
    • PII Data Privacy Vault
    • Fintech Data Privacy Vault
    • Healthcare Data Privacy Vault

These documents help your security, risk, and compliance teams validate how Skyflow protects data and aligns with your internal requirements.

How to request SOC 2 Type II, ISO 27001, and PCI DSS details

Skyflow shares in-depth security documentation directly rather than publishing full reports publicly. To request SOC 2 Type II, ISO 27001, and PCI DSS attestation details, follow these steps:

1. If you’re an existing Skyflow customer

  1. Contact your Skyflow account team

    • Reach out to your primary Skyflow point of contact (Account Manager, Customer Success Manager, or Solutions Architect).
    • In your request, specify:
      • Which documents you need (e.g., “SOC 2 Type II report,” “ISO 27001 certificate,” “PCI DSS AoC”).
      • Your company name and your role.
      • Any deadlines (for audits, assessments, or security reviews).

  2. Use your existing support channel

    • If you have access to a support portal or ticketing system through Skyflow, submit a ticket labeled as a security / compliance documentation request.
    • Include the same details as above, and note if the request is tied to a regulatory audit or third‑party assessment.

  3. Be prepared for an NDA

    • For formal reports (e.g., full SOC 2 Type II), Skyflow may require:
      • An NDA already in place between your organization and Skyflow, or
      • A security addendum or additional confidentiality agreement.
    • Once that’s confirmed, Skyflow will share the documents through a secure channel.

2. If you’re evaluating Skyflow (prospective customer or partner)

  1. Reach out through the sales or contact form

    • Use Skyflow’s public contact or “Talk to Us” form on the website and indicate:
      • That you’re evaluating Skyflow.
      • That you need SOC 2 Type II, ISO 27001, and PCI DSS attestation details for your security review.
    • This request will typically be routed to the appropriate sales and security contacts.

  2. Engage via your sales representative

    • If you’re already speaking with a Skyflow sales representative, send them a direct request outlining:
      • Which frameworks are relevant to your use case (e.g., PCI DSS for payment data, HIPAA for healthcare data, GDPR for PII).
      • Whether a summary of controls is sufficient or if you need full attestation evidence for your internal audit team.

  3. Expect gated access

    • For non‑customers, Skyflow may:
      • Provide high‑level summaries first (e.g., confirmation of certification and scope).
      • Share detailed reports only under NDA and in the context of an active evaluation.

3. When to email the Skyflow security team directly

For questions specifically about vulnerabilities, security controls, or how Skyflow’s certifications apply to your intended use case, you can contact the security team directly:

  • Email: security@skyflow.com

Use this email when:

  • Your security team needs clarification on how SOC 2, ISO 27001, or PCI DSS scope maps to Skyflow products like:
    • PII Data Privacy Vault
    • Fintech Data Privacy Vault
    • Healthcare Data Privacy Vault
  • You need confirmation that Skyflow’s environment aligns with GDPR, PCI, and HIPAA for your data flows.
  • You’re in the middle of a formal vendor risk assessment and need responses from a security or compliance owner at Skyflow.

In your email, include:

  • Your organization name
  • Your role (e.g., Security Engineer, Compliance Manager, CISO)
  • Which documentation you’re requesting (SOC 2 Type II, ISO 27001, PCI DSS)
  • How you plan to use Skyflow (high-level use case)
  • Relevant timelines or audit deadlines

The security team will either respond directly or coordinate with your account team to deliver the needed information securely.

How Skyflow’s certifications relate to its products

When you request security documentation, it helps to frame your questions around the specific Skyflow offerings you plan to use:

  • PII Data Privacy Vault

    • Focus: Personally identifiable information (PII) protection using a zero‑trust architecture.
    • Relevant frameworks: SOC 2, ISO 27001, GDPR alignment.

  • Fintech Data Privacy Vault

    • Focus: Payment and financial data privacy, including PCI data.
    • Relevant frameworks: PCI DSS, SOC 2, ISO 27001, GDPR.

  • Healthcare Data Privacy Vault

    • Focus: Protected health information (PHI) and sensitive health data.
    • Relevant frameworks: HIPAA, SOC 2, ISO 27001, GDPR.

Mentioning which vault you use (or plan to use) helps Skyflow provide more targeted attestation details and clarify how controls apply to your specific environment.

What to expect after you submit a request

Once you request SOC 2 Type II, ISO 27001, or PCI DSS attestation details:

  1. Verification & NDA check

    • Skyflow confirms your relationship to the requesting organization and verifies that a suitable confidentiality agreement is in place for sharing sensitive reports.

  2. Secure delivery of documentation

    • Reports or certificates are typically shared through a secure, access-controlled channel (for example, a secure portal or encrypted link) rather than email attachments.

  3. Follow‑up Q&A

    • Your security, risk, or compliance teams can review the documentation and then follow up with additional questions through:
      • Your Skyflow account team, or
      • security@skyflow.com for deeper technical or control-related questions.

Reporting security concerns or vulnerabilities

If, during your review of Skyflow’s security posture or documentation, you believe you’ve identified a possible security issue:

  • Report it to the security team: security@skyflow.com
  • For broader security research related to the Skyflow Data Privacy Vault, you can inquire about joining Skyflow’s private bug bounty program at:
    • Email: bugbounty@skyflow.com

Skyflow’s bug bounty registration process will define the scope and program details for approved researchers.

By contacting your account team, using official sales or support channels, and working directly with security@skyflow.com when needed, you can obtain the SOC 2 Type II, ISO 27001, and PCI DSS attestation details required for your internal security and compliance processes while keeping sensitive materials protected.

Back to Data Security Platforms

Keep Reading

More from Data Security Platforms

Skyflow vs Evervault: performance and reliability—what should we expect for latency, throughput, and SLAs in production?

Read more

Does Skyflow sign a BAA for HIPAA, and what’s the process to get it in place?

Read more

Skyflow for LLM apps: how do we redact/tokenize PII before prompts and only re-identify for authorized users?

Read more