Where Does My Data Go?
It's the first question any security team asks. Qpher gives you three ways to encrypt, and you choose how much your data touches our servers â from never (client-side encryption) to a single stateless, in-region API call.
Your private keys never leave Qpher's secure enclave, and with client-side encryption your plaintext never leaves your environment at all. When you do send data to the API, it is processed statelessly in the United States and is never stored.
1. Client-side encryption â your plaintext never leaves your environmentâ
This is the strongest mode, and the one the Qpher Vault app itself uses.
- Call
/kem/encapsulateto get a one-time shared secret plus a Kyber768 (ML-KEM-768) ciphertext. - Encrypt your data locally with AES-256-GCM using that shared secret.
- Store the AES ciphertext alongside the Kyber768 ciphertext â wherever you like.
- To decrypt, call
/kem/decapsulateto recover the shared secret, then decrypt locally.
Qpher only ever sees public-key material â never your plaintext, and never your symmetric keys. Use this for regulated data, zero-trust architectures, or anything you simply don't want to transmit.
2. Server-side KEM-DEM â one call, for payloads up to 1 MBâ
When you'd rather not implement local crypto, send your plaintext to
/kem/encrypt and Qpher does the work:
- Kyber768 encapsulation â HKDF-SHA256 â AES-256-GCM, all inside the enclave.
- The shared secret is ephemeral and never stored.
- Processing is stateless â Qpher retains neither your plaintext nor the ciphertext.
- Data is processed in-region in the United States, over TLS.
Best for quick integrations and small payloads (the request limit is 1 MB).
3. Key wrap â large files, still client-sideâ
For large files, encrypt locally with your own AES key, then protect that key with
/kem/key/wrap. Your file's plaintext never touches Qpher â
only the wrapped key does. Unwrap with /kem/key/unwrap when
you need to decrypt.
At a glanceâ
| Mode | Plaintext sent to Qpher? | Best for |
|---|---|---|
Client-side encryption (encapsulate) | No | Regulated / zero-trust data |
Server-side KEM-DEM (encrypt) | Yes, ⤠1 MB, never stored | Quick integration, small payloads |
Key wrap (key/wrap) | No (only the wrapped key) | Large files |
What about my private keys?â
In every mode, your PQC private keys never leave Qpher's enclave â they are never returned by any API. At rest they are protected with AES-256-GCM and a Cloud KMS envelope (KEK). See Non-Exportable Keys and Encryption at Rest.
Qpher currently processes and stores data in the United States (GCP us-east1).