Squyr Squyr. Bilateral Cryptographic Data Exchange
SIGN IN ↗
EMAIL SHIELD — LIVE NOW

Encrypted email.
Zero exposure.

Brand data never leaves your environment. Squyr data never leaves ours. Email Shield is a bilateral cryptographic relay — messages pass through, verification happens, content never does.

● LIVE
🔒 Relay type Bilateral
🔐 Content storage None
🔐 BAA flow-down HIPAA Safe Harbor
🔒 Encryption AES-256-GCM
🔑 Key exchange Ed25519 bilateral
Brand data never leaves brand env
Squyr data never leaves Squyr env
Message content never stored plaintext

How Email Shield works

Cryptographic relay
STEP 01

Sender encrypts

Sender encrypts the message payload with the recipient's public Ed25519 key. The relay never sees plaintext — only an encrypted blob passes in.

STEP 02

Relay passes through

The encrypted message traverses Squyr's relay. Metadata (timestamp, sender domain, recipient domain) is verified and logged on-chain. Content remains opaque throughout.

STEP 03

Recipient decrypts

Recipient uses their private key to decrypt. Identity confirmed via Ed25519 signature verification. The relay has zero knowledge of content or parties involved.

Cryptographic protocol

Same trust root as PHI Shield

Email Shield shares the same bilateral Ed25519 keypair and SHA-256 audit chain as PHI Shield. No new infrastructure, no new trust assumptions — one root, every capability.

Bilateral key exchange — both parties hold a key, neither sees the other's private key
Zero content storage — relay passes encrypted blobs, stores nothing readable
BAA flow-down — HIPAA Safe Harbor compatible downstream obligations
Audit chain — every relay event writes to SHA-256 hash chain
Forward secrecy — session keys derived per-message via HKDF
4-step encryption chain
1
HASH

SHA-256

Message content hashed to a fixed-length digest. Collision-resistant. Foundation of the audit chain.

2
KEY DERIVATION

HKDF

Digest expanded into session key material via HKDF-SHA256. Per-message ephemeral keys ensure forward secrecy.

3
ENCRYPT

AES-256-GCM

Authenticated encryption. The relay receives an opaque ciphertext: content unreadable, integrity guaranteed.

4
SIGN

Ed25519

Bilateral signature on each relay event. Sender identity confirmed. Recipient authenticity verifiable. The trust anchor.

Use cases

Where Email Shield applies

Email Shield is designed for healthcare and life sciences where email is the collaboration medium but patient data cannot be exposed.

👥

Patient email list matching

Match a brand's patient email list against Squyr's audience without exposing the patient list to Squyr, or vice versa. Both sides cryptographically verify overlap without data leaving their environment.

HIPAA Safe Harbor
🧠

Physician outreach without PHI

Send encrypted campaign materials to HCPs through the relay. Physician identities are verified via Ed25519 but their contact details — names, emails, NPIs — never stored on the relay.

BAA Required
📈

Campaign response tracking

Track campaign open/click rates with cryptographic proof of delivery — no personal data exposed. The audit chain provides prosecution-grade evidence for regulatory compliance.

Audit Log
Available now

Email Shield is live.

Pre-send DLP scanning, bilateral AES-256-GCM encryption, and multi-channel delivery (email + SMS) are live in the portal. Ed25519 audit chain active from day one.

ED25519 Shared trust root  •  AES-256-GCM Encryption  •  SHA-256 Audit chain  •  HKDF Forward secrecy  •  HIPAA Safe Harbor compatible  •  BAA flow-down ready