Prove you
destroyed the data.

Process sensitive data in a sealed ephemeral environment. Get a cryptographic proof it was destroyed. Verify it without trusting us.

Get API Key → Talk to an Engineer ↗

Free tier · 100 CDPs/month · No credit card

nanorix — ephemeral session
Use Cases
Built for compliance-heavy industries.
🏥

Healthcare AI

Process patient data for AI inference. Destroy it after. Prove to HIPAA auditors the data is gone. Processing EU patient data? GDPR Article 17 requires provable erasure. Every ephemeral inference gets a cryptographic destruction proof.

HIPAA § 164.530(j) · GDPR Art. 17 · Ephemeral processing
🏦

Financial Services

Sensitive financial records processed in volatile memory. Destroyed with mathematical proof. Survive SOX, SEC, and GDPR audits with cryptographic evidence, not log entries.

SOC2 Type II · GDPR Art. 5(1)(e) · CC6.5 data disposal
⚖️

Legal & Contracts

Process privileged documents in sealed sandboxes. Generate proof of destruction for client confidentiality requirements. Attorney-client privilege enforced by math.

ABA Model Rule 1.6 · Document lifecycle
🤖

Developer Tools

Build ephemeral compute into your pipeline. Secrets, tokens, and credentials processed and provably destroyed. API-first, deploy in minutes.

Data licensing compliance · GDPR right to erasure
The Problem
Your data outlives your intent.

You process sensitive data — patient records, legal documents, financial models. When you're done, you delete it. But "deleted" doesn't mean gone. And you can't prove otherwise.

🔓

Deletion is a lie

Filesystem journals, swap space, kernel logs, and memory residues survive "deletion." Forensic tools reconstruct what you thought was gone.

📋

Compliance is theater

You document data handling in spreadsheets. Auditors ask for proof of destruction. You produce screenshots and promises. Nobody is convinced.

🧩

Privacy is bolted on

VPNs, encrypted disks, access controls — all layered on top of systems designed to remember everything. The foundation fights the goal.

Nanorix replaces trust with cryptographic proof.

The Paradigm Shift
Privacy as architecture, not afterthought.
Current Approach

Privacy as Policy

  • $100K–$400K/yr on compliance platforms and staff
  • Deletion logs that prove you ran a command, not that data is gone
  • Manual compliance reviews
  • Trust us, we deleted it
  • Data persists by default, deleted by effort
$100K – $400K/yr
compliance platforms + staff · still just logs
vs
Nanorix Approach

Privacy as Architecture

  • $0.04/proof — cryptographic evidence of destruction
  • Independently verifiable hash chain and signature
  • Automated regulatory context mapping
  • Data is ephemeral by construction — volatile memory only
  • Verify yourself. No trust required.
$0.04/proof
per cryptographic destruction proof

Companies spend $100K–$400K/yr on compliance platforms and staff and still rely on log-based deletion. Add Nanorix for a fraction and get mathematical proof for every record.

Pricing
One price per proof. Platform fee unlocks features.

Every tier includes signed CDPs, public verification, offline verifiability, and HIPAA + SOC 2 + GDPR regulatory context mapping.

Free
$0/mo
100 CDPs/month included
For evaluation and development
  • 100 CDPs/month included
  • 5-minute max TTL
  • 3 concurrent sessions
  • Community support
  • Ephemeral sandbox
  • Full offline verification
  • Regulatory context mapping
Get API Key →
Starter
$99/mo
+ $0.04/proof
For production DSAR & retention workloads
  • 10-minute max TTL
  • 20 concurrent sessions
  • Priority email support
  • Cloud API access
  • Full offline verification
  • Regulatory context mapping
Get Started →
Most Popular
Business
$499/mo
+ $0.04/proof · volume discounts available
For compliance-critical & AI inference pipelines
  • 30-minute max TTL
  • 100 concurrent sessions
  • Dedicated Slack support
  • GRC + privacy platform integrations on request
  • Regulatory context mapping
Choose Business →
Enterprise
Custom
committed volume · negotiated rate
For regulated industries at scale
  • Unlimited TTL + concurrency
  • 99.9% SLA · contractual
  • Architecture review + BAA
  • HIPAA · SOC 2 · GDPR · EU AI Act mapping
  • Dedicated engineering support
  • Private deployment available
Talk to an Engineer →

Volume commitments unlock lower per-proof rates. No hidden fees. Cancel anytime.

How Nanorix Works
Four API calls. Zero residue.

Every computation happens inside a cryptographically sealed session that self-destructs. No logs survive. No data persists. The proof is mathematical.

01
Create Session
Sealed Linux sandbox. Volatile memory. Network isolated.
POST /v1/sessions
02
Send Data
Data enters volatile memory. Process with any command.
POST /sessions/{id}/exec
03
Destroy Everything
8-step cryptographic destruction. Every byte. Every trace.
DELETE /sessions/{id}
04
Receive Proof
Signed, hash-chained CDP. Verify offline, forever.
POST /v1/verify

Your data enters volatile memory. Results come out. Everything else is destroyed through an 8-step cryptographic sequence, signed with an ephemeral Ed25519 key — which is itself destroyed after signing. The proof is yours forever. The data is gone forever.

The Proof
Don't trust us. Verify it yourself.

Every session destruction produces a Cryptographic Destruction Proof — a signed, hash-chained receipt you own forever.

Hash-chained

8 steps, each cryptographically linked to the previous. Tamper with one, the chain breaks. Anyone can verify.

Signed & sealed

Ephemeral Ed25519 key signs the proof, then destroys itself. One key, one proof, forever.

Verify anywhere

Offline. No network. No dependency on Nanorix. Your auditor runs the check independently.

destruction_proof.json
{
  "cdp_version": "1.0",
  "session_id": "sess_a8f3e71c...",
  "created_at": "2026-03-01T14:00:00Z",
  "destroyed_at": "2026-03-01T14:30:00Z",
  "chain": [
    { "step": 1, "subsystem": "eee_namespace",
      "operation": "environment_isolation",
      "evidence_hash": "sha256:7d4f8a...",
      "chain_hash": "sha256:a91b3c..." },
    // ... steps 2-7, each hash-chained ...
    { "step": 8, "subsystem": "session_destroy",
      "operation": "lifecycle_completion",
      "evidence_hash": "sha256:f63d19...",
      "chain_hash": "sha256:2c8a4f..." }
  ],
  "final_hash": "sha256:2c8a4f63d19e...",
  "attestation": {
    "algorithm": "Ed25519",
    "public_key": "base64:MCowBQYDK2Vw...",
    "signature": "base64:VGhpcyBpcyBh..."
  },
  "regulatory_context": {
    "notice": "Reference mapping, not a compliance certification.",
    "framework_version": "2026-02",
    "mappings": [
      {"step": 3, "regulation": "HIPAA",
       "provision": "§164.310(d)(2)(i)",
       "relationship": "related_to"},
      {"step": 3, "regulation": "GDPR",
       "provision": "Article 17(1)",
       "relationship": "related_to"}
    ]
  }
}
Verify with 6 lines. No network. No trust.
verify_offline.py
import json, hashlib, base64
from nacl.signing import VerifyKey

with open("destruction_proof.json") as f:
    cdp = json.load(f)

# Verify hash chain integrity (genesis = SHA-256 of empty string)
prev = hashlib.sha256(b"").hexdigest()
for step in cdp["chain"]:
    assert step["chain_hash"].startswith("sha256:")
    prev = step["chain_hash"].split(":", 1)[1]

# Verify Ed25519 signature — key is embedded, no network needed
pub = base64.b64decode(cdp["attestation"]["public_key"].replace("base64:", ""))
sig = base64.b64decode(cdp["attestation"]["signature"].replace("base64:", ""))
VerifyKey(pub).verify(cdp["final_hash"].encode(), sig)
print("VALID — Chain intact · Signature verified · Proof authentic")
Verify a proof now → Read our security model →

Every CDP includes a regulatory reference map — HIPAA, SOC 2, GDPR provisions related to each destruction step. This is a reference mapping, not a compliance certification. The verification algorithm is public. Auditors verify it independently, with no dependency on Nanorix.

Security Architecture
Six layers. Zero persistence.
06
Ed25519 ephemeral signingOne key per session. Destroyed after single use. CDP mathematically bound to destruction.
05
seccomp-BPF syscall filtering~70 allowed syscalls. Deny-by-default. Everything else kills the process.
04
cgroup v2 resource limitsPer-session memory caps. Swap disabled. OOM kills contained.
03
Network namespace isolationIsolated network stack per session. No cross-session traffic. No host access.
02
Volatile memory onlyPrivate tmpfs with noexec. Swap disabled. No data touches disk. Ever.
01
User + mount + UTS namespace isolationEach session is a sealed universe. Unprivileged. No host filesystem. Randomized hostname.

Written in Rust. No garbage collector. No runtime surprises.

Integration
Fits your existing pipeline.

Add ~10 lines to your backend. Choose the pattern that matches your workflow.

Best for: new pipelines or teams migrating to zero-PHI architecture

Data exists for seconds. Then it's provably gone.

Your code and data enter a sealed environment — volatile memory only, no disk, no network, no persistence. Processing runs. Results come out. Everything else is cryptographically destroyed in seconds. The proof is yours forever.

Data in
Sealed processing
Results + Proof
No server — yours or ours — ever persists raw data. Smaller HIPAA scope. Simpler audits. Cryptographic destruction proof for every record.
pipeline.py
import requests, json

# Hospital sends patient data to your API
patient_data = request.json["record"]

# Forward directly into Nanorix — never store locally
session = requests.post("https://api.nanorix.io/v1/sessions",
    headers={"Authorization": "Bearer nrx_your_key"},
    json={"data_classification": "PHI"}).json()

result = requests.post(
    f"https://api.nanorix.io/v1/sessions/{session['session_id']}/exec",
    headers={"Authorization": "Bearer nrx_your_key"},
    json={"command": "python model.py",
          "input_data": patient_data}).json()

# Raw PHI destroyed — proof generated
proof = requests.delete(
    f"https://api.nanorix.io/v1/sessions/{session['session_id']}",
    headers={"Authorization": "Bearer nrx_your_key"}).json()

with open(f"proofs/{session['session_id']}.json", "w") as f:
    json.dump(proof["cdp"], f)

return {"diagnosis": result["output"]}
Best for: API-driven architectures and webhook receivers

Raw data touches nothing but volatile memory. Then it's gone.

Incoming records flow into a sealed ephemeral environment — volatile memory only. Classification or analysis runs inside the sandbox. Only derived results reach your system. Raw data is cryptographically destroyed with proof. Nobody — not you, not us — ever persists it.

Incoming data
Sealed processing
Results + Proof
Raw data never persists anywhere. Not on your servers. Not on ours. Not in caches. Not in logs. Only the proof remains.
gateway.py
import requests

# Webhook: hospital sends records directly
@app.route("/intake", methods=["POST"])
def receive_patient_data():
    raw = request.data  # don't parse, don't store

    # Immediately forward into Nanorix
    session = requests.post("https://api.nanorix.io/v1/sessions",
        headers={"Authorization": "Bearer nrx_your_key"},
        json={"ttl_seconds": 120}).json()

    result = requests.post(
        f"https://api.nanorix.io/v1/sessions/{session['session_id']}/exec",
        headers={"Authorization": "Bearer nrx_your_key"},
        json={"command": "python classify.py",
              "input_data": raw.decode()}).json()

    # Raw PHI destroyed with proof
    proof = requests.delete(
        f"https://api.nanorix.io/v1/sessions/{session['session_id']}",
        headers={"Authorization": "Bearer nrx_your_key"}).json()

    db.insert(score=result["output"], proof_hash=proof["cdp"]["final_hash"])
    return {"score": result["output"]}
Best for: enforcing data retention policies on existing records

Retention expires. Data enters volatile memory. Proof comes out.

When retention policies trigger, expired records enter a sealed ephemeral environment. The 8-step cryptographic destruction sequence executes in volatile memory. The data is provably gone — never written to any persistent storage. Your audit trail is a folder of cryptographic proofs, not a spreadsheet.

Expired records
Sealed destruction
Proof per batch
Automated, provable compliance. Each purge cycle generates a cryptographic destruction proof. No data persists — on any server.
compliance_job.py
import requests, json

# Monthly: destroy expired patient records
expired = db.query("SELECT * FROM patients WHERE expires < NOW()")
headers = {"Authorization": "Bearer nrx_your_key"}

for batch in chunk(expired, size=100):
    session = requests.post("https://api.nanorix.io/v1/sessions",
        headers=headers, json={"ttl_seconds": 60}).json()

    requests.post(
        f"https://api.nanorix.io/v1/sessions/{session['session_id']}/exec",
        headers=headers,
        json={"command": f"echo '{json.dumps(batch)}' > /tmp/data"})

    proof = requests.delete(
        f"https://api.nanorix.io/v1/sessions/{session['session_id']}",
        headers=headers).json()

    with open(f"compliance/{proof['cdp']['session_id']}.json", "w") as f:
        json.dump(proof["cdp"], f)

    db.execute("DELETE FROM patients WHERE id IN %s",
               [r["id"] for r in batch])

Your infrastructure. Same proof.

Your environment

Run Nanorix inside infrastructure you own and operate.

Same proof

Identical 8-step CDP. Same hash chain. Same cryptographic verification. Hardware-backed signing.

Any infrastructure

We engineer the deployment to your constraints.

Best for: organizations with infrastructure ownership requirements
FAQ
Questions developers ask.

A CDP is a signed, hash-chained proof that data was destroyed through a specific sequence of operations. It contains 8 steps — from namespace teardown to lifecycle completion — each cryptographically linked to the previous. The proof is signed with an ephemeral Ed25519 key that self-destructs after signing. Anyone can verify it offline without trusting Nanorix.

A deletion log says "we ran a delete command at this time." A CDP proves that 8 specific destruction operations executed in sequence, that a cryptographic hash chain wasn't tampered with, and that the signing key no longer exists. Logs are claims. CDPs are proofs.

Your data enters a sealed Linux sandbox (6 isolation layers), runs in volatile memory only (tmpfs — never touches disk), and is destroyed through an 8-step cryptographic sequence. After destruction, no data remains. The only artifact is the CDP proving it happened.

Yes. CDPs are self-contained. You can verify the hash chain and Ed25519 signature offline, with no network connection, using any standard crypto library. We provide a verification endpoint for convenience, but you never need to trust us.

No. Nanorix is the verification layer those platforms lack. They manage privacy workflows, consent, and DSARs. We prove that when data is deleted, it's actually destroyed. Think of us as the cryptographic receipt for their deletion operations.

Every CDP includes a regulatory reference map showing which provisions each destruction step relates to. This covers HIPAA, SOC 2, GDPR, and other frameworks based on your declared jurisdiction. This is a factual mapping, not a compliance certification — your legal and compliance team makes the compliance determination.

Don't see your question?

Ask us anything. We typically respond within a few hours.

Get Started
Start verifying destruction.
Ed25519 Signed · Open Verification · Rust · Volatile Memory Only