Technology

Provable by design.

Aegis is built so that every claim it makes — encrypted, delivered, metered, destroyed — is independently verifiable. This page summarizes the architecture; the full technical specification is available under NDA.

Architecture

A thin, auditable layer between two parties.

Zero-exposure transfer

Studies move source-to-destination over short-lived, scoped, single-purpose signed URLs. The payload is never parked in systems that don't need it; the application layer sees only opaque identifiers.

Customer-managed encryption

AES-256 at rest under keys you hold (BYOK via cloud KMS/HSM), TLS 1.2+ in transit, SHA-256 integrity verified end to end. Sent equals received, to the byte.

Independent metering

Delivery is measured independently of both sender and receiver and reconciled — never from self-reported volumes, so both parties can trust the bill.

Tamper-evident audit

Bitcoin-anchored. No PHI ever leaves.

Every authorization, access, delivery and destruction is written to an append-only, SHA-256 hash-chained log — altering any single record breaks the chain. Periodically the chain's root hash (and only that hash) is anchored to the Bitcoin blockchain via OpenTimestamps, producing a court-credible proof that the log existed and was not altered after a point in time.

  • Append-only, hash-chained event log (tamper-evident)
  • Root hash anchored to Bitcoin via OpenTimestamps
  • Only the hash is published — never PHI, never metadata
  • Verifiable by any party, independent of Aegis
  • Zero cost, zero data exposure
audit root : 9f2c…a417 (commits to entire history) anchor : OpenTimestamps → Bitcoin block # receipt : aegis-audit-9f2c….ots contains : SHA-256 hash only · 0 bytes PHI verify : ots verify aegis-audit-9f2c….ots

You can verify the receipt yourself with any OpenTimestamps client — no trust in Aegis required.

Data lifecycle

Nothing lingers.

  1. 01

    Encrypted at rest

    On arrival each study is encrypted under customer-managed keys, scoped to a single authorized recipient.

  2. 02

    Time-boxed access

    Release carries an auto-destruct window and view policy; downloads and exports are blocked, every access metered and logged.

  3. 03

    Irreversible destruction

    At the window's end — or on demand — the payload is destroyed and the disposal recorded in the anchored audit.

Read the full technical paper.

The complete specification — metering reconciliation, key management, threat model, and audit anchoring — is available to qualified organizations under NDA.

Request the whitepaperSecurity & compliance

Available to U.S.-based organizations only.