Share
Your data, your keys.
Raytio Share provides end-to-end encrypted storage and sharing for personal and business data. Data is encrypted in your browser before it is uploaded - AES-256-GCM, with keys derived from your password - so Raytio cannot read it. Sharing doesn't weaken that: the data's key is wrapped with the recipient's public key, so only they can unwrap it, and only for as long as you allow.
Business problems solved
The same documents sit in a hundred inboxes and CRMs, each one a breach waiting to happen.
Once data is emailed, the sender has no idea where it goes next.
And every re-entry introduces errors and delay.
How the encryption works
- Your master key is derived in your browser from two secrets: your password and a device-bound local secret (Argon2id, a memory-hard function). Neither secret, nor the key, ever leaves your device.
- Each data object is encrypted with its own key (AES-256-GCM), and that key is encrypted with your master key.
- To share, the object's key is wrapped with the recipient's public key - the data is never re-encrypted and your master key is never exposed.
- Verified facts carry a digital signature (RSA-PSS, hardware-held keys), so a recipient can prove the fact is genuine without asking us.
Features
Fill in your details once for a person, company or trust, and verify them once. Share them as often as you choose. Updates propagate rather than leaving stale copies behind.
Data can be shared in three ways.
- Private data shared privately - for example, a passport for AML due diligence.
- Signed badges shareable anywhere - over 18, holds a NZ passport, five years on Reddit.
- Anonymous data - rich, verified detail with your identity removed.
Keep an identifying profile holding your CV, work history and certificates, alongside pseudonymous handles carrying verified reputation and financial data. Third parties can make you genuine offers without knowing who you are.
Share selected data instantly with someone who doesn't have a Raytio account - they can view and verify without signing up.
Organisations request exactly the data they need through a structured form; the user sees precisely what is asked and consents field by field.
Every access to your data - every read, every share - is recorded in an append-only audit log you can inspect yourself.
Export and restore your keys. Hardware security keys are supported for sign-in.
Three ways to share
Different situations need different kinds of disclosure, and forcing them all through one mechanism is how oversharing happens. Raytio supports three, and all of them rest on verification: the information has been verified by Raytio rather than self-asserted.
Identifying data is encrypted in your browser to one named recipient, for one purpose - for example, a passport for AML due diligence. Only they can decrypt it. Every access is logged, and you can revoke it.
A badge is a signed fact rather than a document: over 18, holds a NZ passport, five years on Reddit. Anyone can check it against our published public key. The fact is proven without re-disclosing what sits behind it - you never hand over the file.
Rich, verified data is published with the identity removed. The metadata is deliberately fuzzed - rounded bands, coarse dates - so it cannot be traced back. A pseudonymous profile with real transaction history can receive genuine finance offers from providers who cannot identify its owner.
The cryptography
Data is encrypted with AES-256-GCM, using a unique key per data object and a unique 96-bit IV per encryption. Encryption happens in the browser with the native Web Crypto API - no custom cryptography.
Your master key is derived with Argon2id - a memory-hard function that makes brute force slow and expensive - from two secrets: your password and a local secret bound to your device. A phished password alone cannot unlock your data, and neither can a stolen device.
A shared object's key is wrapped with the recipient's RSA-OAEP (SHA-256) public key. The data itself is never re-encrypted; your master key is never exposed.
Verified facts are signed RSA-PSS with SHA-512 and 4096-bit keys. The keys are held in AWS KMS hardware, and the private key cannot be exported by anyone.
How team access works
Every data-collection form (an Access Application) has its own key pair, separate from any person's keys. Granting a colleague access happens entirely on the owner's device:
The application's private key is re-encrypted with each authorised user's personal public key. Each person can decrypt only their own copy, and the server never sees the key unwrapped.
Only the application key is wrapped for the new user - submissions stay untouched.
Removing a person deletes their wrapped copy, instantly, without affecting anyone else's access.
Views, Edits and Admins - all can decrypt submissions; they differ in who may change the application and manage access.
Forwarding between organisations (WADEK)
When a submission is forwarded to another organisation, the data itself is never decrypted in transit or on the server. Each encrypted field has its own data encryption key, and only those keys are re-wrapped:
Every encrypted field carries its own data encryption key (DEK), so sharing can be as granular as a single field.
Each DEK is unwrapped client-side and re-wrapped with the destination application's public key (a WADEK) - the submission data is never decrypted on the server.
Source and destination keep separate encryption boundaries, and the original provider's keys are never revealed to the destination.
The data receiver's toolkit
Collecting encrypted data is a whole workflow. Receivers get the full lifecycle:
Collect through shareable links, printed QR codes, forms embedded in your own site, or emailed requests to a specific person. Everything runs under your branding.
See which requests are outstanding, resend them, and get notified by email or webhook the moment a submission arrives.
Review each submission with its verification detail, move it through your process, share it onward, or download a report.
Staff can complete a check on a client's behalf - in the office, on the phone - and it lands in submissions like any other.
What Raytio can and cannot see
Ciphertext, wrapped keys, and the minimum metadata needed to route shares and send notifications.
Your data, your password, your keys. Decryption requires your key material, which exists only on your devices.
Every access to your data appears in your Paper Trail - an append-only log you inspect yourself.
Raytio cannot read your data. The architecture guarantees it.
Where Share is used
AML/CFT compliance
Customer due diligence that's fast for the client and audit-ready for you.
Read more →How data sharing works → · How encryption works → · Data receiver guides →
Verified customers, protected data, and agents you can hold to account.