Loading...
private.me Docs
Get Search
PRIVATE.ME PLATFORM

Search: Encrypted Metadata Search

Full-text search over encrypted-at-rest metadata with Gmail-style operators, hybrid keyword/semantic ranking, and Reciprocal Rank Fusion. No plaintext indexing required.

Email Client AVAILABLE NOW FTS5 + Semantic
Section 01

The Problem

Full-text search requires plaintext indexing. Existing search engines cannot index encrypted-at-rest metadata. There is no Gmail-style operator support for encrypted mail.

Every email client relies on plaintext full-text indexes. Gmail, Outlook, and Thunderbird all store searchable text unencrypted. When metadata is encrypted at rest, traditional FTS engines cannot read it. Users lose the ability to search their own inbox.

Semantic search compounds the problem. Embedding vectors expose content patterns even when the source text is encrypted. No existing solution combines keyword search, semantic ranking, and encryption at rest in a single pipeline.

The Old Way

Query plaintext FTS Index UNENCRYPTED all message text exposed at rest Data Leak No Encryption
Section 02

The PRIVATE.ME Solution

A complete search pipeline that encrypts metadata at rest, supports Gmail-style operators (from:, to:, subject:, has:attachment), and fuses keyword and semantic results via Reciprocal Rank Fusion.

FTS5 full-text search operates on metadata decrypted in memory. The index itself is stored encrypted. Gmail-style query operators parse into structured filters that combine with free-text ranking.

Hybrid ranking merges BM25 keyword scores with cosine-similarity semantic scores using Reciprocal Rank Fusion (RRF). This produces better results than either method alone, without exposing plaintext to external embedding services.

The New Way

Query Parse operators FTS5 BM25 keyword Semantic embeddings RRF Fuse ranked results
Section 03

How It Works

Three-stage pipeline: parse query operators, dual-index search (keyword + semantic), and Reciprocal Rank Fusion to produce final ranked results.

Gmail-style Query Operator Parser Structured Filters Encrypted FTS5 Index decrypt in memory → BM25 rank Encrypted Embedding Store cosine similarity → semantic rank Reciprocal Rank Fusion → Final Results
Key Security Properties
Encrypted at rest: Both FTS5 index and embedding vectors encrypted with AES-256-GCM.
In-memory only: Decrypted data exists only in memory during query execution.
No external services: Embeddings generated on-device via local AI provider.
Operator support: from:, to:, subject:, has:attachment, before:, after:, is:starred.
Section 04

Use Cases

Email Client
Encrypted Email Search

Search across encrypted message metadata without exposing plaintext. FTS5 indexes encrypted at rest, decrypted in memory for queries.

FTS5
Privacy
Metadata-Only Search

Index only metadata (sender, subject, date) without storing message bodies. Search without full-content exposure.

Metadata
Productivity
Gmail-Style Query Operators

Use familiar operators like from:alice subject:invoice has:attachment to filter results with structured precision.

Operators
AI/ML
Hybrid Keyword + Semantic

Combine BM25 keyword ranking with cosine-similarity semantic search via Reciprocal Rank Fusion for superior relevance.

RRF
Section 05

Integration

Quick Start
import { createIndex, search } from '@private.me/search';

// Create encrypted search index
const index = await createIndex('user@example.com', {
  enableSemantic: true,
  embeddingProvider: 'ollama'
});

// Search with Gmail-style operators
const results = await search(
  'from:alice subject:invoice has:attachment',
  index
);

// Results ranked by Reciprocal Rank Fusion
results.forEach(r => console.log(r.score, r.subject));
search(query: string, index: SearchIndex): Promise<SearchResult[]>
Execute a search query against the encrypted index. Supports Gmail-style operators and free text. Returns results ranked by hybrid RRF scoring.
createIndex(email: string, config?: IndexConfig): Promise<SearchIndex>
Initialize an encrypted search index for the given email. Supports FTS5 keyword indexing and optional semantic embeddings.
Section 06

Security Properties

PropertyMechanismGuarantee
Index encryptionAES-256-GCM at restNo plaintext index
In-memory decryptionDecrypt only during queryMinimal exposure
Local embeddingsOn-device AI providerNo cloud exposure
Query privacyClient-side executionNo server query logs
Metadata onlyNo message body indexingContent separation
FTS5
search engine
RRF
rank fusion
0
plaintext at rest
<50ms
query latency
PRIVATE.ME · SEARCH WHITE PAPER

© 2026 StandardClouds Inc. dba PRIVATE.ME. All rights reserved.

VERIFIABLE WITHOUT CODE EXPOSURE

Ship Proofs, Not Source

Search generates cryptographic proofs of correct execution without exposing proprietary algorithms. Verify integrity using zero-knowledge proofs — no source code required.

XPROVE CRYPTOGRAPHIC PROOF
Download proofs:

Verify proofs online →

Use Cases

🏛️
REGULATORY
FDA / SEC Submissions
Prove algorithm correctness for encrypted search without exposing trade secrets or IP.
Zero IP Exposure
🏦
FINANCIAL
Audit Without Access
External auditors verify FTS5 encrypted metadata without accessing source code or production systems.
FINRA / SOX Compliant
🛡️
DEFENSE
Classified Verification
Security clearance holders verify encrypted search correctness without clearance for source code.
CMMC / NIST Ready
🏢
ENTERPRISE
Procurement Due Diligence
Prove security + correctness during RFP evaluation without NDA or code escrow.
No NDA Required

Deployment Options

🌐

SaaS Recommended

Fully managed infrastructure. Call our REST API, we handle scaling, updates, and operations.

  • Zero infrastructure setup
  • Automatic updates
  • 99.9% uptime SLA
  • Enterprise SLA available
View Pricing →
📦

SDK Integration

Embed directly in your application. Runs in your codebase with full programmatic control.

  • npm install @private.me/search
  • TypeScript/JavaScript SDK
  • Full source access
  • Enterprise support available
Get Started →
🏢

On-Premise Upon Request

Enterprise CLI for compliance, air-gap, or data residency requirements.

  • Complete data sovereignty
  • Air-gap capable deployment
  • Custom SLA + dedicated support
  • Professional services included
Request Quote →

Enterprise On-Premise Deployment

While Search is primarily delivered as SaaS or SDK, we build dedicated on-premise infrastructure for customers with:

  • Regulatory mandates — HIPAA, SOX, FedRAMP, CMMC requiring self-hosted processing
  • Air-gapped environments — SCIF, classified networks, offline operations
  • Data residency requirements — EU GDPR, China data laws, government mandates
  • Custom integration needs — Embed in proprietary platforms, specialized workflows

Includes: Enterprise CLI, Docker/Kubernetes orchestration, RBAC, audit logging, and dedicated support.

Contact sales for assessment and pricing →

Other Requirements? Need white-label deployment or custom integration? Contact our enterprise team →