For any regulated organisation, emailing a passport scan, medical record, or financial document is a real data breach risk. Sovico Sanctum removes that risk by changing how the transfer works, not just adding a policy document to the pile.
Every sensitive document sent as an attachment sits unencrypted in an inbox, a sent folder, and a recipient's hard drive. One breach puts you in front of a regulator.
Standard upload portals route files through your web server — meaning your infrastructure processes the data. Under UK GDPR, that is a processing activity you must justify and document.
A malicious file emailed by a client — even an innocent-looking PDF — can enter your network unscanned, uncontained, and undetected.
Files go directly into the encrypted vault via a one-time secure link. Our servers never process or store the document. You are legally and technically out of the loop.
Every file is scanned the moment it lands. Clean files are verified and made available. Malicious files are destroyed and your team is alerted — before anything reaches your network.
On The Enclave tier, AI processing happens inside a hardware-isolated black box. Even as your provider, we physically cannot read your documents. In a regulatory audit, you can prove it.
You never send a document request by email — you send an entry token: a secure link with a 48-hour expiry and a one-time-use flag. There is no password for the recipient to lose, share, or leak. The link is the credential.
Our stateless processing engine ensures that documents and extracted data are sequestered immediately after the session ends. Data is never persisted, never cached, and categorically excluded from model training.
The Sovereign tier adds built-in identity verification through leading KYC partners. 30 checks per month are included. Verified identity data is repatriated immediately to your UK vault and deleted from the partner system — no PII lingers externally.
The Enclave tier processes documents inside a physically sealed hardware environment. AI generates summaries and extracts key data — but never has access to your raw files. Every matter receives a cryptographic attestation certificate as proof.