Supported Data Types

Whether it's patient health data, customer payment info, or government IDs, DataStealth replaces sensitive values with secure substitutes – i.e., tokenization, masking, or encryption – so applications keep working, but risk disappears.

Personal Information
‍

First Name, Last Name

Address, Zip, Postal Code

Email, Phone, Area Code

Payment Card Data
‍

Payment Card Number

Personal Account Number

Cardholder Name

CVV

Health Information (PHI)

Health Card

Demographic Info (Name, Address, DOB, etc.)

Medical History (Illnesses, Treatments, Results)

Insurance Information (Policy, Claims)

Biometric Data (Fingerprint, Retina, Voice)

Electronic Health Records (EHR)

DICOM

Banking Information
‍

Health CardBank Account

Transit Number

Swift Number

Credit Score

Government Information
‍

Passport

Driver’s License

Social Security Number (SSN)

Social Insurance Number (SIN)

General Information
‍

IP Address / MAC Address

GUID

User ID

Password

Date / Time

Frequently Asked Questions

What types of sensitive data does DataStealth protect?

DataStealth protects every major category of regulated and sensitive information – PII (names, addresses, emails, phone numbers, Social Security Numbers), PHI (health cards, medical history, insurance records, biometric data, EHR, DICOM images), and PCI data (payment card numbers, cardholder names, CVVs, Personal Account Numbers).

Beyond the standard categories, DataStealth also covers banking identifiers – e.g., bank account numbers, transit numbers, SWIFT codes, and credit scores – as well as government-issued IDs like passports, driver's licences, and Social Insurance Numbers.

Technical identifiers are included too – IP addresses, MAC addresses, GUIDs, user IDs, passwords, and timestamps. The data classification engine identifies each data type automatically through pattern matching, contextual analysis, and named-entity recognition, and the platform applies the appropriate protection policy per element.

How does DataStealth de-identify PII, PHI, and PCI data?

DataStealth applies de-identification at the field level using three methods – each configurable per data element based on your compliance requirements and operational needs.

Tokenization replaces sensitive values with format-preserving surrogate tokens – i.e., a 16-digit PAN becomes another 16-digit value that passes Luhn checks but contains no exploitable data. Masking obfuscates values with redacted characters, partial reveals (e.g., "****1234"), or realistic pseudonyms for test and QA environments. Encryption transforms data into ciphertext using AES-GCM or format-preserving algorithms.

The method you choose depends on the use case. Tokenization is ideal for PCI scope reduction. Masking suits role-based access and dynamic visibility controls. Encryption provides foundational protection for data at rest and in transit.

How does tokenizing payment card data reduce PCI DSS audit scope?

Under PCI DSS, any system that stores, processes, or transmits cardholder data – i.e., PANs, cardholder names, CVVs, or expiration dates – falls within audit scope. That means every server, database, application, and network segment touching that data is subject to assessment.

Tokenization removes systems from scope by replacing cardholder data with tokens before it reaches downstream applications. Since tokens are not classified as cardholder data under PCI DSS, the systems that store and process them are excluded from the Cardholder Data Environment (CDE).

DataStealth applies tokenization at the protocol layer – inline, before data reaches your databases or SaaS applications – so scope reduction happens automatically. For financial services and retail organizations processing millions of transactions, this translates directly into fewer systems to assess, lower compliance costs, and faster audit cycles.

What is the difference between PII, PHI, and PCI compliance requirements?

Each data type is governed by different regulations, and the penalties, scope, and protection requirements differ significantly.

PII compliance – governed by GDPR, CCPA/CPRA, PIPEDA, and similar privacy laws – requires that organizations document what personal data they hold, where it resides, and who can access it. Enforcement focuses on data subject rights – i.e., right to access, right to erasure, and DSARs.

PHI compliance – governed by HIPAA in the US – requires covered entities and business associates to implement administrative, physical, and technical safeguards for protected health information. HIPAA data masking and encryption are common implementation paths.

PCI compliance – governed by PCI DSS – mandates specific controls for cardholder data, including encryption, access restrictions, and vulnerability management. Tokenization is the most effective path to scope reduction.

DataStealth's data discovery engine identifies all three data types across your environment, the classification engine labels them by sensitivity and regulation, and the protection layer applies the appropriate method – all from a single platform.

Data Types Protected by DataStealth

Comprehensive Data Protection: PHI, PII, PCI, and Beyond

Supported Data Types

Personal Information
‍

Payment Card Data
‍

Health Information (PHI)

Banking Information
‍

Government Information
‍

General Information
‍

Why It Matters

Broad Coverage

Business Continuity

Compliance Ready

Simplify compliance

Frequently Asked Questions

Data Types Protected by DataStealth

Comprehensive Data Protection: PHI, PII, PCI, and Beyond

Supported Data Types

Personal Information‍

Payment Card Data‍

Health Information (PHI)

Banking Information‍

Government Information‍

General Information‍

Why It Matters

Broad Coverage

Business Continuity

Compliance Ready

Simplify compliance

Frequently Asked Questions

What types of sensitive data does DataStealth protect?

How does DataStealth de-identify PII, PHI, and PCI data?

How does tokenizing payment card data reduce PCI DSS audit scope?

What is the difference between PII, PHI, and PCI compliance requirements?

Personal Information
‍

Payment Card Data
‍

Banking Information
‍

Government Information
‍

General Information
‍