Discover PII
Map warehouse tables and columns automatically, then maintain a live registry of where customer data lives and who owns each resource.
PII compliance.
Found, tracked,
proven deleted.
A control plane for data warehouses_
Chameleon maps warehouse tables and columns automatically, records ghost-data findings from scans, and generates deletion proof across connected downstream systems.
stg_users.data - 8 columns scanned
| column | type | declared | finding |
|---|---|---|---|
| user_id | INT64 | yes | - |
| created_at | TIMESTAMP | yes | - |
| STRING | no | GHOST_DATA | |
| plan_tier | STRING | yes | - |
| phone_hash | STRING | no | SUSPECT_PII |
| region | STRING | yes | - |
| mrr_usd | FLOAT64 | yes | - |
| deleted_at | TIMESTAMP | yes | - |
Customer data spreads faster than compliance teams can track.
Warehouses, dbt models, SaaS tools, exports, and analytics copies all accumulate customer data. When a deletion request arrives, most teams cannot answer what exists, where it lives, or whether it was ever removed.
Detect ghost data
Surface undeclared PII columns that exist in the warehouse but are not registered — before they become an audit finding.
Enforce policy
Evaluate each resource against deletion strategy requirements and flag policy drift before a compliance review arrives.
Execute deletion
Trigger deletion workflows that reach the warehouse, connected SaaS systems, and downstream copies in a single request.
Prove deletion
Generate a signed, timestamped certificate of destruction that answers GDPR Article 17 and DSAR evidence requirements.
A control plane for PII policy, deletion, and proof.
01 / Warehouse
Connect BigQuery. Chameleon maps every table and column automatically and registers declared PII fields.
02 / Registry
A live asset registry tracks which columns hold PII, which policies govern them, and which dbt models inherit that data.
03 / Policy
Ghost-data findings from configured scans remain visible for policy review before drift becomes an audit risk.
04 / Deletion
When a deletion request arrives, the Key Vault destroys the user's encryption key. Every copy of that data — warehouse tables, dbt models, backups, exports — becomes mathematically unreadable instantly. No row scans. No missed copies.
05 / Proof
A signed, timestamped proof record is generated. Auditor-ready, immediately.
The full compliance loop, in one view.
Overview dashboard
Registry health, policy drift, ghost data, and proof status.
Registry resources
54 BigQuery, 1 SaaSPolicy status
WARNmanual review requiredGhost findings
1canary email in stagingLast proof
ISSUEDcertificate storedRegistry view
Resources and deletion strategy from the PII registry.
| Resource | Layer | PII columns | Strategy | Status |
|---|---|---|---|---|
| chameleon_prod.raw_users | RAW | email_token, encrypted_pii, user_id | CRYPTO_SHRED | PASS |
| chameleon_prod.stg_users | STAGING | email, phone, user_id | CRYPTO_SHRED | WARN |
| chameleon_prod.int_customer_activity | INTERMEDIATE | user_surrogate_id | CRYPTO_SHRED | PASS |
| chameleon_prod.mart_customer_metrics | MART | user_surrogate_id | MANUAL_REVIEW | WARN |
Ghost findings
Scanner output with recommended action.
data.email
HIGHchameleon_prod.stg_users - EMAIL - 1 row
Register column or remove source data
user_surrogate_id
MEDIUMchameleon_prod.mart_customer_metrics - MART_IDENTIFIER - policy rule
Keep aggregate-only handling under review
Deletion proof
Lifecycle status for one deletion request.
User identifierusr_7f3a...91c2
Requestdelreq_2026_06_21_0042
StatusCERTIFICATE_ISSUED
BigQuerykey destroyed
HubSpotwipe succeeded
Salesforcesandbox receipt
GCS audit logsevidence retained
iss: Chameleon Key Vault
kid: cloud-kms-signing-key/versions/1
evidence: gs://chameleon-audit-logs/lineage_exports/
kid: cloud-kms-signing-key/versions/1
evidence: gs://chameleon-audit-logs/lineage_exports/
Integrations
Connection status for the demo control plane.
BigQuery
Connectedchameleon_prod and lineage_db
dbt
Policy sourcemanifest model metadata
HubSpot
Janitor readycontacts external wipe
Salesforce
Janitor readylead and contact wipe receipts
BigQuery
Where encrypted PII lives. Chameleon maps tables and columns, tracks policy, and crypto-shreds data on deletion.
dbt
dbt model lineage tells Chameleon which downstream tables inherit PII from upstream sources.
HubSpot
Connected SaaS wipe target. Chameleon sends deletion instructions and collects the receipt as deletion proof.
Salesforce
Connected SaaS wipe target. Contact deletion receipts are collected and included in the proof certificate.
PII deletion, explained.
Crypto-shredding
Why destroying an encryption key is a more complete and provable deletion than deleting rows — and why auditors accept it.
GDPR Article 17
What the right to erasure actually requires, what auditors check, and how to produce evidence that survives a regulator review.
Deletion proof
How Chameleon coordinates deletion across the warehouse and connected SaaS systems, then issues a signed certificate of destruction.