Security & compliance

Zero-knowledge, by architecture

Wooblywoo is built so that a breach of your cloud, a vendor, or a counterparty yields nothing but ciphertext. Keys never touch the page, never transit the network, and never outlive the session.

Client-side key vault

Decryption happens in an isolated client vault — keys stay out of the web page's context and are immune to page-level scraping or XSS.

Identity-gated, ephemeral keys

Access is brokered through Okta, Azure AD or Ping. Keys are short-lived and in-memory; offboarding in your IdP cuts access everywhere at once.

Field-level RBAC

Authorization is enforced down to the document, table or field — the same asset renders differently for a principal, an analyst and a contractor.

Tamper-resistant audit

Every decryption — who, what, when, from where — streams to Splunk or Datadog, turning access into audit evidence.

Aligned to the frameworks your auditors use

Wooblywoo is designed to support your controls and evidence-gathering across regulated regimes.

SOC 2 Type II

Access, confidentiality and monitoring controls backed by a continuous audit stream.

HIPAA

PHI stays encrypted end-to-end; minimum-necessary access enforced at the field level.

ISO 27001

Cryptographic controls, access management and logging mapped to Annex A.

GLBA

Safeguards for nonpublic personal information shared with service providers and counterparties.

SOX

Segregation-of-duties and information-barrier enforcement with immutable access records.

GDPR

Data-minimization and purpose-limited disclosure with instant revocation and residency options.

Straight answers for security leaders

Browser-based decryption — isn't that an attack surface?

Decryption runs in an isolated client-side vault, not in the page's JavaScript context, so page-level XSS or malicious scripts can't reach keys or plaintext. For enterprise deployments we ship signed artifacts you distribute through your own MDM (Jamf, Intune, Google Admin) rather than a public store.

If our cloud or a vendor is breached, what's actually exposed?

Ciphertext. Because assets are encrypted before they leave your control, a compromise of the host, a SaaS portal, or a counterparty's storage yields structure-anonymized noise. To read anything, an attacker would have to compromise an authorized endpoint during an active, authorized session — eliminating the single catastrophic bulk leak.

How do we revoke access to something already downloaded?

There is no usable plaintext copy to leave behind — downloads remain encrypted and are only rendered under a live, identity-gated key. Pull the grant or deactivate the user in your IdP and the key stops being issued, so access ends everywhere at once.

How does this help us pass an audit?

Every decryption event is logged with actor, asset, field, timestamp and origin, and streamed to your SIEM. Combined with field-level RBAC, that converts "we trust our controls" into a queryable evidence trail auditors accept for SOC 2, HIPAA and ISO 27001.

Bring your security team

We'll walk your CISO and compliance leads through the architecture and threat model, and scope a controlled pilot.

Request access