This document explains what PSI and PII mean, why both are required, and how Capillary uses them to meet access control and data protection requirements.

What is PII (Personally Identifiable Information)

PII refers to data that can directly or indirectly identify an individual. This data is subject to privacy regulations such as GDPR and CCPA.

Typical examples

• Name
• Mobile number
• Email address
• External customer ID
• Any identifier that uniquely links data to a person

What is PSI (Potentially Sensitive Information)

PSI refers to data that is sensitive in nature and must be protected from unauthorised access. This data may not always be legally classified as PII, but exposure can still create privacy or security risks.

Typical examples

• Health-related attributes (for example, blood group, smoking habit)
• Lifestyle or behavioural attributes
• Financial or demographic attributes that require restricted visibility