End-to-End Data Privacy
SDK and Cloud Service

Embed an SDK in your app to connect to the IronCore data control service.
An optional storage service provides a NoSQL key/value interface.
IronCore can host services or you can embed in a private cloud or on-premises.





A simple developer experience gets you to market faster, reduces your technical debt and helps you focus on writing the code that matters.

Cloud Secure

Cloud secure by design. There is no need for you to  support a physical or virtual appliance for your application – stop the on-prem and hybrid madness.

Horizontal Scaling

There are no limitations on the number of users, files, documents or groups. All services scale horizontally.

Deployment Options

IronCore can host services or deploy in your own environment with enterprise options.


All use cases are extensively documented with examples, architectural patterns and guidance for iterative roadmaps.


Multi-tenant architectures are supported with project and segment containers.

Key Recovery

Key recovery has low administrative friction, and even catastrophic scenarios such as master domain key loss have well-designed recovery procedures.

No CMK Server

Customer control by design. There is no need for your customer to host a Customer Managed Key (CMK) server or Hardware Security Module (HSM).

Storage Service

An optional storage service provides an encrypted NoSQL key value store for basic cases such as a PII vault.



End-to-End Encryption

Unlock data only at the point of use.

Provable Access Control

Control access by class of data or by role-based group. Cryptographically backed and mathematically provable.


Revoke users, groups, services or devices at any time without touching the underlying data.

Secure Sharing

Share sensitive data within an organization and with external systems, data centers, customers and partners.


Data is owner-controlled even when stored with third parties or offline.

Tamper Proof Monitoring

Record all privacy and security events with digitally signed directives in a tamper-evident log.

Device Management

Authorize multiple desktop, mobile, web clients and back end cloud services. Quickly disable lost or stolen devices.



Trust Inversion

Rather than asking a customer to trust you with their data, you let them own it and they retain full control at all times.

Zero Visibility

IronCore services never see private keys and cannot decrypt data.

High Usability

Users and data owners don’t need to know about encryption or keys because the security is built into their applications, which seamlessly handle the details under the hood.

Transform Cryptography

The first commercialization of proxy re-encryption (PRE), which converts ciphertexts for one private key into ciphertexts for another, without decrypting the underlying data (yes, it’s magic).

Public Key Crypto

Privacy and security are mathematically provable using public key cryptography where every user has their own keys. Even a hacked application cannot see all the data.


Unidirectional, non-interactive, non-transitive, multi-hop and collusion safe.



Right to Be Forgotten

Turnkey and instant erasure for all protected data via crypto-shredding.

Data Residency

Meet data locality restrictions for sovereign citizens, reducing operational complexity and lowering costs.

Enterprise Grade

Third party audits, compliance certifications, contractual agreements, math proofs, bug bounties and ongoing diligence from the crypto community.

Reduced Reputational Risk

Notifications are not required if a breach exposes only encrypted data and not keys, protecting customers and your brand.

Right to Disclosure

Pinpoint access to personal data and allow incorrect data to be fixed.

Key Management

Key management, rotation, encryption, sharing, and permissions are handled automatically. Changing access and rotating keys are constant time operations.

Record Keeping

Maintain records of every access and update of data, users, groups and permissions in tamper-evident, immutable logs.