UK Patent Application No. 2602911.6

SCRS Data Firewall

Patent-pending AI security architecture. See how we protect sensitive data before it reaches any AI model.

Try the live demo Watch overview
Session: ...
Docs: 0
Revoked: 0

See SCRS in Action

A 3-minute walkthrough of the dual-gate architecture that keeps your data safe from AI exposure.

01

Paste Your Own Data

Paste any text containing personal information. Watch SCRS detect and redact PII in real time.

02

Live Chat Redaction

Type a message containing sensitive data. See two layers: what YOU typed vs what the AI receives.

Type a message and click "Send through SCRS"...
03

Try to Reverse the Redaction

We've pseudonymised this text. Can you figure out the original names, emails, or account numbers? Spoiler: you can't.

Loading challenge...
Why it's impossible: SCRS uses AES-256-GCM encryption with per-document keys. The pseudonyms ([PERSON_1], [EMAIL_2]) are random tokens with no mathematical relationship to the original values. Without the encryption key (which is stored in a separate KMS), reversal is computationally infeasible.
04

Key Revocation: The Kill Switch

When an employee leaves or data must be destroyed, SCRS permanently revokes the encryption key. Watch what happens.

Client: Sarah Johnson Account: 12345678 Balance: £234,500 Status: Active
Waiting for revocation...
05

Role-Based Access Control

Three personas with different access scopes. The same search behaves differently depending on who is asking.

Step 1: Pre-Loaded Corpus

This demo runs against a curated seed corpus — no uploads required.

Every document in the corpus has already been through SCRS:
1. Detected sensitive fields (PII/PCI/PHI) and applied a security label
2. Stored the real document AES-GCM encrypted in the secure store
3. Stored only a search representation (embedding + metadata) in the index
Use Step 2 (Query) to run queries against the seeded data.
T1 — Finance & Legal
4 documents: earnings memo, expense policy, press release, vendor contract
finance · legal

Uploads are disabled in this live demo so the attack surface stays limited to the curated corpus. To try your own documents, clone the repo and run locally.

Step 2: Security Pipeline

The pipeline prepares content for safe AI usage:
PII Detection: Identifies personal and regulated data
Sanitisation: Creates a safe representation for search and AI prompts
Policy Binding: Attaches scope rules (who can find, who can view)
Audit Logging: Records controls applied
Before any text is sent to an AI model, SCRS can redact it by policy.
System Corpus loaded. Ready to demonstrate the pipeline when you run a query.

Step 3: Secure Retrieval (Alice)

What happens when you search:
Gate 1 (Find): SCRS searches only inside Alice's authorised scope. Out-of-scope documents are not returned.
Gate 2 (Reveal): SCRS verifies access again and only then decrypts and shows readable content.
If verification fails, it fails closed (returns nothing).

Unauthorized Access Simulation

This demonstrates why SCRS is different from "filter later" systems: Bob cannot retrieve what he is not allowed to know exists.

Bob is an external consultant with:

  • Role: 'consultant'
  • Max Security Label: 'public'
  • Allowed Collections: 'legal' (NOT finance)
Active Scope Payload (JSON)
{ "tenant": "T1", "user_role": "consultant", "purpose": "review", "max_label": "public", "allowed_collections": ["legal"] }

Attempt Retrieval (Bob)

Try searching for the same document Alice can see in the seeded corpus.

Expected result: Bob should receive no readable content. The system blocks at Gate 1 (scope) or Gate 2 (decryption).

Secure Retrieval (Charlie - Doctor)

Can only see Healthcare documents. Compliance enforced.

Charlie can only retrieve Healthcare documents within his scope. Cross-domain data (e.g., Finance) is excluded by default.
06

Transparency: See the Code

Don't trust marketing claims -- verify the implementation yourself. Here's the actual encryption code running this demo.

AES-256-GCM Encryption (crypto.py) 
from cryptography.hazmat.primitives.ciphers.aead import AESGCM
import os

def encrypt(plaintext: bytes, key: bytes) -> bytes:
    """AES-256-GCM authenticated encryption.
    Returns: nonce (12 bytes) + ciphertext + tag (16 bytes)"""
    nonce = os.urandom(12)
    aesgcm = AESGCM(key)
    return nonce + aesgcm.encrypt(nonce, plaintext, None)

def decrypt(data: bytes, key: bytes) -> bytes:
    """AES-256-GCM authenticated decryption.
    Raises InvalidTag if tampered."""
    nonce, ciphertext = data[:12], data[12:]
    aesgcm = AESGCM(key)
    return aesgcm.decrypt(nonce, ciphertext, None)
Hash-Chain Audit Log (audit.py) 
import hashlib, json, datetime

def append_event(action, data, conn):
    """Append to hash-chained audit log.
    Each entry's hash = SHA-256(previous_hash + action + data)"""
    prev = get_last_hash(conn) or "GENESIS"
    payload = json.dumps({"action": action, "data": data,
                          "timestamp": datetime.datetime.utcnow().isoformat()})
    new_hash = hashlib.sha256(
        (prev + payload).encode()
    ).hexdigest()
    insert_event(conn, action, payload, new_hash, prev)
    return new_hash
Key Management Service (kms.py) 
class KeyManagementService:
    """In-memory KMS for demo. Production uses AWS KMS / Azure Key Vault."""

    def generate_document_key(self, tenant_id, doc_id):
        """Generate a unique 256-bit key per document."""
        key = os.urandom(32)  # 256 bits
        self._keys[(tenant_id, doc_id)] = key
        return key

    def revoke_document_key(self, tenant_id, doc_id):
        """Permanently destroy a document's encryption key.
        After this, the document's ciphertext is unrecoverable."""
        self._keys.pop((tenant_id, doc_id), None)
        # Key is gone. Data is dead. No backdoor.
UK Patent Application No. 2602911.6 — SCRS Dual-Gate Architecture
Companies House: 16742039 (Pop Hasta Labs Ltd)
07

Audit Trail

Every action during this demo has been logged with a tamper-evident hash chain. Click any entry to verify integrity.

Dual-Gate Architecture

Both gates must pass before ANY plaintext is revealed. Fail-closed by design.

User Request → Policy Processor

┌─────────────────────────────────┐
GATE 1: Scoped Retrieval
│ Tenant isolation │
│ Collection filtering │
│ Classification check │
└───────────────┬─────────────────┘
↓ Candidate Pointers (NO plaintext!)
┌─────────────────────────────────┐
GATE 2: Verify & Decrypt
│ Expiry validation │
│ Revocation check │
│ Integrity verification │
│ AES-256-GCM decryption │
└───────────────┬─────────────────┘
Authorized Results

Key Security Features

🔒
Zero-Knowledge Search

Vector index contains only sanitised embeddings. No PII exposed in search.

Instant Revocation

Revoke access immediately. Key deletion blocks decryption — no re-indexing needed.

🏢
Multi-Tenant Isolation

SQL-level tenant filtering prevents cross-company data leaks.

📝
Immutable Audit Log

SHA-256 hash-chained trail. Tamper-evident. Exportable for compliance.

Compliance & Regulatory Alignment

GDPR Ready

  • ✓ Purpose limitation
  • ✓ Consent management
  • ✓ Right to erasure (revocation)
  • ✓ Data minimisation (PII redaction)
  • ✓ Audit trails (immutable logs)

SOC 2 Controls

  • ✓ CC6.1 Logical access (dual-gate)
  • ✓ CC6.6 Encryption (AES-256-GCM)
  • ✓ CC7.2 Monitoring (audit logging)
  • ✓ CC7.3 Revocation (key deletion)

Industry Standards

  • ✓ ISO 27001 A.10 (Cryptography)
  • ✓ ISO 27001 A.9 (Access Control)
  • ✓ UK AADC (Children's Data)
  • ✓ ICO Data Sharing Code

Why Traditional AI Access Is Dangerous

Vector indexes contain plaintext — any breach exposes raw data
Single authorization check — insufficient for regulated industries
Revocation requires re-indexing — hours or days to remove access
Cross-tenant data leaks — compliance violations waiting to happen
In regulated industries, these failures lead to: GDPR fines (up to 4% of global revenue), PCI DSS violations, FCA/SRA penalties, and irreversible customer trust erosion.

Business Impact: ROI Analysis

Metric Without SCRS With SCRS
Data breach risk HIGH (plaintext exposed) LOW (encrypted + gated)
Revocation speed Hours/Days (re-index) Instant (key delete)
Compliance cost HIGH (manual controls) LOW (automated)
Tenant isolation Application-level Database-level
Employee offboarding Manual revocation One-click kill switch

Common Questions

Why two gates instead of one?
Defence in depth. Gate 1 prevents unauthorised candidates from ever appearing in results. Gate 2 provides independent verification before decryption. If either fails, no plaintext is revealed (fail-closed design).
What happens when an employee leaves?
The admin clicks one button to revoke their encryption key. Instantly, all their data becomes permanently unreadable — not deleted, not archived, but cryptographically destroyed. No backdoor, no admin override, no recovery. The audit trail records the revocation for compliance.
How does SCRS handle GDPR data residency?
The AccessScope includes geo-jurisdiction flags. Gate 1 filters by allowed regions. For US-based AI providers, all prompts pass through SCRS PII redaction first — the AI model never sees raw personal data. We are pursuing Standard Contractual Clauses (SCCs) with each provider.
What's the performance overhead?
Gate 1 filtering is SQL-level (fast). Gate 2 verification adds ~10-50ms per document depending on KMS latency. For 5 results, total overhead is ~50-250ms. This is acceptable for security-critical operations and invisible to end users.
Can I bring my own AI keys (BYOK)?
Yes. Enterprise customers can use their own OpenAI, Anthropic, Google, or xAI API keys. Keys are encrypted with AES-256-GCM using org-derived keys and decrypted per-request. Your data never touches our AI accounts.
Is this just a demo or a real product?
This demo runs real SCRS encryption and PII detection — it's not simulated. The full production system is live at pophastalabs.com powering the Other Me platform for families, businesses, and enterprises across the UK.

Your SCRS Compliance Score

Based on your demo session, here's how SCRS would protect your organisation.

0% Protected
0
PII Entities Detected
0
Documents Secured
0
Unauthorized Blocked

SCRS protection for everyone

Whether you're a parent, a business owner, or an enterprise CISO — your data deserves a firewall.

👨‍👩‍👧‍👦

For Families

£24/mo

Up to 6 members. Parental controls, engagement tracking, weekly brain health reports.

Protect your family
MOST POPULAR
🏢

For Small Business

£99/mo

Up to 8 users + £15/extra. Admin dashboard, audit trail, team policies, offboarding.

Start 7-day trial
🏛

For Enterprise

£297+/mo

SCRS API, BYOK, 50GB+/user, RBAC, compliance export, webhooks, IP allowlisting.

Talk to sales
Compare all plans →

Get in touch or request your security assessment

Fill in the form below and we'll send you a detailed report + get back to you about how SCRS can protect your organisation.

Download the SCRS Technical Whitepaper
Submit the form below and tick the option to receive a PDF copy of the full architecture deep-dive (25 pages, patent GB 13361 reference).
AES-256-GCM
UK Patent Pending
Companies House 16742039
GDPR Compliant
Hash-Chain Audit
For Technical Evaluators
🧮 Verify the Mathematics
Click to expand 4 interactive cryptographic proofs

Proof 1: Encryption Correctness

AES-256-GCM provides authenticated encryption — the ciphertext is both confidential AND tamper-proof.

✅ Correct Key
plaintext = "Client: Sarah Johnson"
key = generate_key(256 bits)
ciphertext = AES_GCM_encrypt(plaintext, key)
result = AES_GCM_decrypt(ciphertext, key)
→ result == plaintext ✓
❌ Wrong Key
wrong_key = generate_key(256 bits)
result = AES_GCM_decrypt(ciphertext, wrong_key)
→ AUTHENTICATION FAILED
→ InvalidTag exception raised
→ Zero plaintext revealed
Why this matters: Brute-forcing a 256-bit key would require 2256 attempts — that's more operations than atoms in the observable universe. Even with every computer on Earth working together, it would take longer than the age of the universe.

Proof 2: Scope Isolation

Gate 1 enforces tenant and collection isolation at the database query level — not application level.

✅ Alice (Admin, Tenant T1)
scope = {tenant: "T1", collections: ALL}
query("earnings report")
→ 3 results from finance, legal
❌ Bob (Consultant, Tenant T1)
scope = {tenant: "T1", collections: ["legal"]}
query("earnings report")
→ 0 results (finance excluded from scope)
Why this matters: The SQL WHERE clause filters at the database level: WHERE tenant_id = ? AND collection_id IN (?). Out-of-scope documents never enter the candidate set — they're not "filtered out," they're never found.

Proof 3: Tamper Detection

The audit trail uses SHA-256 hash chaining. Modifying any record breaks the chain — making tampering instantly detectable.

Record 1:
data = "user:alice action:ingest doc:d1"
hash_1 = SHA256("GENESIS" + data)
→ hash_1 = a3f2b8c1...
Record 2:
data = "user:bob action:query doc:d1"
hash_2 = SHA256(hash_1 + data)
→ hash_2 = 7e4d9f2a...
✅ Unmodified Chain
verify(hash_2) → valid
SHA256(hash_1 + record_2) == hash_2 ✓
❌ Tampered Record
modify record_1 → hash_1 changes
SHA256(new_hash_1 + record_2) ≠ hash_2 ✗
→ CHAIN BROKEN — tampering detected

Proof 4: Irreversible Revocation

When an encryption key is revoked, the data becomes permanently unrecoverable — by design.

Before Revocation:
key_store = {doc_d1: key_abc123}
decrypt(ciphertext, key_abc123) → "Client: Sarah Johnson"
After Revocation:
key_store = {doc_d1: DELETED}
decrypt(ciphertext, ???) → IMPOSSIBLE
No key exists. No admin override. No recovery.
❌ Attacker with Database Access
SELECT ciphertext FROM documents
→ Has ciphertext bytes ✓
→ Has NO key to decrypt ✗
→ Data is permanently dead
❌ Admin with Full Server Access
Key was in memory only
Memory wiped on revocation
→ Even the admin cannot recover
→ Provable GDPR Art 17 compliance
GDPR implications: This satisfies Article 17 (Right to Erasure) and Article 5(1)(e) (Storage Limitation). The data isn't just deleted — it's mathematically proven to be unrecoverable. No forensic tool can retrieve it.