PRODUCT
Core0
A self-hosted, operator-grade PII vault. Field-level encryption, GDPR compliance, and zero-trust networking — deployed entirely inside your own infrastructure.
WHAT IT IS
A dedicated layer for personal data.
Core0 sits between your application and your database. Your app stores tokens. Core0 holds the actual personal data, encrypted at rest, with strict access controls and a complete audit trail. When a user exercises their right to erasure — one API call handles everything.
ARCHITECTURE
Built for production, not prototypes.
Core0 is a multi-node cluster with dedicated service pairs for cryptographic key management and PII storage — separated by design so a compromise of one layer cannot expose the other.
KEYS layer — cryptographic engine
Generates, stores, and manages encryption keys. ECDSA P-256. Shamir 3-of-5 recovery shares. Keys never leave the KEYS layer. Two nodes (KL1/KL2 logic, KD1/KD2 data) with synchronous WAL replication.
PII layer — data vault
Stores encrypted personal data against tokens issued by KEYS. Field-level encryption per record. Two nodes (PL1/PL2 logic, PD1/PD2 data) with synchronous WAL replication. BadgerDB storage with cross-node backup.
Bridge — API gateway
Single entry point for your application. REST API over mTLS. Handles tenant isolation, license enforcement, and routes requests to the appropriate service layer.
WireGuard mesh — Warstwa 0
All inter-node traffic runs over an encrypted WireGuard mesh. No unencrypted internal communication. Consul provides service discovery and health checking across the mesh.
SECURITY MODEL
Zero-trust from day one.
mTLS everywhere
All gRPC service-to-service calls require mutual TLS authentication. Certificates auto-renew every 6 hours with a 14-day proactive threshold.
HA & replication
Synchronous WAL replication between node pairs. Consul 5-server quorum for service discovery. Keepalived VIP failover. Prometheus alerting with disk, cert, and replication lag alerts.
License enforcement
ECDSA P-256 signed license tokens. Enforcement lives exclusively in the KEYS layer — cannot be bypassed at the application level.
Backup
Automated BadgerDB snapshots every 6 hours with cross-node backup. Consul state snapshots with off-node rsync. 2-day retention.
Audit log
Every API call is logged with actor, tenant, operation, and latency. Logs are tamper-evident and exportable for DPA compliance reporting.
Shamir key recovery
CA root key split into 5 shares using Shamir Secret Sharing. 3-of-5 threshold for recovery. Shares distributed to offline storage, never co-located.
GDPR COMPLIANCE
The articles that matter, covered.
Art.17 — Right to erasure
DEL /v1/pii/{token} deletes the record, purges associated WAL entries, and returns a signed erasure receipt with timestamp and operator identity.
Art.20 — Data portability
GET /v1/export returns a CSV of all records for a tenant — token, value, purpose, and timestamp. Machine-readable, ready for handover.
Art.25 — Privacy by design
Personal data is tokenised before it reaches your application database. Your app never holds raw PII — not by policy, but by architecture.
Art.30 — Records of processing
Every processing activity is recorded with purpose, actor, and tenant context. The audit log is your Art.30 register, maintained automatically.
API
Simple REST. Serious infrastructure.
The Bridge API is the only surface your application needs to touch. Everything else is handled internally.
POST/v1/piiStore a PII record — returns a token
GET/v1/pii/{token}Retrieve a record by token
DEL/v1/pii/{token}GDPR Art.17 erasure
POST/v1/pii/batchBatch store up to 1,000 records
GET/v1/exportArt.20 CSV export
POST/v1/anonymizeAnonymise a record in place
GET/v1/audit/eventsAudit log — filterable by tenant
GET/v1/health/fullCluster health — all layers
GET STARTED
Ready to run compliance-grade infrastructure?
Request demo access and we will walk you through a live deployment on your own infrastructure.