Skip to main content
Trusset provides infrastructure for encrypting your instance data while you maintain complete control over encryption keys. We have zero access to your encrypted data - if you lose your key, data becomes permanently unrecoverable.

Encryption Architecture

AES-256 Encryption

Military-grade encryption standard protecting all instance data at rest

Client-Side Keys

Encryption keys never leave your control - Trusset cannot decrypt your data

Instance Isolation

Each instance encrypts data separately - no cross-instance data access possible

Public Data Control

Mark specific datasets as public for controlled third-party access

Data Categories

Trusset manages three distinct data categories with different storage approaches:
  • Private Instance Data: Customer records, internal documents, compliance files - encrypted with your instance key, stored in Trusset infrastructure, inaccessible to Trusset.
  • Public Data: Token metadata, pricing information, public documents - encrypted but marked for controlled sharing via REST endpoints when needed.
  • On-Chain Data: Smart contract state, transaction history, public blockchain records - stored on blockchain, publicly readable by design.

Key Management

CRITICAL: Losing your encryption key means permanent data loss. Trusset cannot recover lost keys or decrypt data without them. Back up keys securely immediately after instance creation.
Current Approach: You manage encryption keys independently using your preferred secrets management system. Coming Soon: Integrated key management options including hardware security modules (HSM), multi-signature key recovery, and encrypted key backup services.

On-Chain Data Strategy

Personal information never stores on-chain to maintain privacy and comply with regulations like GDPR:
  • Zero-Knowledge Proofs: Users prove identity attributes (age, accreditation, citizenship) without revealing underlying data.
  • IPFS Storage: Documents, metadata, and public files store on IPFS with content addressing. Only document hashes record on-chain, linking to off-chain content.
  • Minimal On-Chain State: Smart contracts only store essential information - token balances, ownership records, configuration parameters. Everything else lives off-chain.

Public Data Endpoints Coming soon

Mark datasets as “public” to enable controlled sharing with partners, auditors, or service providers:
Configure which data categories to make accessible:
// POST https://api.trusset.org/v1/instance/data/configure

await fetch('https://api.trusset.org/v1/instance/data/configure', {
  method: 'POST',
  body: JSON.stringify({
    publicCategories: [
      'token_metadata',      // Allow external reads of token info
      'pricing_data',        // Share price feeds with partners
      'compliance_reports'   // Enable auditor access
    ],
    accessControls: {
      token_metadata: ['public'],           // No authentication required
      pricing_data: ['api_key'],           // Require API key
      compliance_reports: ['approved_auditors'] // Whitelist specific addresses
    }
  })
});
Public data remains encrypted but becomes readable through authenticated REST endpoints you control.