Security & Sovereignty

Red Vault: Security & Sovereignty
Manifest

Built on a Stateless Architecture that fundamentally eliminates data retention, cloud transmission, and vendor access risks.

Section 01
🔒

The Core Philosophy: Statelessness

Unlike traditional Data Loss Prevention (DLP) or Privacy-as-a-Service vendors, Red Vault is built on a Stateless Architecture.

  • Zero Data Retention: We do not maintain databases of your PII.
  • Volatile RAM Processing: All identification and substitution happens in the browser's active memory. Once the tab is closed or the prompt is sent, the sensitive data is purged from the local environment.
  • No Cloud "Phone Home": Your sensitive data is never transmitted to Red Vault servers for "analysis" or "training."
Section 02
🎯

Deterministic Identification Engine

We have replaced "Probabilistic AI" (which guesses what PII is) with a DLP Powered Engine.

  • 100% Pattern Match: If a string matches a technical identifier (API Key, SWIFT Code, IP Address), it is caught. Period.
  • Zero Hallucination Risk: Because we don't use a secondary LLM to scan your data, there is no risk of the "Privacy AI" leaking your data to the "Public AI."
  • Custom Pattern Injection: Enterprise clients can inject proprietary regex patterns for internal project codes, ensuring custom-built protection.
Section 03
🔐

Mathematical Sovereignty (Private Salt)

Red Vault utilizes a "Local Secret" architecture to ensure irreversible anonymization.

  • Client-Side Salting: Your data is hashed using a cryptographic salt that is stored exclusively within your enterprise infrastructure.
  • Irreversible Twins: Even if a third party intercepted the "Synthetic Twin" data, they would require your local hardware-bound salt to reverse the process.
  • No Vendor Access: Red Vault employees, engineers, and support staff have mathematically zero access to your original data or your encryption keys.
Section 04

Compliance Alignment (Law 25 & AIDA)

Our security controls are mapped specifically to the newest Canadian regulatory frameworks:

  • Anonymization Standards: Our substitution methodology meets the "Irreversibility" standards required by the Commission d'accès à l'information (CAI).
  • Right to Erasure (Law 25): Because Red Vault never stores data, "Right to Erasure" is satisfied by default—the data was never held by the service provider.
  • Transparency & Audit: We provide local, exportable audit logs that allow your DPO to verify that 100% of PII was masked before it crossed the border to US-based AI servers.
Section 05
🛡

Third-Party Validation

  • Local Sandboxing: The Red Vault extension is sandboxed within the browser, restricted only to the AI domains you white-list.
  • SOC2 Type II (In Progress): We are currently undergoing independent auditing to verify our operational security controls.
  • Open Schema: We invite client security teams to review our detection logic—transparency is the foundation of trust.