InvisiCloud

Tell your customers “we cannot read your data” and mean it.

InvisiCloud puts your customers' data out of your own reach, without rearchitecting the product. Your customer, or a partner, holds the key. You point your existing S3 client at a new endpoint.

Security questionnaire

“Can your staff access our uploaded files? Where are the encryption keys?”

We are cryptographically unable to read your data. The key stays with you, and our infrastructure only handles encrypted payloads.

The stuck deal

A real deal is stalled in security review

When you sell into health, legal, HR, fintech, govtech, or supply-chain buyers, the security review decides the deal. The questions that stall it look like this:

Can your staff access our data?

Where are the encryption keys held?

How do you handle Schrems II and international transfers?

Rearchitecting for client-side encryption isn't an option, and today's alternatives don't answer the question:

Client-side encryption

Breaks sharing, presigned links, and other features, and forces you to rearchitect the application.

BYOK / SSE-KMS

Improves key control, but the cloud provider still encrypts the data and can reach the keys, so the provider and vendor stay inside the trust boundary.

Confidential computing

A hardware and attestation project, not a storage answer, and not something you can ship this quarter.

Why InvisiCloud

Built to win deals, not just prevent breaches

Companies buy InvisiCloud to win competitive RFPs and pass security reviews, not mainly for breach protection.

Win the deal

“We are cryptographically unable to read your data” becomes a truthful answer in RFPs and security questionnaires, and it unblocks stalled enterprise and public-sector deals.

No rearchitecting

Works with the standard S3 SDKs (AWS SDK, boto3) and your existing application code. Integration is a DNS change plus one stateless container. No client-side key management.

Sovereignty, built in

Supports GDPR data-protection-by-design and supplementary measures for international transfers. Keep your hyperscaler, but take it, and yourself, out of the plaintext trust boundary.

How it works

Zero-trust storage, split across two independent parties

No single infrastructure operator can decrypt customer objects on its own, whether that's the Gateway, the Key Server, or the storage backend.

Your application
Existing S3 SDK (AWS SDK, boto3)
InvisiCloud endpoint
A DNS / CNAME change
InvisiCloud Gateway
utilacy-operated · processes encrypted payloads, holds no keys
Key Server
You or a partner · holds the keys, never receives payloads
Encrypted storage
One or more backends of your choice

Built on the patented TLSHare protocol and Secure Multi-Party Computation. The Key Server holds the keys but never sees payloads. The Gateway processes encrypted payloads but never holds keys. Neither one alone can reconstruct plaintext, so your data stays protected unless both are compromised at once.

Main use case

Confidential customer-document storage for B2B SaaS

Store the files your customers upload, with you and every infrastructure provider locked out of the plaintext. The product keeps behaving exactly as it does today.

User-uploaded documents

Contracts, patient records, HR files, case files. Stored through your existing S3 code path, with you and every infrastructure provider locked out of the plaintext.

Sharing keeps working

Identity-based sharing and presigned links keep working. No second-channel key distribution, no client-side key management.

Revocation keeps working

Revoke access the way you do today. No long-term keys live on client devices.

Multi-backend redundancy

Connect one or two storage backends of your choice. Provider independence and redundancy come built in.

Where this is going: the same two-party model extends toward confidential analytics (Apache Iceberg, PyIceberg) and confidential compute. These are on the roadmap, not available today.

The CISO questions

What a security team will ask

BYOK improves key control, but the cloud service still encrypts the data and can access the keys, so the provider and the vendor stay inside the trust boundary. InvisiCloud removes both.

What we're honest about

InvisiCloud is early access, and it's technical infrastructure, not a replacement for legal assessment, IAM, or organizational controls. Straight answers on the edges:

  • Metadata stays visible: object names, sizes, access timing, IPs.
  • Authorized users or compromised credentials can still exfiltrate data they are allowed to access.
  • The Key Server is security-critical for availability and access control, even though its compromise alone does not expose plaintext.
  • No external cryptographic audit or academic review yet, and performance testing is ongoing.

Scope your first deployment against a stuck deal

Get early access and we'll scope your first deployment: one bucket, one document workload, against a real deal in security review. We're onboarding early-access deployments now.