Skip to main content

Where Does My Data Go?

It's the first question any security team asks. Qpher gives you three ways to encrypt, and you choose how much your data touches our servers — from never (client-side encryption) to a single stateless, in-region API call.

The short answer

Your private keys never leave Qpher's secure enclave, and with client-side encryption your plaintext never leaves your environment at all. When you do send data to the API, it is processed statelessly in the United States and is never stored.

1. Client-side encryption — your plaintext never leaves your environment​

This is the strongest mode, and the one the Qpher Vault app itself uses.

  1. Call /kem/encapsulate to get a one-time shared secret plus a Kyber768 (ML-KEM-768) ciphertext.
  2. Encrypt your data locally with AES-256-GCM using that shared secret.
  3. Store the AES ciphertext alongside the Kyber768 ciphertext — wherever you like.
  4. To decrypt, call /kem/decapsulate to recover the shared secret, then decrypt locally.

Qpher only ever sees public-key material — never your plaintext, and never your symmetric keys. Use this for regulated data, zero-trust architectures, or anything you simply don't want to transmit.

2. Server-side KEM-DEM — one call, for payloads up to 1 MB​

When you'd rather not implement local crypto, send your plaintext to /kem/encrypt and Qpher does the work:

  • Kyber768 encapsulation → HKDF-SHA256 → AES-256-GCM, all inside the enclave.
  • The shared secret is ephemeral and never stored.
  • Processing is stateless — Qpher retains neither your plaintext nor the ciphertext.
  • Data is processed in-region in the United States, over TLS.

Best for quick integrations and small payloads (the request limit is 1 MB).

3. Key wrap — large files, still client-side​

For large files, encrypt locally with your own AES key, then protect that key with /kem/key/wrap. Your file's plaintext never touches Qpher — only the wrapped key does. Unwrap with /kem/key/unwrap when you need to decrypt.

At a glance​

ModePlaintext sent to Qpher?Best for
Client-side encryption (encapsulate)NoRegulated / zero-trust data
Server-side KEM-DEM (encrypt)Yes, ≤ 1 MB, never storedQuick integration, small payloads
Key wrap (key/wrap)No (only the wrapped key)Large files

What about my private keys?​

In every mode, your PQC private keys never leave Qpher's enclave — they are never returned by any API. At rest they are protected with AES-256-GCM and a Cloud KMS envelope (KEK). See Non-Exportable Keys and Encryption at Rest.

Data residency

Qpher currently processes and stores data in the United States (GCP us-east1).