Loading...
private.me Docs
Get xVaultDB
PRIVATE.ME PLATFORM

xVaultDB: Encrypted Split Database

Row-level XorIDA splitting where each database record is serialized, HMAC-signed, and distributed across independent storage backends. No single backend ever holds reconstructable data.

Data Infrastructure COMING SOON XorIDA Powered
Section 01

The Problem

Database breaches expose entire tables of sensitive records. Encryption at rest still gives the database server full access to plaintext during query execution.

Traditional database encryption protects data on disk but decrypts everything in memory when the server processes queries. A compromised database server, a leaked backup, or an insider with admin credentials gets access to every row in every table simultaneously.

Column-level encryption and tokenization add complexity but still concentrate trust in a single system. The encryption keys live on the same infrastructure as the data, creating a single point of catastrophic failure.

The Old Way

API Key in Config Single DB Server All Rows Exposed Compromise = Full access to every record
Section 02

The PRIVATE.ME Solution

xVaultDB applies XorIDA threshold splitting at the row level. Each record is serialized, HMAC-signed for integrity, and split into N shares distributed across independent storage backends.

No single backend holds enough information to reconstruct any record. An attacker who compromises one storage node gains zero information about the original data — this is information-theoretic security, not computational.

Reconstruction requires K-of-N shares with HMAC verification before reassembly. Tampered shares are detected and rejected before they can corrupt the reconstruction process.

The New Way

DID Identity Split Auth Backend 1 Backend 2 Backend 3 HMAC Verify Secure
Section 03

How It Works

Each database row passes through a structured pipeline: serialization, validation, XorIDA splitting across N storage nodes, HMAC verification, and threshold reconstruction on read.

Row Input Validate XorIDA Split Node 1 Node 2 Node 3 HMAC Verify Output
Key Security Properties
Information-theoretic security: Each share reveals zero information about the original row. HMAC integrity: SHA-256 per-share verification detects any tampering before reconstruction. Threshold tolerance: K-of-N reconstruction means up to N-K backends can fail without data loss.
Section 04

Use Cases

🏥
Healthcare
Patient Record Databases

Split EHR records across independent storage nodes. HIPAA breach risk drops to zero per node. Reconstruction requires quorum from authorized endpoints only.

HIPAA Compliant
🏦
Finance
Financial Transaction Stores

Transaction records split across geo-distributed backends. No single data center holds reconstructable financial data. Meets SEC 17a-4 immutability requirements.

SEC 17a-4
🔒
SaaS
PII-Heavy SaaS Databases

Customer PII split at the row level. A database breach yields zero usable personal data. GDPR right-to-erasure is satisfied by destroying K shares.

GDPR Ready
🏢
Enterprise
Multi-Tenant Data Isolation

Each tenant's data split to tenant-specific backend sets. Cryptographic isolation eliminates cross-tenant data leakage even with shared infrastructure.

Zero Trust
Section 05

Integration

Quick Start
import { splitRow, querySecure } from '@private.me/xvaultdb';

// Split a patient record across 3 backends (2-of-3 threshold)
const shares = await splitRow(
  { id: 'pat-001', name: 'Jane Doe', ssn: '***-**-1234' },
  ['backend-a.internal', 'backend-b.internal', 'backend-c.internal'],
  { n: 3, k: 2 }
);

// Query with threshold reconstruction
const result = await querySecure('pat-001', shares);
splitRow(record: Record, backends: string[], config: { n: number, k: number }): Promise<RowShare[]>
Serializes a database record, generates HMAC-SHA256 integrity tags, splits via XorIDA into N shares, and distributes them across the specified storage backends. Returns share metadata for later reconstruction.
querySecure(rowId: string, shares: RowShare[]): Promise<Record>
Retrieves K-of-N shares from storage backends, verifies HMAC integrity on each share, reconstructs the original record via XorIDA threshold recombination, and returns the deserialized row.
Section 06

Security Properties

PropertyMechanismGuarantee
ConfidentialityXorIDA K-of-N splittingInformation-theoretic — zero knowledge per share
IntegrityHMAC-SHA256 per shareTamper detection before reconstruction
AvailabilityThreshold redundancyN-K backend failures tolerated
IsolationIndependent storage backendsNo cross-backend data correlation
ErasureShare destructionDestroy K shares = irreversible deletion
<1ms
Split latency per row
2-of-3
Default threshold
0 bits
Info leaked per share
SHA-256
Integrity HMAC
VERIFIED BY XPROVE

Verifiable Data Protection

Every operation in this ACI produces a verifiable audit trail via xProve. HMAC-chained integrity proofs let auditors confirm that data was split, stored, and reconstructed correctly — without accessing the data itself.

XPROVE AUDIT TRAIL
Every XorIDA split generates HMAC-SHA256 integrity tags. xProve chains these into a tamper-evident audit trail that proves data was handled correctly at every step. Upgrade to zero-knowledge proofs when regulators or counterparties need public verification.

Read the xProve white paper →

Deployment Options

🌐

SaaS Recommended

Fully managed infrastructure. Call our REST API, we handle scaling, updates, and operations.

  • Zero infrastructure setup
  • Automatic updates
  • 99.9% uptime SLA
  • Pay per use
View Pricing →
📦

SDK Integration

Embed directly in your application. Runs in your codebase with full programmatic control.

  • npm install @private.me/xvaultdb
  • TypeScript/JavaScript SDK
  • Full source access
  • Enterprise support available
Get Started →
🏢

On-Premise Enterprise

Self-hosted infrastructure for air-gapped, compliance, or data residency requirements.

  • Complete data sovereignty
  • Air-gap capable
  • Docker + Kubernetes ready
  • RBAC + audit logs included
Enterprise CLI →

Custom Requirements? Need dedicated infrastructure, white-label deployment, or custom integration? Contact our enterprise team →

GET STARTED

Ready to deploy xVaultDB?

Talk to Ren, our AI sales engineer, or book a live demo with our team.

Book a Demo
PRIVATE.ME · xVaultDB WHITE PAPER

© 2026 StandardClouds Inc. dba PRIVATE.ME. All rights reserved.

VERIFIABLE WITHOUT CODE EXPOSURE

Ship Proofs, Not Source

xVaultdb generates cryptographic proofs of correct execution without exposing proprietary algorithms. Verify integrity using zero-knowledge proofs — no source code required.

XPROVE CRYPTOGRAPHIC PROOF
Download proofs:

Verify proofs online →

Use Cases

🏛️
REGULATORY
FDA / SEC Submissions
Prove algorithm correctness for distributed systems without exposing trade secrets or IP.
Zero IP Exposure
🏦
FINANCIAL
Audit Without Access
External auditors verify secure operations without accessing source code or production systems.
FINRA / SOX Compliant
🛡️
DEFENSE
Classified Verification
Security clearance holders verify distributed systems correctness without clearance for source code.
CMMC / NIST Ready
🏢
ENTERPRISE
Procurement Due Diligence
Prove security + correctness during RFP evaluation without NDA or code escrow.
No NDA Required