Getting Started

Kustodyan is a complete data protection service aimed at SaaS vendors. Your application calls a single data-transformation API. The protection logic (which fields, which transformation, who can read what) is configured in the CoreAdmin (/coreadmin) portal instead of being hard-coded in your application.

That means your application stores ciphertext or tokens, never cleartext. Protection rules can change without redeploying your application. Every protect, unprotect, and access request is logged.

How it works

You define once, in the portal, who can access the data, which operations are allowed, and which transformations to apply to it. Your application authenticates with client credentials and obtains a short-lived token. Your application calls POST /transform with the data and a small set of evidence key-value pairs. The engine uses the evidence to pick the right access rule and the right transformation.

The same endpoint handles protect, unprotect, search, and any other operation your configuration defines. The selected operation comes from the context.