Compliance

Migrating off Evervault

We have designed migrating your encrypted data off Evervault to be as streamlined as possible.


Overview

If there ever comes a time you wish to stop using Evervault, we will provide a free service for you to decrypt all of your data.

You will be provided with a CSV template to insert encrypted data into, which can then be uploaded to the decryption service. This migration service is built on Enclaves, so you can cryptographically attest that Evervault is unable to access or tamper with the data in any way.

Decryption Process

  • An Enclave specifically designed for exporting data securely will be added to your account.
  • The Decryption Enclave exposes two authenticated endpoints:
    • /upload: accepts a CSV of encrypted data, along with a key for re-encryption.
    • /download: returns a download of the decrypted data, which has been re-encrypted with the provided key (or a progress percentage on the decryption if it hasn’t finished).
  • On startup, the Decryption Enclave is given a special API key which allows it to request the team’s private-key from E3.
  • Once you have uploaded your data, the Decryption Enclave will use the private key to decrypt the data in the CSV, then re-encrypt the CSV with the provided key.
  • You can then poll the /download endpoint until it succeeds, returning the decrypted data, which has been encrypted with the key provided.