Data security designed for modern threats

The most effective and efficient way to protect sensitive data

Ubiq’s API-first approach is the easiest and most effective way to protect sensitive data from unauthorized access or exposure.

How Ubiq can help you

Automate secure key management

Efficiently manage key lifecycle and algorithm usage, and leverage FIPS 140-2 compliant HSM key storage.

Enable rapid compliance

Uniquely protect each sensitive data element, with full audit and logging capabilities in a single dashboard.

Get started in minutes

Integrate client-side encryption, tokenization, and masking into your environment in minutes, without having to restructure your storage infrastructure.

Reduce the risk of data theft

We enable you to encrypt, tokenize, and mask sensitive data within infrastructure, so attackers, insider threats, cloud providers, and not even Ubiq have access to your data or keys.

Protect any data type

Encrypt, tokenize, or mask structured or unstructured data, wherever it lives - databases, data warehouses, files - on-premise or in the cloud.

Integrate across your environment

Integrate data security into applications, databases and datawarehouses, API gateways, and SaaS applications with ease and flexibility.

How to get started

Create a free account and define your data types in under 2 mins.
Retrieve your API keys and integrate the Ubiq library.
Add a few lines of code or configuration to access Ubiq’s API to secure data.
No other changes to your infrastructure or how and where you store data. And your data never leaves your environment.

Into the future of data security

An efficient, effective approach to protecting sensitive data.

10 min

to go live

20+ integrations



Data Type


ubiq = require('ubiq-security' 1.0.5)

const credentials =
    new ubiq.Credentials('T31i/+eZAsURqVOO/0WfkGqd',

plaintext_data = 'ABC'

encrypted_data = await ubiq.encrypt(credentials, plaintext_data)

decrypted_data = await ubiq.decrypt(credentials, encrypted_data)

Stop wasting resources acquiring, managing, and building tools.

We obsess over simplifying the complexities of data security and key management through elegant abstractions, allowing you to avoid the costly and time-consuming acquisition and management of cumbersome tools, or the months spent developing and rolling your own crypto.

Identification and Authentication Failures

An attacker performs a credential stuffing attack to gain access to privileged accounts and plaintext data.

A07:2021 – Identification and Authentication Failures
Broken Access Control

An attacker modifies an access control check or metadata to get access to privileged accounts and plaintext data.

A01:2021 – Broken Access Control

The use of a blind trust application framework allows an attacker to exploit a vulnerable query and get access to plaintext data.

A03:2021 – Injection
Insider threats

An employee with (database, cloud, etc.) admin access can easily access plaintext data.

Supply chain attacks

Your cloud provider suffers a security breach, which grants attackers access to plaintext data.

Advanced attackers

You suffer a security breach, and the attackers compromise (database, cloud, etc.) admin credentials to access plaintext data.

Frequently asked questions

1. Can I create multiple API Keys per Dataset?

Yes – you can create and associate multiple unique API keys per Dataset.

2. What encryption algorithms do you currently support?

We currently support AES-256-GCM and AES-128-GCM for unstructured data, and the NIST FF1 method for structured data, with support planned for additional algorithms in the future. Please feel free to reach out if you have specific needs.

3. What is your standard key rotation policy? Can the key rotation policy be customized?

By default and upon creation, both Primary Keys and Data Encryption Keys are scheduled to rotate annually. You have the flexibility to adjust the rotation schedule to  3, 6, 12, 18, 24, or 36 month intervals.

4. Where are my encryption keys stored?

Data Encryption Keys are stored with your encrypted data within your (customer) infrastructure. Data encryption keys are never sent to Ubiq.

Primary Encryption Keys are stored within FIPS 140-2 Level-3 compliant Hardware Security Modules (HSMs) within Ubiq’s SaaS infrastructure.

More FAQs

Get radically effective data-level security. Get Ubiq.