Open-source, data privacy vault to store and manage PII in a fully compliant manner.

Thorn is an open source, data privacy vault that uses encryption, tokenisation & configurable access control to meet security, compliance, residency requirements. Bake compliance with GDPR, CCPA and other privacy compliance laws into your architecture and protect your customer's data.

• Restful Service RESTful APIs that work with any language or framework
• Highly Performant Designed from the ground up for high performance and ultra low latency usecases
• Run Anywhere Cloud, on-premise, or serverless, Subrose can run anywhere, no vendor lock-in, no strings attached
• Audit Logs Every action on the vault is logged with full context
• 🔜 1-Click Deploy to cloud providers
• 🔜 Automatic Secret Rotation custom encryption providers (Hashicorp Vault/NaCl secretbox)
• 🔜 PII types pre-configured PII types

And more.

Warning Thorn is currently in pre-alpha and not ready for usage, however contributions and discussions are more than welcome at this stage.

To spin up the development enviroment:

docker-compose up

This will spin up the thorn api and postgres for data storage. Full development guide coming soon.

Subrose makes privacy engineering & compliance straightforward by default. We're on a mission to make data privacy and compliance easy for all developers.

If you care about protecting your customer's data, complying with regulation and having a secure by default then Subrose is right for you.

We are currently working hard to make Subrose more extensive and adding features by the day. Need any integrations or want a new feature? Feel free to create an issue or contribute directly to the project.

• GitHub Discussions (For getting help, providing feedback or discussing privacy engineering.)
• GitHub Issues (For any bugs and errors you encounter using Subrose)
• Twitter (For realtime updates)
• Linkedin (For company information)

This repo is available under the MIT expat license. See the LICENSE file for more info.

Looking to report a security vulnerability? Please don't post about it in GitHub issue. Instead, refer to our SECURITY.md file.

Contributions in all forms are welcome!