Loading...
private.me Docs
Get xBeam
PRIVATE.ME · Technical White Paper

Xbeam: Satellite Telemetry Protection

Satellite downlinks are vulnerable to interception. A single compromised ground station exposes thermal, radar, and optical sensor data. Xbeam splits telemetry frames via XorIDA threshold sharing across geographically distributed stations, ensuring no single station can reconstruct full sensor data. Information-theoretically secure. Zero dependencies.

v0.1.0 64 tests passing 3 modules 0 npm deps ~2ms split Dual ESM/CJS
Section 01

Executive Summary

Xbeam protects satellite telemetry by splitting sensor frames across multiple ground stations using XorIDA threshold sharing. No single station compromise reveals the full data.

Modern reconnaissance satellites downlink thermal imagery, radar data, and optical sensor feeds to ground stations scattered across continents. A single station compromise — whether through RF interception, insider threat, or foreign intelligence penetration — exposes the entire telemetry stream. Traditional encryption protects data in transit but requires every ground station to hold decryption keys, creating multiple points of catastrophic failure.

Xbeam takes a different approach. Each telemetry frame is split via XorIDA (threshold sharing over GF(2)) into N shares, one per ground station. Reconstruction requires any K-of-N shares. An adversary who compromises fewer than K stations learns mathematically zero information about the sensor data — not computationally hard, but information-theoretically impossible to break.

Two functions cover the full workflow: splitTelemetry() shards a frame and generates HMAC-SHA256 integrity tags for each share. reconstructTelemetry() validates HMACs, checks frame hash integrity, and rebuilds the original sensor data from any K shares. Orbital parameters, sensor type, and timestamp metadata preserved alongside shares for reconstruction context.

BUILDING BLOCK FOUNDATION
Xbeam builds on @private.me/crypto (XorIDA primitives, HMAC, padding) and @private.me/shared (Result types, error utilities). Zero additional dependencies. Works anywhere Web Crypto API is available.
Section 02

The Problem

Satellite reconnaissance data flows through ground stations scattered across allied and contested territories. A single station compromise exposes the entire intelligence stream.

Ground stations are semi-trusted. They're operated by allied nations, commercial providers, or host-country militaries. Political winds shift. Personnel turnover creates insider risk. RF downlinks can be intercepted by adversaries with nearby receivers. A single compromised station reveals every frame it processes.

Link-layer encryption isn't enough. TLS or AES-256 protect data in transit, but every ground station that receives telemetry must hold decryption keys. Compromise one station, gain access to all past and future frames that route through it. Key rotation helps, but the fundamental problem remains: keys are present at every endpoint.

Air-gapped processing is impractical. Real-time satellite telemetry feeds mission planning, threat detection, and time-sensitive intelligence products. You can't wait for a courier to physically transport encrypted drives from multiple stations to a secure facility for reconstruction.

Multi-path routing is expensive. Sending encrypted copies of the same frame to multiple stations and reconstructing at a central facility works, but wastes satellite downlink bandwidth — a scarce and expensive resource. Bandwidth is measured in MHz, not GB/s.

Approach Station Compromise RF Interception Bandwidth Usage Real-Time
Single encrypted downlink Full exposure Key compromise 1x Yes
Multi-path encrypted Full exposure Key compromise Nx redundancy Yes
Air-gapped courier Isolated Isolated 1x Hours/days delay
Xbeam split-channel Zero info leak Zero info leak ~1x + overhead Yes
Section 03

Use Cases

Xbeam applies wherever satellite telemetry flows through semi-trusted ground infrastructure across multiple jurisdictions.

🛰️
Defense Intelligence
Reconnaissance Satellites
Thermal, radar, and optical sensor data from reconnaissance satellites split across allied ground stations. No single station compromise reveals mission targets or collection priorities.
GEOINT
📡
Signals Intelligence
SIGINT Downlinks
Electronic signals intelligence and communications intercepts split across Five Eyes ground stations. Threshold reconstruction requires cooperation from multiple allied nations.
SIGINT / FISMA
🌍
Commercial Imaging
Earth Observation
High-resolution commercial satellite imagery split across ground stations in customer jurisdictions. Protects proprietary sensor calibration data and prevents unauthorized reconstruction.
Commercial / ITAR
🚀
Space Operations
Mission Telemetry
Spacecraft health telemetry, orbit determination, and maneuver data split across international ground station network. Protects operational security and prevents adversary orbit prediction.
OpSec / ITAR
Section 04

How It Works

Xbeam splits telemetry frames via XorIDA threshold sharing, routes shares to independent ground stations, and reconstructs from any K-of-N stations at the analysis facility.

Split Process

The satellite's onboard processor receives a telemetry frame from thermal/radar/optical sensors. The frame contains raw sensor data (Uint8Array), orbital parameters (altitude, inclination), sensor type, timestamp, and unique frame ID.

Telemetry frame structure
const frame: TelemetryFrame = {
  frameId: 'FRM-00421',
  satelliteId: 'SAT-RECON-7',
  timestamp: '2026-04-10T14:23:17Z',
  sensorType: 'thermal',        // thermal | radar | optical
  data: new Uint8Array([/* sensor payload */]),
  orbit: { altitude: 550, inclination: 97.4 }
};

splitTelemetry() performs the following steps:

  1. Padding: Pad sensor data to alignment boundary via PKCS#7
  2. HMAC generation: Generate HMAC-SHA256 key and compute HMAC over padded data
  3. XorIDA split: Split padded data into N shares (one per ground station) with K-of-N threshold
  4. Share packaging: Encode each share as base64, attach HMAC (base64 key:signature), assign station ID
  5. Frame hash: Compute SHA-256 hash of original unpadded data for end-to-end integrity
Splitting telemetry across 3 ground stations (2-of-3 threshold)
import { splitTelemetry } from '@private.me/sattelemetry';

const config = {
  stations: [
    { id: 'GS-SVB', name: 'Svalbard', location: 'Svalbard, Norway' },
    { id: 'GS-ALI', name: 'Alice Springs', location: 'Australia' },
    { id: 'GS-MAS', name: 'Maspalomas', location: 'Gran Canaria' }
  ],
  threshold: 2  // Any 2 stations can reconstruct
};

const result = await splitTelemetry(frame, config);
if (!result.ok) throw new Error(result.error.message);

// Result contains 3 shares + frame hash
const { shares, frameHash } = result.value;
// shares[0] → GS-SVB (Svalbard)
// shares[1] → GS-ALI (Alice Springs)
// shares[2] → GS-MAS (Maspalomas)

Reconstruction

Ground stations receive their shares via RF downlink and forward them to the analysis facility over secure networks. The facility collects shares and reconstructs when K or more arrive.

Reconstruct from any 2-of-3 shares
import { reconstructTelemetry } from '@private.me/sattelemetry';

// Received shares from Svalbard + Alice Springs
// (Maspalomas share not needed for 2-of-3 threshold)
const receivedShares = [shares[0], shares[1]];

const result = await reconstructTelemetry(receivedShares, frameHash);
if (!result.ok) throw new Error(result.error.message);

// result.value is the original sensor Uint8Array
const sensorData: Uint8Array = result.value;

reconstructTelemetry() performs the following steps:

  1. Share validation: Check metadata consistency (frame ID, total, threshold)
  2. Threshold check: Verify at least K shares provided
  3. XorIDA reconstruction: Rebuild padded data from shares
  4. HMAC verification: Verify HMAC-SHA256 over reconstructed padded data
  5. Unpad: Remove PKCS#7 padding to recover original sensor data
  6. Frame hash verification: Compute SHA-256 of unpadded data, verify against provided frame hash
SECURITY CRITICAL
HMAC verification happens before unpadding. Frame hash verification happens after unpadding. This double-layer integrity check catches both share tampering and padding oracle attacks.
Section 05

Integration

Xbeam integrates into existing satellite ground systems via onboard split, downlink routing, and facility-side reconstruction.

Onboard Integration

Install @private.me/sattelemetry on the satellite's onboard processor. Call splitTelemetry() after sensor data acquisition and before downlink transmission. Route each share to its designated ground station via the satellite's RF transmitter.

Onboard telemetry split example
import { splitTelemetry } from '@private.me/sattelemetry';

// Sensor acquisition (thermal camera, radar, etc.)
const sensorData = await acquireSensorFrame();

const frame = {
  frameId: generateFrameId(),
  satelliteId: SATELLITE_ID,
  timestamp: new Date().toISOString(),
  sensorType: 'thermal',
  data: sensorData,
  orbit: await getCurrentOrbit()
};

const result = await splitTelemetry(frame, GROUND_STATION_CONFIG);
if (!result.ok) {
  logError('Telemetry split failed', result.error);
  return;
}

// Downlink each share to its designated ground station
for (const share of result.value.shares) {
  await downlinkShare(share.stationId, share);
}

Ground Station Integration

Ground stations receive shares via RF downlink, store them temporarily, and forward to the analysis facility over encrypted networks (VPN, dedicated fiber, or satellite internet uplink). No reconstruction happens at ground stations — they handle routing only.

Analysis Facility Integration

The analysis facility collects shares from multiple ground stations, waits for K shares to arrive, then calls reconstructTelemetry(). Reconstructed sensor data flows into existing imagery analysis, GEOINT workflows, or mission planning systems.

Facility-side reconstruction
import { reconstructTelemetry } from '@private.me/sattelemetry';

// ShareCollector waits for K shares to arrive from ground stations
const { shares, frameHash } = await shareCollector.waitForThreshold(frameId);

const result = await reconstructTelemetry(shares, frameHash);
if (!result.ok) {
  handleReconstructionError(result.error);
  return;
}

// Pass reconstructed data to imagery analysis pipeline
await imageryPipeline.process(result.value);
OPERATIONAL FLEXIBILITY
Reconstruction works with any K-of-N shares. If Svalbard station is offline due to weather, reconstruction proceeds using Alice Springs + Maspalomas. No single station is a single point of failure.
Section 06

Security

Xbeam provides information-theoretic security via XorIDA threshold sharing, dual-layer integrity verification via HMAC and frame hash, and zero-knowledge share isolation.

Information-Theoretic Security

XorIDA threshold sharing over GF(2) guarantees that any subset of fewer than K shares reveals zero information about the plaintext. This is not a computational hardness assumption (like RSA or AES) — it's mathematically provable. An adversary with infinite computing power who compromises K-1 ground stations learns nothing.

QUANTUM-PROOF BY DESIGN
Information-theoretic security is immune to quantum computers. Shor's algorithm, Grover's algorithm, and future quantum attacks are irrelevant — there is no ciphertext to break.

Dual Integrity Verification

HMAC-SHA256 per-share integrity: Each share carries its own HMAC, computed over the padded plaintext before splitting. After XorIDA reconstruction, the HMAC is verified before unpadding. This catches share corruption, transmission errors, and tampering attempts.

SHA-256 frame hash: After unpadding, the reconstructed sensor data is hashed and compared against the frame hash transmitted with the shares. This provides end-to-end integrity verification independent of the HMAC layer.

Threat Resistance

Threat Mitigation Residual Risk
Ground station compromise XorIDA: single share reveals zero info If ≥K stations compromised, full reconstruction possible
RF downlink interception Each downlink carries only one share Metadata (frame ID, satellite ID) visible in cleartext
Share tampering HMAC + frame hash dual verification None — both layers must pass
Replay attack Frame ID + timestamp in metadata Consumer must validate recency and deduplicate
Padding oracle HMAC verified before unpadding None — timing side-channels eliminated

Station Distribution Strategy

For maximum security, ground stations should be distributed across geopolitically independent jurisdictions. A 3-station configuration with Svalbard (Norway), Alice Springs (Australia), and Maspalomas (Spain) ensures no two stations share sovereignty or intelligence-sharing agreements that would allow coordinated compromise.

Section 07

Benchmarks

Xbeam performance measured on Node.js 20 LTS, Intel i7-1185G7 (3.0 GHz base), 16GB RAM. Operations are CPU-bound via Web Crypto API.

~2ms
64KB frame split (3 shares)
~1.8ms
Reconstruction (2-of-3)
~33ms
1MB thermal image (2-of-2)
0 deps
npm dependencies

Payload Size Scaling

Payload Size Split (3 shares) Reconstruct (2-of-3) Notes
64 KB ~2.1ms ~1.8ms Typical radar frame
256 KB ~6.4ms ~5.7ms Multispectral sensor
1 MB ~24ms ~21ms High-res thermal image
4 MB ~89ms ~78ms Optical imagery

Threshold Configuration Impact

XorIDA performance is dominated by HMAC and padding operations, not the split itself. Increasing N (total shares) has minimal impact. Threshold K does not affect split performance — it only changes reconstruction requirements.

Configuration Split (256KB) Reconstruct Use Case
2-of-2 ~6.1ms ~5.5ms Maximum security (bilateral)
2-of-3 ~6.4ms ~5.7ms Fault tolerance (standard)
3-of-5 ~7.2ms ~6.1ms High redundancy (contested ops)
REAL-TIME CAPABLE
Even at 1MB frame sizes, split + reconstruct completes in ~45ms total. This is well within real-time requirements for satellite telemetry (typical downlink rates 1-10 frames/second).
Section 08

Honest Limitations

Xbeam solves ground station compromise but does not address every threat in the satellite telemetry chain. Honest assessment of what it does and does not protect.

What Xbeam Does NOT Protect

1. Satellite Compromise

If the satellite itself is compromised (firmware backdoor, supply chain attack, insider sabotage during manufacturing), the adversary can exfiltrate plaintext sensor data before splitting. Xbeam protects downlink and ground infrastructure, not the spacecraft.

2. Metadata Visibility

Frame ID, satellite ID, sensor type, timestamp, and orbital parameters are transmitted in cleartext with each share. An adversary intercepting RF downlinks can perform traffic analysis: how many frames downlinked per pass, which ground stations received shares, timing patterns revealing collection priorities.

Why this matters: Even without plaintext access, knowing that a reconnaissance satellite is downlinking to certain stations at certain times reveals operational tempo and mission focus.

3. K-or-More Station Compromise

Information-theoretic security guarantees zero information leakage from K-1 shares. But if an adversary compromises K or more ground stations, they can reconstruct the full telemetry. This is not a cryptographic weakness — it's the fundamental tradeoff of threshold schemes.

Mitigation: Distribute stations across geopolitically independent jurisdictions. A 2-of-3 configuration with Norway, Australia, and Spain requires an adversary to simultaneously penetrate intelligence agencies in three non-aligned nations.

4. No Station Authentication

Xbeam does not verify ground station identity. A rogue station that successfully spoofs downlink protocols can receive shares. Satellite systems should implement station authentication at the RF layer (challenge-response, mutual TLS, or hardware security modules).

5. Frame Ordering and Deduplication

Xbeam does not enforce frame sequencing or prevent replay of old shares. Consumers must implement their own frame ordering (via timestamp + frame ID) and deduplication logic. A sophisticated adversary could replay old shares to inject stale telemetry.

6. Link-Layer Encryption

Shares are not encrypted for RF downlink. While individual shares reveal zero plaintext information, metadata is visible. For maximum operational security, use link-layer encryption (AES-256-GCM over the RF link) in addition to XorIDA splitting.

DEFENSE IN DEPTH
Xbeam is one layer in a defense-in-depth strategy. Use it alongside link-layer encryption, station authentication, firmware attestation, and traffic obfuscation. No single technology solves all threats.
Section 09

Regulatory Compliance

Xbeam addresses ITAR, FISMA, and international data sovereignty requirements for satellite telemetry systems.

ITAR (International Traffic in Arms Regulations)

Satellite imagery and sensor data often fall under ITAR export controls. Ground stations in allied nations (Australia, UK, Canada) may be authorized to receive shares, but the full telemetry data cannot be reconstructed on foreign soil without a Technical Assistance Agreement (TAA).

Xbeam compliance strategy: Use a 2-of-3 configuration where two stations are in ITAR-controlled jurisdictions (US, Five Eyes) and one station is allied-but-restricted. Reconstruction happens only at US facilities with proper export licenses. Allied stations handle routing but never reconstruct.

FISMA (Federal Information Security Management Act)

Defense and intelligence satellite systems must comply with FISMA Moderate or High controls. FISMA requires encryption at rest and in transit, plus integrity verification and access controls.

Xbeam addresses: Information-theoretic confidentiality (exceeds AES-256 for share protection), dual-layer integrity (HMAC + frame hash), and compartmentalized access (no single station holds plaintext).

Data Sovereignty (EU, Australia, Japan)

Commercial Earth observation providers must comply with data sovereignty laws. EU GDPR, Australian Privacy Act, and Japan APPI restrict cross-border transfer of certain telemetry data.

Xbeam compliance strategy: Place ground stations in jurisdictions where data sovereignty applies. Shares routed through EU/Australia/Japan ground stations never leave those jurisdictions in plaintext form. Reconstruction happens at the customer's facility within their legal jurisdiction.

ZERO-TRUST GROUND INFRASTRUCTURE
Xbeam enables a zero-trust architecture for satellite ground systems. Ground stations are semi-trusted relays, not trusted endpoints. Even if a station is compromised by foreign intelligence, the plaintext remains protected.
Section 10

Comparison to Alternatives

How Xbeam compares to traditional satellite telemetry protection approaches.

Approach Security Model Station Trust Bandwidth Complexity
AES-256-GCM downlink Computational Full trust required 1x Low
Multi-path encrypted Computational Full trust required Nx Medium
Homomorphic encryption Computational Semi-trusted OK 10-100x overhead Very high
Xbeam (XorIDA) Information-theoretic Semi-trusted OK ~1.1x Low

Why Not AES-256-GCM?

AES-256-GCM is computationally secure and widely deployed. But every ground station that receives telemetry must hold decryption keys. Key rotation helps, but the fundamental problem remains: compromise one station, decrypt all traffic that passes through it.

Why Not Homomorphic Encryption?

Fully homomorphic encryption (FHE) allows computation on encrypted data without decryption. But FHE is 10-100x slower than plaintext operations and adds massive bandwidth overhead (10-100x ciphertext expansion). Impractical for real-time satellite telemetry at current maturity levels.

Why Not Multi-Party Computation (MPC)?

MPC allows N parties to jointly compute a function without revealing inputs. But MPC protocols require interactivity — ground stations must communicate with each other during reconstruction. Xbeam reconstruction is non-interactive: collect K shares, reconstruct locally, no inter-station coordination needed.

Advanced Topics

Appendices

Deep-dive technical reference for integration engineers and security auditors.

Appendix A

API Surface

Complete TypeScript API reference for @private.me/sattelemetry.

Core Functions

splitTelemetry(frame: TelemetryFrame, config: SatTelemetryConfig): Promise<Result<TelemetrySplitResult, SatTelemetryError>>
Split a telemetry frame across ground stations via XorIDA. Returns shares array + frame hash. Each share contains base64-encoded data, HMAC, station ID, and metadata.
reconstructTelemetry(shares: TelemetryShare[], frameHash: string): Promise<Result<Uint8Array, SatTelemetryError>>
Reconstruct telemetry data from K-of-N shares. Validates HMAC, reconstructs via XorIDA, unpads, and verifies frame hash. Returns original sensor data as Uint8Array.

Types

Type definitions
interface TelemetryFrame {
  frameId: string;              // Unique frame identifier
  satelliteId: string;          // Satellite identifier
  timestamp: string;            // ISO 8601 timestamp
  sensorType: string;           // thermal | radar | optical
  data: Uint8Array;             // Raw sensor data
  orbit: OrbitParams;           // Orbital parameters
}

interface OrbitParams {
  altitude: number;             // Altitude in km
  inclination: number;          // Inclination in degrees
}

interface SatTelemetryConfig {
  stations: GroundStationConfig[];  // Ground station array
  threshold: number;                // K (minimum shares for reconstruction)
  chunkSize?: number;               // Optional XorIDA chunk size
}

interface GroundStationConfig {
  id: string;                   // Station identifier (e.g., GS-SVB)
  name: string;                 // Human-readable name
  location: string;             // Geographic location
}

interface TelemetryShare {
  frameId: string;
  satelliteId: string;
  stationId: string;            // Assigned ground station ID
  index: number;                // Share index (1-based)
  total: number;                // Total shares (N)
  threshold: number;            // Reconstruction threshold (K)
  data: string;                 // Base64-encoded share data
  hmac: string;                 // Base64 "key:signature"
  originalSize: number;         // Original unpadded data size
}

interface TelemetrySplitResult {
  frameId: string;
  shares: TelemetryShare[];
  frameHash: string;            // SHA-256 hex (64 chars)
}
Appendix B

Error Codes

Exhaustive error taxonomy for @private.me/sattelemetry operations.

Code When Mitigation
INVALID_CONFIG Fewer than 2 stations, threshold < 2, or threshold > station count Verify config: at least 2 stations, 2 ≤ K ≤ N
SPLIT_FAILED XorIDA split operation failed Check frame data size, ensure Web Crypto API available
HMAC_FAILED HMAC-SHA256 verification failed during reconstruction Share may be corrupted or tampered. Reject and request retransmission
RECONSTRUCT_FAILED XorIDA reconstruction failed, unpadding failed, or frame hash mismatch Verify share consistency (frame ID, total, threshold). Check frame hash
INSUFFICIENT_SHARES Fewer than K shares provided to reconstructTelemetry() Collect at least K shares before attempting reconstruction

Error Detail Structure

SatTelemetryError type
type SatTelemetryError = {
  code: 'INVALID_CONFIG' | 'SPLIT_FAILED' | 'HMAC_FAILED'
      | 'RECONSTRUCT_FAILED' | 'INSUFFICIENT_SHARES';
  message: string;
};
Appendix C

Threat Model

Detailed threat analysis and residual risk assessment for satellite telemetry splitting.

Trust Boundaries

Trusted: Satellite onboard processor, analysis facility reconstruction environment.

Semi-trusted: Ground stations (authorized to receive shares, but compromisable by adversaries or insider threats).

Untrusted: RF downlink medium, network paths between ground stations and analysis facility.

Threat Scenarios

T1: Ground Station Compromise

Threat: Adversary compromises a ground station and obtains its telemetry share.
Mitigation: XorIDA information-theoretic security — single share reveals zero information.
Residual Risk: If adversary compromises ≥K stations, full frame reconstruction is possible. Distribute stations across geopolitically independent locations.

T2: Telemetry Frame Tampering

Threat: Attacker modifies shares to alter telemetry data.
Mitigation: HMAC-SHA256 verification after reconstruction (before unpadding). Frame SHA-256 hash verified after unpadding. Double integrity check.
Residual Risk: None from share tampering — both HMAC and frame hash verification catch all modifications.

T3: RF Downlink Interception

Threat: Adversary intercepts satellite-to-ground RF transmissions.
Mitigation: Each downlink carries only one share. XorIDA guarantees zero information leakage from fewer than threshold shares.
Residual Risk: Metadata (frame ID, satellite ID, station assignment) is in cleartext on shares. Traffic analysis reveals communication patterns even without data access.

T4: Frame Replay

Threat: Adversary replays old telemetry shares to inject stale data.
Mitigation: Each frame has a unique frameId and timestamp. Consumers should validate frame recency and reject duplicates.
Residual Risk: Xbeam does not enforce frame recency or deduplication. Consumers must implement their own replay detection.

T5: Inconsistent Share Metadata

Threat: Attacker provides shares with mismatched frame IDs or threshold values to cause reconstruction errors.
Mitigation: Share validation checks frameId, total, and threshold consistency across all shares. Mismatches return RECONSTRUCT_FAILED.
Residual Risk: None — metadata consistency checks reject all mismatched shares.

Accepted Residual Risks

  1. No RF link encryption: Shares are not encrypted for downlink. Use link-layer encryption.
  2. No station authentication: Xbeam does not verify ground station identity.
  3. No frame ordering: Consumers must handle frame sequencing.
  4. Metadata visible: Frame ID, satellite ID, and station assignments are cleartext.

Deployment Options

🌐

SaaS Recommended

Fully managed infrastructure. Call our REST API, we handle scaling, updates, and operations.

  • Zero infrastructure setup
  • Automatic updates
  • 99.9% uptime SLA
  • Enterprise SLA available
View Pricing →
📦

SDK Integration

Embed directly in your application. Runs in your codebase with full programmatic control.

  • npm install @private.me/sattelemetry
  • TypeScript/JavaScript SDK
  • Full source access
  • Enterprise support available
Get Started →
🏢

On-Premise Upon Request

Enterprise CLI for compliance, air-gap, or data residency requirements.

  • Complete data sovereignty
  • Air-gap capable deployment
  • Custom SLA + dedicated support
  • Professional services included
Request Quote →

Enterprise On-Premise Deployment

While satTelemetry is primarily delivered as SaaS or SDK, we build dedicated on-premise infrastructure for customers with:

  • Regulatory mandates — HIPAA, SOX, FedRAMP, CMMC requiring self-hosted processing
  • Air-gapped environments — SCIF, classified networks, offline operations
  • Data residency requirements — EU GDPR, China data laws, government mandates
  • Custom integration needs — Embed in proprietary platforms, specialized workflows

Includes: Enterprise CLI, Docker/Kubernetes orchestration, RBAC, audit logging, and dedicated support.

Contact sales for assessment and pricing →

Other Requirements? Need white-label deployment or custom integration? Contact our enterprise team →