SparkVault

The SparkVault Platform

Two cryptographic primitives that guarantee your data privacy. Built on Triple Zero-Trust architecture where even we cannot access your data.

Sparks

Burn-After-Read Secrets

A Spark is an encrypted secret that self-destructs after being read once. Perfect for sharing passwords, API keys, and sensitive data that should never persist. Once accessed, it's gone forever—mathematically guaranteed.

How It Works

  1. 1

    Create a Spark

    Your secret is encrypted with Double Zero-Trust (SVMK + AMK). We never see the plaintext.

  2. 2

    Share the Link

    Send the unique Spark link to your recipient via any channel.

  3. 3

    One Read, Then Gone

    The recipient reads the secret exactly once. The Spark is then permanently destroyed.

Security Model: Double Zero-Trust

Decryption requires both the SparkVault Master Key (SVMK) and Account Master Key (AMK). Neither party alone can decrypt.

ROOT 1

SVMK

ML-KEM-1024

ROOT 2

AMK

HMAC-SHA512

Specifications

  • Max Size 250 KB
  • Max TTL 24 hours
  • Read Limit Once (burn-after-read)
  • Encryption AES-256-GCM
  • Security Double Zero-Trust

Use Cases

  • • Password sharing
  • • API key distribution
  • • Temporary credentials
  • • Secure onboarding
  • • One-time links

Spark Lifecycle: Create, Share, Access, Destroy

Vaults & Ingots

Persistent Encrypted Storage

A Vault is a passphrase-protected container for storing encrypted data long-term. Inside each Vault, you store Ingots—encrypted objects up to 5TB each. Your passphrase never leaves your device, which means even SparkVault cannot decrypt your data.

How It Works

  1. 1

    Create a Vault with Your Passphrase

    Choose a strong 12-24 character passphrase. This is your VMK—we never store or see it.

  2. 2

    Store Ingots Inside

    Upload files or data as Ingots. Each is encrypted with Triple Zero-Trust + post-quantum cryptography.

  3. 3

    Unseal with Your Passphrase

    Enter your passphrase to decrypt and access your Ingots. Read them as many times as you need.

Security Model: Triple Zero-Trust

Decryption requires all three keys. SparkVault holds one, hardware holds one, you hold one. A subpoena, breach, or rogue employee cannot compromise your data.

ROOT 1

SVMK

ML-KEM-1024

ROOT 2

AMK

HMAC-SHA512

ROOT 3

VMK

Your Passphrase

Vault Specifications

  • Passphrase 12-24 characters
  • Ingots per Vault Unlimited
  • Lifetime No expiration
  • Security Triple Zero-Trust

Ingot Specifications

  • Max Size 5 TB
  • Reads Unlimited
  • Encryption AES-256-GCM
  • Post-Quantum ML-KEM-1024

Use Cases

  • • Encrypted backups
  • • Private keys & certificates
  • • Compliance-sensitive data
  • • Team credentials
  • • Recovery codes

Vault Architecture: Passphrase-protected container storing encrypted Ingots

Platform Comparison

Feature Sparks Vaults
Security Model Double Zero-Trust Triple Zero-Trust
Access Pattern Burn after read Unlimited reads
Max Size 250 KB 5 TB per ingot
Lifetime Max 24 hours No expiration
Post-Quantum
User Passphrase Not required Required (VMK)

Start Protecting Your Data

Create a Spark for ephemeral secrets or a Vault for long-term encrypted storage.

Get Started Free View Pricing