01. Technical Inability Model
VaultPurge is engineered as a Zero-Knowledge Compliance Custodian. Our infrastructure is designed so that we possess no technical means to access or recover unencrypted data. Encryption happens exclusively in the user's browser via the W3C Web Crypto API.
02. Encryption Model
2.1 Key Derivation (PBKDF2)
- Algorithm: HMAC-SHA256
- Iterations: 100,000
- Salt: 16-byte secure random
- Output: 256-bit AES-GCM
2.2 Segmented AES-GCM (v1.1)
To support large-scale enterprise documents (>50MB) without memory exhaustion, VaultPurge employs Segmented Encryption. Files are sliced into 1MB chunks, each independently encrypted with a unique IV.
03. Digital Shredding Protocol
STEP 1: Cryptographic Erasure: The wrapped Data Encryption Keys (DEK) are wiped from all databases, rendering the file blob permanently unreadable noise.
STEP 2: Certified Proof: System generates a signed Deletion Certificate with a verifiable timestamp and original filename hash for audit trails.
04. Compliance Mapping
GDPR Article 17
Automated "Right to Erasure" enforcement via TTL-based shredding.
SOC2 Type II
Designed for enterprise-grade security and availability auditing.