Skip to main content

Share

Your data, your keys.

Raytio Share provides end-to-end encrypted storage and sharing for personal and business data. Data is encrypted in your browser before it is uploaded - AES-256-GCM, with keys derived from your password - so Raytio cannot read it. Sharing doesn't weaken that: the data's key is wrapped with the recipient's public key, so only they can unwrap it, and only for as long as you allow.

Business problems solved

Every organisation hoards copies

The same documents sit in a hundred inboxes and CRMs, each one a breach waiting to happen.

Emailed data can't be recalled

Once data is emailed, the sender has no idea where it goes next.

People re-enter the same information endlessly

And every re-entry introduces errors and delay.

How the encryption works

  1. Your master key is derived in your browser from two secrets: your password and a device-bound local secret (Argon2id, a memory-hard function). Neither secret, nor the key, ever leaves your device.
  2. Each data object is encrypted with its own key (AES-256-GCM), and that key is encrypted with your master key.
  3. To share, the object's key is wrapped with the recipient's public key - the data is never re-encrypted and your master key is never exposed.
  4. Verified facts carry a digital signature (RSA-PSS, hardware-held keys), so a recipient can prove the fact is genuine without asking us.

Features

Reusable encrypted profiles

Fill in your details once for a person, company or trust, and verify them once. Share them as often as you choose. Updates propagate rather than leaving stale copies behind.

Three ways to share

Data can be shared in three ways.

  • Private data shared privately - for example, a passport for AML due diligence.
  • Signed badges shareable anywhere - over 18, holds a NZ passport, five years on Reddit.
  • Anonymous data - rich, verified detail with your identity removed.
Multiple profiles

Keep an identifying profile holding your CV, work history and certificates, alongside pseudonymous handles carrying verified reputation and financial data. Third parties can make you genuine offers without knowing who you are.

RapidShare

Share selected data instantly with someone who doesn't have a Raytio account - they can view and verify without signing up.

Structured requests

Organisations request exactly the data they need through a structured form; the user sees precisely what is asked and consents field by field.

Paper Trail

Every access to your data - every read, every share - is recorded in an append-only audit log you can inspect yourself.

Key backup and recovery

Export and restore your keys. Hardware security keys are supported for sign-in.

Three ways to share

Different situations need different kinds of disclosure, and forcing them all through one mechanism is how oversharing happens. Raytio supports three, and all of them rest on verification: the information has been verified by Raytio rather than self-asserted.

PeopleBusinessesAI agentsRaytioverifiedencryptedconsentedPrivate shareone recipientPublic badgesigned factAnonymous datano identity

Identifying data is encrypted in your browser to one named recipient, for one purpose - for example, a passport for AML due diligence. Only they can decrypt it. Every access is logged, and you can revoke it.

A badge is a signed fact rather than a document: over 18, holds a NZ passport, five years on Reddit. Anyone can check it against our published public key. The fact is proven without re-disclosing what sits behind it - you never hand over the file.

Rich, verified data is published with the identity removed. The metadata is deliberately fuzzed - rounded bands, coarse dates - so it cannot be traced back. A pseudonymous profile with real transaction history can receive genuine finance offers from providers who cannot identify its owner.

The cryptography

Data encryption

Data is encrypted with AES-256-GCM, using a unique key per data object and a unique 96-bit IV per encryption. Encryption happens in the browser with the native Web Crypto API - no custom cryptography.

Key derivation

Your master key is derived with Argon2id - a memory-hard function that makes brute force slow and expensive - from two secrets: your password and a local secret bound to your device. A phished password alone cannot unlock your data, and neither can a stolen device.

Sharing

A shared object's key is wrapped with the recipient's RSA-OAEP (SHA-256) public key. The data itself is never re-encrypted; your master key is never exposed.

Signatures

Verified facts are signed RSA-PSS with SHA-512 and 4096-bit keys. The keys are held in AWS KMS hardware, and the private key cannot be exported by anyone.

How team access works

Every data-collection form (an Access Application) has its own key pair, separate from any person's keys. Granting a colleague access happens entirely on the owner's device:

One key, one wrapped copy per person

The application's private key is re-encrypted with each authorised user's personal public key. Each person can decrypt only their own copy, and the server never sees the key unwrapped.

Adding a person never re-encrypts data

Only the application key is wrapped for the new user - submissions stay untouched.

Revocation is one deletion

Removing a person deletes their wrapped copy, instantly, without affecting anyone else's access.

Three permission levels

Views, Edits and Admins - all can decrypt submissions; they differ in who may change the application and manage access.

Forwarding between organisations (WADEK)

When a submission is forwarded to another organisation, the data itself is never decrypted in transit or on the server. Each encrypted field has its own data encryption key, and only those keys are re-wrapped:

Per-field keys

Every encrypted field carries its own data encryption key (DEK), so sharing can be as granular as a single field.

Re-wrap, don't re-encrypt

Each DEK is unwrapped client-side and re-wrapped with the destination application's public key (a WADEK) - the submission data is never decrypted on the server.

Independent boundaries

Source and destination keep separate encryption boundaries, and the original provider's keys are never revealed to the destination.

The data receiver's toolkit

Collecting encrypted data is a whole workflow. Receivers get the full lifecycle:

Collect any way that suits

Collect through shareable links, printed QR codes, forms embedded in your own site, or emailed requests to a specific person. Everything runs under your branding.

Requests you can track

See which requests are outstanding, resend them, and get notified by email or webhook the moment a submission arrives.

Submission workflow

Review each submission with its verification detail, move it through your process, share it onward, or download a report.

Identity Check

Staff can complete a check on a client's behalf - in the office, on the phone - and it lands in submissions like any other.

What Raytio can and cannot see

We hold

Ciphertext, wrapped keys, and the minimum metadata needed to route shares and send notifications.

We cannot read

Your data, your password, your keys. Decryption requires your key material, which exists only on your devices.

You can verify

Every access to your data appears in your Paper Trail - an append-only log you inspect yourself.

Raytio cannot read your data. The architecture guarantees it.

Where Share is used

AML/CFT compliance

Customer due diligence that's fast for the client and audit-ready for you.

Read more →

Customer onboarding

Verified customers from the first form.

Read more →

Agent credentialling

Give AI agents credentials you can time-box and revoke.

Read more →

Secret management for AI

Stop pasting API keys into prompts.

Read more →

How data sharing works · How encryption works · Data receiver guides

Verified customers, protected data, and agents you can hold to account.