home / solutions / process regulated data
regulated data

PHI, PCI, PII — processed
with cryptographic proof.

Regulated data processing demands provable controls. eCora gives you encryption in use — not just at rest — with hardware-signed attestation your auditors can verify.

start sealing how it works
eCora — compliance
0
plaintext in host memory
auto
audit evidence generated
HW
signed attestation
Data encrypted in use — not just at rest
Host OS sees only ciphertext during processing
Attestation report generated per processing run
Satisfies HIPAA, PCI-DSS technical controls
the challenge

Encryption at rest isn't enough when data is plaintext during processing.

Most cloud environments encrypt data at rest and in transit — but the moment regulated data enters a processing workload, it's decrypted in memory. Any process with host access can read it. Audit logs describe intent; they don't prove what actually happened.

Data decrypted in memory is readable by cloud administrators
No cryptographic evidence that controls were active during processing
Audit trails describe intent, not proof of enforcement
with eCora

Regulated data stays encrypted throughout. Proof is automatic.

eCora seals your data processing workload in a CPU-verified enclave. Regulated data enters the enclave, gets processed, and results exit — but the host OS sees only ciphertext throughout. A hardware-signed attestation report is generated at every run, ready for your auditors.

Data processed inside a hardware enclave — invisible to the host
Hardware-signed attestation proves controls were active during processing
Compliance evidence generated automatically — no manual attestation
the process

Provable encryption in use — without changing your processing logic.

01
package
Containerize your data processing workload
Package your processing logic as a standard Docker container. ETL pipelines, analytics workloads, ML training runs — any workload that handles regulated data. No code changes to the processing logic itself.
02
seal
Bind the workload to verified CPU hardware
eCora encrypts the container and binds it to verified CPU hardware. Only a genuine, attested enclave can decrypt and execute the workload. The sealed image is cryptographically locked before it leaves your environment.
03
process
Regulated data enters. The host never sees it.
Regulated data enters the enclave encrypted and is decrypted only inside. Results exit. A hardware-signed attestation report — proving encryption controls were active — is generated automatically at every run.
capabilities

Compliance-ready by default. No extra tooling required.

Encryption in use
Data stays encrypted in memory during processing. The host OS and cloud administrators see only ciphertext — even during active computation.
Automatic audit evidence
Every processing run generates a hardware-signed attestation report automatically. Hand it to your compliance team — no manual collection, no gaps.
HIPAA / PCI-DSS ready
Provable encryption in use satisfies the technical safeguards required by HIPAA, PCI-DSS, and SOC 2. Demonstrate control effectiveness rather than just intent.
Data residency control
Bind your sealed workload to specific CPU hardware, geographic regions, or cloud accounts. Enforce data locality requirements with cryptographic guarantees.