One API gives every client and employee a private capsule for documents, communication, AI access and personal records.
For every business, at any size, free to start. Not a patch on today’s compliance stack, but the layer built for tomorrow.
# 1 · get a free sandbox key curl -X POST https://api.nodatacapsule.com/v1/register \ -d '{"company":"Acme"}' # 2 · scan, classify, approve & seal — content-blind, on-device npx @nodatachat/capsule-agent --vault-api \ --source ./customer-docs --apply --zk
Text arrives over TLS, the server seals it under a KMS-wrapped key, and AI reads are denied by default until you grant a scope. The easy path, and the base for metered access.
The capsule’s keypair is generated locally. Each document is encrypted to the capsule’s public key on-device; only ciphertext is uploaded. NoData holds a vault it can never open.
Keep data out of AI by default. Open exactly what you choose, and prove what was read.
An AI agent gets a scoped grant and reads only the classifications inside it. Everything else is skipped, not filtered: the model never receives the bytes, so nothing can leak through a prompt.
In a zero-knowledge capsule, even a granted read runs client-side under the person’s key. NoData never decrypts for a model. Every read is a signed, verifiable receipt.
| Area | Endpoint | State |
|---|---|---|
| Onboard | POST /v1/register · /register/resend | ✓ live |
| Capsules | POST·GET /v1/capsules · GET·DEL /v1/capsules/{id} | ✓ live |
| Documents | POST·GET /v1/capsules/{id}/documents (managed + zk ingest) | ✓ live |
| ZK read | GET /v1/capsules/{id}/zk-documents/{docId} | ✓ live |
| AI control | POST /ai-grants · POST /ai-read (deny-by-default) | ◐ code |
| Manage | /members · /revoke · /audit · /embed-token | ◐ code |
| Scanner | /scan/findings · /scan/approve · /scan/execute · install-token | ✓ live |
Walks the folder on the developer’s machine. Israeli-ID checksum, IBAN, card Luhn, secrets, EN/HE PII, privilege — all deterministic.
public / internal / confidential / attorney_client per file, grouped one capsule per customer. Values never recorded.
The capsule only suggests. You approve each policy, the legal record, as a signed, content-free receipt.
Managed, or --zk for on-device encryption. Only ciphertext + the label you approved ever leaves.
It pays for itself the first portal you don’t build, and the first breach you don’t own.