Secure Data-in-Use, in-Transit, and at-Rest in PostgreSQL with NO code changes

Encrypt, tokenize, or mask at field-, row-, and/or column-level

Easier, faster, and better than pgcrypto at protecting data in AWS or Azure

  • Meets compliance requirements for GDPR and PCI, including data sovereignty, data residency, and the right to be forgotten
  • BYOK support for multi-tenancy at logical database and row-level
  • Revoking access to the key makes all copies of the data unreadable

No-Code Implementation

  • Baffle is easily implemented with minimal changes to applications and their underlying databases
  • Quickly protect data with a variety of encryption methods, without lengthy development of application-level encryption
  • SQL statements from application to database are unchanged

High-Performance Architecture

  • Baffle has been designed to encrypt/decrypt data at a high rate, with no impact on user experience
  • Proxy design ensures no impact to application and database performance
  • Modular architecture enables scaling for performance and availability requirements

Cryptographically-enforced Isolation

  • Baffle’s encryption ensures each department or customer’s data is compartmentalized from any other customer’s data
  • Accessing the data without the key leads to encrypted, anonymized text
  • Even data administrators can’t see the data in clear text without proper access