LinkedIn tracking pixel

73DE 67DE3B36 7ECD0 63EC ED8A 6065.

Queryable encryption for Postgres. Your data stays encrypted while your app is using it, and only an identity-bound policy can decrypt a value.

VIEW DOCS

§ 01·0x01/THE AGENTIC ERA

Agents can't leak what they can't decrypt.

Agents hold your database credentials, and prompt injection is the number one LLM risk. CipherStash caps the blast radius: agents return only what the requesting user can decrypt. The attack still executes. The exfiltration does not.

[TRUSTED BY]

§ 02·0x02/THE INFRASTRUCTURE

Zero-trust encryption for the database you already use.

Your database stores only ciphertext. Supabase, Neon, and RDS never see your plaintext, and neither do we. Your team decrypts only under policy, and every decryption is logged.

Step through the three states below. One table, one query, three realities.

patients.sqlREADABLE / 3 ROWS
postgres > SELECT * FROM patients WHERE condition = 'hypertension'
idnamedobconditionnotes
p_01Alex Rivera1982-04-12hypertensionlisinopril 10mg
p_02Morgan Chen1995-11-03type II diabetesmetformin 500mg
p_03Priya Patel1971-07-22hypertensionatenolol 25mg
p_04Samir Okafor2001-02-17hypertensionlisinopril 10mg
p_05Leah Kowalski1988-09-30asthmaalbuterol inhaler
The old world.Thirty years of security built around one unavoidable fact: the database was readable to anyone who reached it. The perimeter had to do all the work.

SUPPORTED DATA STORES

PostgreSQLPostgreSQL
SupabaseSupabase
Neon
PlanetScalePlanetScale
Amazon RDSAWS RDS
Amazon DynamoDBDynamoDB

Native plugins for Drizzle and Prisma. Connectors for Auth0 and Clerk.

§ 03·0x03/HOW IT WORKS

Data level access control.

Control follows the data, not the perimeter. A perimeter breaks the moment someone gets inside it. Data-level access control has no inside.

Switch identities below. The same records. Four different realities.

decryption policyAUTHORIZED
idownernamedobcondition
p_01dr.smithAlex Rivera1982-04-12hypertension
p_02dr.jonesmBk|UTcQkcxABP+4UtNqkKsb5p==mBk|bvklgqmMZOacU/PRlEIRvY==mBk|xnR1nWZ1Q5WDWkgBmwtFzD==
p_03dr.smithPriya Patel1971-07-22hypertension
p_04dr.jonesmBk|HxDQvhXkWvyqgOXzMGj0KJ==mBk|qebLIPw3PE0xhoCIIpws+s==mBk|n1lyQbKU5a4ufkh/1u+pqh==
p_05dr.jonesmBk|Ddu9nPfKsxRqpn8KygaZ0u==mBk|B4OU8aZENJvYsOQc0LOjUE==mBk|CwvoLxj7Obe6+xZ2zzABNN==
Every value carries a decryption policy. Decryption happens after the query, after the API response, after the agent tool call. The rules are enforced in the data, not configured in the perimeter.

§ 04·0x04/COMPLIANCE

The encryption your auditor now requires.

Field-level encryption is becoming the requirement, not the recommendation. CipherStash meets it without breaking your queries.

/PCI-DSS-4

Disk encryption alone stopped counting in March 2025.

PCI DSS 4 requires more than disk encryption for stored cardholder data. Field-level encryption meets it, queries intact.

PCI DSS 4 →

/HIPAA

ePHI encryption is heading from optional to mandatory.

A proposed HIPAA update would make ePHI encryption mandatory. Get ahead of it on the Postgres you already run.

HIPAA →

§ 05·0x05/IN PRODUCTION

Built on by teams that can't get this wrong.

CipherStash enabled us to achieve the same stringent level of encryption without needing to implement custom envelope encryption using AWS KMS or similar technologies.

JOURNALIA · HEALTH TECH

READ CASE STUDY →

With CipherStash, we were able to implement end-to-end encryption while maintaining full search functionality across our entire platform.

BNDRY · FINANCIAL SERVICES

READ CASE STUDY →

1B+

Encryption ops in production

14x

Faster than AWS KMS

<1ms

Query overhead

SOC 2 TYPE II

Certified

Build with
privacy-first
principles.

Integrate CipherStash into your stack and encrypt your first fields in 15 minutes. Or talk to our team about production architecture.

VIEW DOCS