Hybrid Kyber+AES-256-GCM encryption for data at rest. Field-level encryption with automatic sensitivity classification, zero-downtime key rotation, and full audit trails. NIST Level 3 security.
Submit raw data or structured fields via Base64-encoded API calls. The HybridEncryptor receives your plaintext over TLS and prepares it for post-quantum encryption.
Automatic sensitivity classification detects PII, PHI, and financial data. Each field is encrypted with a Kyber-encapsulated AES-256-GCM key. Sub-millisecond per operation.
Store ciphertext in your own database, S3, or any backend. Retrieve and decrypt with the key ID at any time. Zero-downtime key rotation re-encrypts without service interruption.
Kyber (ML-KEM) key encapsulation wraps AES-256-GCM symmetric keys. Resistant to both classical and quantum adversaries. NIST FIPS 203 compliant.
Encrypt individual fields within structured data. SSN, email, medical records, and financial data each get their own encryption envelope. Granular access control per field.
Automatic detection of PII, PHI, and financial data. The classifier tags fields as high, medium, or low sensitivity before encryption. No manual annotation required.
Zero-downtime key rotation re-encrypts data under a new Kyber key pair without service interruption. Old keys are retired gracefully. Meets compliance rotation schedules.
All data in and out is Base64-encoded for safe transport over JSON APIs. Binary, text, images, documents — any payload type supported without escaping issues.
Every encrypt, decrypt, and rotation operation is logged with timestamps, key IDs, and caller identity. Exportable audit logs for compliance reporting and forensic review.
Encrypt ePHI at the field level — patient names, SSNs, diagnoses, prescriptions. Automatic PHI detection ensures nothing slips through unencrypted. Audit trails satisfy HIPAA technical safeguard requirements.
HIPAA CompliantPAN, CVV, and account numbers encrypted with post-quantum keys. Field-level granularity means only authorized services decrypt specific fields. Key rotation on schedule without downtime.
PCI-DSS ReadyNIST Level 3 post-quantum encryption for classified-adjacent data. ML-KEM (FIPS 203) key encapsulation meets federal cryptographic standards. Full audit trail for FedRAMP continuous monitoring.
NIST FIPS 203Encrypt customer data, API keys, secrets, and internal records at rest. Demonstrate encryption-at-rest controls for SOC 2 Type II audits. Zero-downtime rotation proves operational maturity.
SOC 2 Type II{
"data": "SGVsbG8gV29ybGQ=",
"key_id": "k_live_abc123",
"metadata": {
"label": "user-record-4821"
}
}
{
"ciphertext": "eyJhbGciOiJLeWJl...",
"key_id": "k_live_abc123",
"algorithm": "KYBER+AES-256-GCM",
"nonce": "dGhpcyBpcyBhIG5v...",
"encrypted_at": "2026-03-04T12:00:00Z"
}
{
"ciphertext": "eyJhbGciOiJLeWJl...",
"key_id": "k_live_abc123",
"nonce": "dGhpcyBpcyBhIG5v..."
}
{
"data": "SGVsbG8gV29ybGQ=",
"algorithm": "KYBER+AES-256-GCM",
"decrypted_at": "2026-03-04T12:00:01Z",
"key_id": "k_live_abc123"
}
{
"fields": {
"name": "Jane Doe",
"ssn": "123-45-6789",
"email": "jane@example.com",
"notes": "Regular checkup"
},
"auto_classify": true
}
{
"encrypted_fields": {
"name": { "ct": "...", "s": "PII" },
"ssn": { "ct": "...", "s": "PII_HIGH" },
"email": { "ct": "...", "s": "PII" },
"notes": { "ct": "...", "s": "LOW" }
},
"key_id": "k_live_abc123",
"classifications": 4
}
{
"old_key_id": "k_live_abc123",
"ciphertexts": [
"eyJhbGciOiJLeWJl...",
"eyJhbGciOiJLeWJl..."
]
}
{
"new_key_id": "k_live_def456",
"rotated": 2,
"ciphertexts": [
"eyJuZXdLZXkiOiJ...",
"eyJuZXdLZXkiOiJ..."
],
"old_key_retired": true,
"rotated_at": "2026-03-04T12:00:02Z"
}
Get your API key in seconds. Protect every byte at rest with post-quantum security on your free tier.
Start Encrypting1,000 free units/month · 4 endpoints · <1ms encrypt · NIST Level 3