Building Infrangible, Secure,
Confidential Object Storage

For environments that are intolerant of any risks associated with data leaks due to hacks and millions of system breaches, or regulatory and government jurisdictions data requests, or uncontrolled or weak-provisioned access of AI agents to the organization's knowledge base, we are building our own, sovereign S3-compatible object storage with complete Zero-Knowledge architecture.

Learn more

S3 APIAC & IAMTKM

SCALE & PROTECT AT SINGLE VAULT

f48e047542bdd05d5f8e1c2a6e8d22217...replicateCOMMITTED

/audit/access-log-2006-05-17.jsonwriteSEALED

/models/proprietary/llm-v3.weightswriteREPLICATED

1b8e5d4b5f5204a919bdc8debcbc1c7aa...writeSTORED

/finance/reports/q1-2015-revenue.xlsxreplicateVERIFIED

/legal/contracts/vendor-nda-2026.pdfwriteCOMMITTED

/medical/patient-7741/mri-2026-02-12.dcmwriteSEALED

ACCESS POLICY ENGINE

Access control on our own policy evaluator, with the expressiveness of the Rego language specification.

Principal attributes and object metadata are stored encrypted. A fine-grained access control engine runs on top of encrypted data that is not accessible to anyone, not even to us as the data provider.

SIDE 1IDENTIFIED

Principal

Identity attributes/session

subcustomer.access@bank.eu

deptrisk-analytics

clearanceL3

device162735Q

mfatotp=verified

geoEU-WEST

3f 2a 1c 8b d4 91 07 ae … [+312 KiB]

SIDE 2EVALUATING

Policy rule

Policy Agent engine

package vdx.authz
import rego.v1

default allow := false
allow if {
  input.principal.clearance >= data.object.class
  input.principal.dept      == data.object.owner_dept
  input.env.geo             in data.object.regions
  input.principal.mfa       == "totp=verified"
}

SIDE 3GRANTED

Object

Classified metadata

bucketc4438/603a9-74bb/

classf1

owner_deptd7da-569a430c7

regions{58-3535, 07-40d32f6}

lockc358=da

8c 1d e4 f2 a3 07 9b 55 … [+1.8 GiB]

DECISION PENDINGdecision-id: 7f3a2c1b audit/2026-05-10T14:32:07Z

CAPABILITIES

Designed to reflect the highly regulated model that critical enterprises actually face.

See details

CAP-01

Object Lock, Versioning & WORM

Compliance and Governance modes with a strongly defined retention period. This multilateral immutability is one of our core security aspects.

CAP-02

Ransomware-proof Storage

Continuous/on-demand, append-only snapshots or a full backup vault with enterprise-level speed and downtime-free implementation.

CAP-03

Fine-grained ACL & IAM

Per-object, per-prefix, and per-byte-range policies. Our Policy Engine provides fine-grained access control with a full audit trail.

CAP-04

Decrypted in TEE only

Confidential storage cannot share or expose the data, even at the request of regulatory authorities, due to cryptographic guarantees.

CAP-05

Sovereign, EU-based

All our data servers are located within the European Union, so they are always subject to EU jurisdiction.

CAP-06

Agent memory as source of truth

Trace the provenance of every object an agent reads or writes. Forensic-grade audit by default.

FEATURES

The matrix of features Vivaxdata ship.

Vivaxdata storage development process models the entire zero-trust environment. This is a key feature for implementing all available components to ensure data isolation and confidentiality, as well as guarantee exceptional availability.

CONFIDENTIALITYINTEGRITYAVAILABILITYPERSISTENCE

Trusted Execution Environment [TEE]Client-based Bounded ContourRansomware ProtectionFull Backup Vault

Remote AttestationLightweight SnapshotsFine-grained and Deep AC & IAM ControlObject Immutability & Versioning

Client-side EncryptionAudit Logs & Audit TrailsExpressive Rego EvaluatorData Objects Lock [WORM]

Trusted Key Management [TKM]Completely Isolated MultitenancyCollateral Availability & Access QualityS3-Compatible API

Encryption In-ProcessingData Integrity VerificationNative ReplicationObject Deltas

Confidential Data SharingTamperproofing by DesignApproaching Zero Latency AccessDiscreet Data Reductions

mTLS Verified LinksIntegrated AuthenticationKey Provisioning & RotationData Control Plane

DEPLOYMENT ALTERNATIVES

Vivaxdata supports the infrastructure deployment as a storage security layer for third-party providers.

Deploy Vivaxdata as an intermediate layer to provide encryption, access control, and storage optimisation while data remains transparently stored in your AWS S3/GCS/Azure storage. Metadata, navigation, key management, audit log, and trail log are all available as always.

SECURE STORAGE LAYEREnforce security protection for any type of storage AWS S3 / GCS / Azure.

CLIENT

S3 / TLS

OPAQUE LAYER

ACCESS POLICY / ENCRYPTION / LINEARIZATION / METADATA

S3-COMPATIBLE STORAGE

AWS / GCS / Azure

BUILT FOR

As AI agents become more widespread, all environments are getting sensitive to data leaks.

SECURITY

Highly regulated environments

Maximum quality of protection and confidentiality for such industries as medical insurance, banking, and healthcare.

SECURITY & CONFIDENTIALITY

PROTECTING

Organizations sensitive to data leaks and ransoms

Data persistence assurance for government, financial, corporate, legal, manufacturing, and engineering industries.

WORM & VERSIONING & IMMUTABILITY

GRANTING

Control under AI automation

Multi-level access control and flexible auditing are minimum requirements for companies actively implementing AI infrastructure into their own business processes.

ACCESS CONTROL & AUDIT

The compound solution is to ensure security, protection and data governance.

There's never been a world without data leaks. But wait, let's look at how we combat them and what lies behind our philosophy. Object storage has never been so secure.

No spam at all. Just the most important product updates.

Building Infrangible, Secure,Confidential Object Storage