传输中加密
所有在您的浏览器与我们的服务器之间传输的数据均采用 TLS 加密。
- 仅支持 TLS 1.2 与 1.3
- 强加密套件(AES-GCM)
- 启用 HSTS 并预加载
- 完美前向保密
静态加密
存储在数据库中的敏感数据均采用 AES-256-GCM 加密。
- AES-256-GCM 加密
- 每位用户独立密钥
- 支持密钥轮换
- 安全密钥存储
哪些内容被加密?
始终加密
- 所有 API 通信
- 加密密钥
- 用户凭证
- 会话令牌
静态加密
- 用户加密密钥
- API 令牌
- 2FA 密钥
- 备份码
绝不存储
- 您的原始文本
- 已处理内容
- 文档内容
- 检测到的 PII
How Your Data Is Protected
- 1
Encrypted connection
Every request travels over TLS 1.3 with Perfect Forward Secrecy. No plaintext ever crosses the wire.
- 2
In-memory processing only
Presidio AI analyzes and anonymizes text entirely in RAM. Your original content is never written to disk or stored in a database.
- 3
Keys derived with Argon2id
User encryption keys are derived from your password using Argon2id — the winner of the Password Hashing Competition — before being wrapped with AES-256-GCM.
- 4
Zero-Knowledge key storage
Your wrapped key is stored encrypted. The server never sees your plaintext key or password. Only you can unwrap it.
- 5
Asymmetric option with RSA-4096
For multi-party workflows, RSA-4096-OAEP encapsulates a session key so only the private key holder can deanonymize output.
Encryption Standards Reference
| Standard | Use Case | Key / Strength |
|---|---|---|
| TLS 1.3 | Data in transit | ECDHE + AES-GCM |
| AES-256-GCM | Data at rest | 256-bit |
| XChaCha20-Poly1305 | Zero-knowledge key storage | 256-bit |
| Argon2id | Password key derivation | PHC winner |
| RSA-4096-OAEP-SHA256 | Asymmetric key encapsulation | 4096-bit |