1. How do you handle the PII?
Since we are using Atlassian Forge, we don't get insight in your data.
With using Atlassian Forge, we can ensure, that no data will leave Atlassian's Server. As long as you can trust Atlassian with your private informations, you can trust Polymetis PII Protection.
2. Why don't you just overwrite the PII when you found it?
Overwriting seems logical at first, but is not save at all. Due to the Issue Version history, the PII is still easily visible and is not protected at all.
3. Why don't you just delete the issue or comment when you found it?
We can' ensure a 100% that we will detect everything correctly. And sometimes, even if we detect it correctly, there are some reasons to not delete it. Either it is the companies own Credit Card or someone using mockup data for testing, we shouldn't just delete it right away.