Data encryption designed for modern threats

The most effective and efficient way to protect sensitive application data

Ubiq’s API-first approach is the easiest and most effective way to protect sensitive data from unauthorized access or exposure.

How Ubiq can help you

Automate secure key management

Efficiently manage key lifecycle and algorithm usage, and leverage FIPS 140-2 compliant HSM key storage.

Enable rapid compliance

Encrypt application data by default, with full audit and logging capabilities in a single dashboard.

Get started in minutes

Integrate application-native client-side encryption into your applications in minutes, without having to restructure your storage infrastructure.

Reduce the risk of data theft

We enable you to encrypt data within your application infrastructure, so attackers, insider threats, cloud providers, and not even Ubiq have access to your data or keys.

Protect any data type

Encrypt structured or unstructured data, wherever it lives - databases, data warehouses, files - on-premise or in the cloud.

Integrate into any application type

Integrate encryption into mobile or IoT, front-end, mid-tier, or back-end application architectures with ease and flexibility.

How to get started

Create a free account and register your application in minutes.
Retrieve your API keys and download your language-specific client library.
Add a few lines of code to call encrypt() or decrypt() methods where your application needs to encrypt or decrypt data.
No other changes to your application or how and where you store data. And your data never leaves your environment.

Into the future of encryption

An efficient, effective approach to protecting sensitive application data.

10 min

to go live

10 languages



Data Type


ubiq = require('ubiq-security' 1.0.5)

const credentials =
    new ubiq.Credentials('T31i/+eZAsURqVOO/0WfkGqd',

plaintext_data = 'ABC'

encrypted_data = await ubiq.encrypt(credentials, plaintext_data)

decrypted_data = await ubiq.decrypt(credentials, encrypted_data)

Stop figuring out crypto, start writing code.

We obsess over hiding away the complexity and intricacies of encryption and key management through elegant abstractions, so you don’t need to spend months developing and rolling out your own crypto or the time, money and resources acquiring, deploying, and managing encryption tooling.

Identification and Authentication Failures

An attacker performs a credential stuffing attack to gain access to privileged accounts and plaintext data.

A07:2021 – Identification and Authentication Failures
Broken Access Control

An attacker modifies an access control check or metadata to get access to privileged accounts and plaintext data.

A01:2021 – Broken Access Control

The use of a blind trust application framework allows an attacker to exploit a vulnerable query and get access to plaintext data.

A03:2021 – Injection
Insider threats

An employee with (database, cloud, etc.) admin access can easily access plaintext data.

Supply chain attacks

Your cloud provider suffers a security breach, which grants attackers access to plaintext data.

Advanced attackers

You suffer a security breach, and the attackers compromise (database, cloud, etc.) admin credentials to access plaintext data.

Frequently asked questions

1. Can I create multiple API Keys per Dataset?

Yes – you can create and associate multiple unique API keys per Dataset.

2. What encryption algorithms do you currently support?

We currently support AES-256-GCM and AES-128-GCM for unstructured data, and the NIST FF1 method for structured data, with support planned for additional algorithms in the future. Please feel free to reach out if you have specific needs.

3. What is your standard key rotation policy? Can the key rotation policy be customized?

By default and upon creation, both Primary Keys and Data Encryption Keys are scheduled to rotate annually. You have the flexibility to adjust the rotation schedule to  3, 6, 12, 18, 24, or 36 month intervals.

4. Where are my encryption keys stored?

Data Encryption Keys are stored with your encrypted data within your (customer) infrastructure. Data encryption keys are never sent to Ubiq.

Primary Encryption Keys are stored within FIPS 140-2 Level-3 compliant Hardware Security Modules (HSMs) within Ubiq’s SaaS infrastructure.

More FAQs

Setup is quick and easy

Uplevel your data protection. Integrate in minutes.

Create a FREE account instantly and start encrypting data or get in touch to discuss a custom package for your organization.