Security & trust

A design built to be inspected.

Every claim below has a verifiable artifact behind it. No marketing fluff in this section — that's the point.

Plaintext never leaves you

Encryption and decryption execute inside the SDK, on your infrastructure. VellumGuard's servers see public keys and ciphertext metadata for the audit trail — never the data itself. This is a structural property, not a promise.

Hybrid by construction

Each ciphertext is sealed with a classical scheme and a post-quantum scheme. A break in either leaves the other standing. You are never worse off than today's best-practice cryptography.

NIST-standardized algorithms

ML-KEM-768 (FIPS 203) and ML-DSA-65 (FIPS 204) at NIST Level 3. No experimental or pre-standardization schemes in the default suite.

Audited primitives only

VellumGuard composes well-reviewed, open cryptographic implementations. There is no home-grown cryptography in the stack — deliberately the boring choice.

Cloud KMS-backed key wrapping

DEKs (data-encryption keys) are wrapped by Google Cloud KMS. The raw DEK is held in process memory only — never written to disk or logs. Identity private key blobs are stored in wrapped, AES-256-GCM-encrypted form only.

Open ciphertext format

The wire format is published with reference test vectors. If VellumGuard ever disappeared, your data would remain decryptable with any conforming tool.

Workspace-scoped API keys

Each workspace uses a separate, revocable API key. Keys are stored as one-way hashes. Identity-scoped authorization allows per-key allow-lists for fine-grained access control.

Durable audit & security events

Every authorization decision, key lifecycle operation (promote, rewrap, retire), and SDK call is recorded in a queryable security-events table. Rate limiting is enforced and recorded. Startup key-unwrap is confirmed per instance.

Threat model

What VellumGuard defends — and what it doesn't.

Honest scoping is part of a trustworthy security product. VellumGuard is explicit about its boundaries.

In scope

Out of scope

For the complete model, including the key hierarchy and rotation policy, see the ciphertext format documentation.

Compliance status

Honest about where we are.

VellumGuard is beta / design-partner ready. The table below reflects the current state — not the roadmap.

SOC 2 Type IINot yet — planned pre-GA
HIPAA certificationNot yet — no BAA currently available
Penetration testingPlanned — not yet completed
Audit trailLive · security_events + audit_events tables
Key managementGoogle Cloud KMS-backed DEK wrapping
Backup restoreVerified 2026-06-19 · Cloud SQL automated backups
Uptime monitoringGCP uptime check on /healthz/ · 1-minute alert
Incident responseDocumented · P0/P1/P2 severity levels defined
FedRAMPRoadmap · not scoped for beta
Data residencyUS (us-east1) · EU region not yet available

Do not use VellumGuard for regulated production PHI, PCI card data, or similarly regulated data without a separate written data-handling agreement. Contact beta@vellumguard.com to discuss your specific use case.

Disclosure

Found something? Tell us.

We welcome coordinated disclosure from security researchers. Reports go straight to the team.