Encrypt your data

Evervault Relay

Automatically encrypt sensitive data at the field-level before it enters your app, and decrypt it as it leaves. Integrate in 5 minutes by including our SDK and changing a DNS record.

Sign up with mobile


By signing up, you agree to our Terms of Service.

Collect user data

A user inputs sensitive data in your UI and sends a request to your server.

Through a simple DNS change, you configure your API to route inbound requests through Relay.






Inbound requests are intercepted and encrypted by Relay before being sent to your server.

1const Evervault = require('@evervault/sdk');
2const twilio = require('twilio')(accountSid, authToken);
4app.post('/', function (req, res) {
5  try {
6    let { firstName, mobileNumber } = req.body;
7    const message = await twilio.messages
8    .create({
9      body: `Hi ${firstName}, your verification code is 123456.`,
10      from: '+123456789',
11      to: mobileNumber,
12    })
13    res.status(200).json({ message });
14  } catch (error) {
15    res.status(500).json(error);
16  }

Use encrypted data

Your server sends a request to a third-party API and a response to your client.

You can send encrypted data to third-party APIs just like you would with ordinary, plaintext data.

By including our SDK, Relay will automatically intercept and decrypt data before being sent to the API.

You can also process encrypted data yourself using code deployed to Cages.






Outbound requests are intercepted and decrypted by Relay before being returned to your UI or sent to a third-party.


Sign up with mobile

(415) 091-1945

By signing up, you agree to our Terms of Service.

Render user data

The decrypted response from your server is rendered in plaintext on your UI.

Relay scans the response from your server for Evervault-encrypted data and automatically decrypts it before it reaches your users.

Forever encrypted

Relay requires TLS 1.2 connections or above. All data passing through Relay is then encrypted at the field-level.

Encrypt any data

Relay supports payloads up to 10MB, and all data types — including JSON, form data, and GraphQL.

Performant at scale

Relay is being deployed across multiple regions so that it runs within 10 milliseconds of any of your users worldwide. Relay can handle thousands of requests per second.

Minimal configuration

You can set up Relay in less than 5 minutes. Simply change a DNS record and include our SDK.

Reduced compliance scope

Evervault is a Level 2 PCI DSS Service Provider. If you store, process, or transmit cardholder data, Relay can simplify your PCI DSS scope.

Real time logging

Relay requests/responses are logged in real time in the Evervault Dashboard. Relay does not log request bodies.

How Relay works

Start encrypting sensitive data in minutes

Include Evervault SDK

Include and initialize our server-side SDK in your application.

Set Relay domain

Point your app to Relay and set its target using either an auto-generated Evervault domain or your own custom domain.

Add fields to encrypt

Select fields for Relay to automatically encrypt and decrypt, either globally or only on specific routes.

Relay Created!

Set the following record on your DNS provider to continue:







This is normally done where your domain was registered. Continue below to choose what fields you want to encrypt with Relay.



"firstName": "",

"lastName": "",

"phone": "",

"email": "",

"address": {

"street": "",

"city": "",

"state": "",


"userId": "",


Use cases

Protect your users and customers

Encrypting with Relay means that it doesn’t matter if your app gets breached because what gets breached is useless, unreadable data. Secure your most sensitive data and datasets.

"Teaming up with Evervault is as clear a statement we could possibly make to the communities we power. We do not — and never will — compromise on our customer’s privacy or the security of our data systems.

Bobby Healy, Manna Founder / CEO

Never have a data breach

Join 3,000 developers, founders, and businesses ending data breaches

Get started