In an example embodiment, login credentials are received from a user. These login credentials are validated. Sensitive information is received from the user. The sensitive information is then stored in a cloud-based database. One or more access limitations are established for the sensitive information. A request for the sensitive information is received, from a first third party entity, via an application program interface (API) distributed to a plurality of third party entities. It is then determined if providing access to the sensitive information to the first third party entity would violate the one or more access limitations for the sensitive information. In response to a determination that the providing access to the sensitive information to the first third party entity would not violate the one or more access limitations for the sensitive information, the sensitive information is transmitted to the first third party entity.