Data security tools stop at the perimeter.
We don't.

DSPM tells you where your sensitive data is. EDRM enforces who can open it. CASB blocks where it can go. Five categories. Five vendors. Five dashboards. Five audit trails that don't talk to each other. None of them follow the file once it leaves the org.

The pattern repeats across every Fortune 500 we've looked at: an Excel attachment lands in an external auditor's inbox, gets forwarded to their colleague, opens on a phone, sits on a desktop for six months. The CISO knows none of it.

Treat every file as an event sequence — not as a static artefact. Issue. Claim. Open. Re-open. Burn.Each step a signed event, ordered, indexed, tied to a stated identity and a fingerprinted device.

That sequence is the file's control surface. Burn it and every cached copy on every device anywhere on Earth becomes mathematically unrecoverable. Re-open it and the chain captures the who-where-when, with the recipient's name burned into the rendered pixels.

1. The file's payload is sealed once: AES-256-GCM with a content_key generated per file, wrapped at rest by an env-held key — the wrap key is the kill switch.
2. On the recipient's device, no plaintext touches disk. The viewer (browser or native) fetches the content_key on every open, decrypts in process memory, wipes when the heartbeat returns burned.
3. Burn = bytes. The wrap key is destroyed in our DB; every encrypted copy becomes mathematically indistinguishable from random data.
4. Each event — issue, claim, open, deny, burn — is signed into a chain. The chain is publicly verifiable with Ed25519; you do not need to trust us to read it.

We sign every receipt with an Ed25519 key whose public counterpart is published at /api/chain/pubkey and embedded in the receipt itself. A regulator, a court-appointed auditor, or a customer's in-house security team can run a 5-line verification with WebCrypto, libsodium, or@noble/ed25519.

We don't hold the keys to your trust. The chain holds itself.

We don't trust ourselves with your data. That's why we use drand mainnet for time-locks (we can't unlock early — even under subpoena), Bitcoinvia OpenTimestamps for proofs (we can't backdate — every issued file inherits the immutability of the longest-running blockchain on Earth), and open-source classification (Microsoft Presidio, MIT — we never see plaintext, and the rules are auditable line-by-line).

NoData is the layer where the operator stays in control even from us. Other vendors promise audit logs they themselves write. We hand the operator three independent rails — a public key chain, a public blockchain timestamp, and a public-domain classifier — none of which we can rewrite, falsify, or selectively reveal. That's the discipline.

One platform. One dashboard. Three delivery modes — pick by sensitivity:

• viewer-only. Browser preview, no download path.
• AIP-protected. Microsoft Office files with Azure RMS gating every online open.
• .lockbox container. Downloadable ciphertext, key fetched per open from us, kill switch via heartbeat. Excel on a phone, with a real burn.

Every mode shares the same chain, the same recipient claim flow, the same identity-burned watermark. One contract. One audit. One operator screen.

We call this Continuous Data Control. Not DSPM. Not EDRM. Not zero-trust networking. The orchestration layer above all of them — where the file's entire life is one signed, revocable, recipient-attributed sequence.

The five existing categories don't go away. They keep doing what they're built for. We make them produce one consistent, signed, publicly-verifiable trail. That's what was missing.