Encryption Platform Evervault Hits Scale

The architectural model is a significant departure from traditional tokenization vaults. Evervault employs a "dual custody" approach where the encrypted data resides in the customer's infrastructure, while Evervault manages the encryption keys within its own secure environment. This separation is designed to reduce latency by eliminating database lookups for tokens and enhances security by requiring a breach of both the customer's and Evervault's systems for a compromise. At the core of the platform is the Evervault Encryption Engine (E3), which handles all cryptographic operations. E3 runs exclusively within AWS Nitro Enclaves, which are highly isolated and hardened virtual machines with no persistent storage, interactive access, or external networking. This architecture provides cryptographic attestation, ensuring only authorized code is running within the secure environment where data is processed. For developers, integration is handled through a suite of SDKs and API primitives. "Relay" acts as a low-latency encryption proxy that intercepts sensitive data before it hits a customer's servers, while "Functions" provide a serverless environment for running logic on encrypted data without ever exposing it in plaintext on the customer's infrastructure. This allows for workflows like sending decrypted data to trusted third-party APIs without it ever touching the primary application backend. The primary focus on payments aims to drastically reduce the scope and cost of PCI DSS compliance. By using Evervault's secure UI components (iframes) to collect cardholder data, a customer's own systems never touch plaintext card numbers, reducing their PCI scope to the simplest SAQ A control set. The company claims this can reduce compliance costs by over $100,000 and accelerate the audit process by up to 95%. This approach has gained traction with high-growth fintech companies like Ramp and Rippling. In a statement, Ramp's Principal Engineer, Eli Block, highlighted the developer experience, noting that it allows engineers to ship products and debug issues independently without needing extensive support, a key factor for high-velocity engineering teams. The platform's architecture is built for high-throughput scenarios, with a blog post mentioning benchmarked speeds of up to 500,000 encryptions per second for their core Rust cryptography crate. By handling encryption on the client side and using a lightweight key model, Evervault avoids the database bottlenecks and network delays associated with traditional token vaults, which becomes critical at massive transaction volumes. The company was founded by Shane Curran, who developed the foundational concepts as a prize-winning project on post-quantum cryptography at the 2017 BT Young Scientist & Technology Exhibition in Ireland. This deep background in cryptography informs the company's focus on building foundational, developer-first security infrastructure.