End-to-end data control
SDK and cloud service

Embed an SDK in your app to connect to the IronCore data control service.
An optional storage service provides a NoSQL key/value interface.
IronCore can host services or deploy in your own environment with enterprise options.





A simple developer experience gets you to market faster, reduces your technical debt and helps you focus on writing the code that matters.


Multi-tenant architectures are supported with project and segment containers.

Cloud Secure

Cloud secure by design. There is no need for you to  support a physical or virtual appliance for your application – stop the on-prem and hybrid madness.

Key Recovery

Key recovery has low administrative friction, and even catastrophic scenarios such as master domain key loss have well-designed recovery procedures.

Horizontal Scaling

There are no limitations on the number of users, files, documents or groups. All services scale horizontally.

No CMK Server

Customer control by design. There is no need for your customer to host a Customer Managed Key (CMK) server or Hardware Security Module (HSM).

Deployment Options

IronCore can host services or deploy in your own environment with enterprise options.

Storage Service

An optional storage service provides an encrypted NoSQL key value store for basic cases such as a PII vault.


All use cases are extensively documented with examples, architectural patterns and guidance for iterative roadmaps.



Trust Inversion

Rather than asking a customer to trust you with their data, you let them own it and they retain full control at all times.

Transform Cryptography

The first commercialization of proxy re-encryption (PRE), which converts ciphertexts for one private key into ciphertexts for another, without decrypting the underlying data (yes, it’s magic).

Zero Visibility

IronCore services never see private keys and cannot decrypt data.

Public Key Crypto

Privacy and security are mathematically provable using public key cryptography where every user has their own keys. Even a hacked application cannot see all the data.

High Usability

Users and data owners don’t need to know about encryption or keys because the security is built into their applications, which seamlessly handle the details under the hood.


Unidirectional, non-interactive, non-transitive, multi-hop and collusion safe.



End-To-End Encryption

Unlock data only at the point of use.


Data is owner-controlled even when stored with third parties or offline.

Provable Access Control

Control access by class of data or by role-based group. Cryptographically backed and mathematically provable.

Tamper-Proof Monitoring

Record all privacy and security events with digitally signed directives in a tamper-evident log.


Revoke users, groups, services or devices at any time without touching the underlying data.

Device Management

Authorize multiple desktop, mobile, web clients and back end cloud services. Quickly disable lost or stolen devices.

Secure Sharing

Share sensitive data within an organization and with external systems, data centers, customers and partners.



Right to Be Forgotten

Turnkey and instant erasure for all protected data via crypto-shredding

Right to Disclosure

Pinpoint access to personal data and allow incorrect data to be fixed.

Data Residency

Meet data locality restrictions for sovereign citizens, reducing operational complexity and lowering costs.

Key Management

Key management, rotation, encryption, sharing, and permissions are handled automatically. Changing access and rotating keys are constant time operations.

Enterprise Grade

Third party audits, compliance certifications, contractual agreements, math proofs, bug bounties and ongoing diligence from the crypto community.

Record Keeping

Maintain records of every access and update of data, users, groups and permissions in tamper-evident, immutable logs.

Reduced Reputational Risks

Notifications are not required if a breach exposes only encrypted data and not keys, protecting customers and your brand.