Platform

How Enclave is built

A plain description of the modules, what they do, and what Katafract can see.

Most privacy products market a feature and hide the architecture. We publish the architecture. These pages are written for people who want to know how a service works before they trust it with their traffic, their DNS, or their files.

Enclave is seven modules. Each is independent — you can use Haven DNS without the VPN, or Vaultyx without Haven — but they share one property: we designed them so that the private parts of your data never reach our servers in a form we can read. Where that is impossible (a VPN node has to see packet routing metadata; a billing system has to see a Stripe customer ID), we say so.

The modules

ShroudNet

Network fabric

The WireGuard mesh that connects our nodes to each other. Not something you connect to directly.

WraithGate

VPN exit nodes

Global WireGuard endpoints. When you use the VPN app, this is the server your device hands traffic to.

Haven

DNS filtering

Industry-standard DNS filtering on every VPN node. Blocks ads, trackers, and malicious domains. No query logs.

Shards

Object storage

Multi-region, S3-compatible storage. Vaultyx stores its encrypted chunks here. We never hold your key.

Sigil

Token-based identity

How the apps authenticate you without holding an email, a password, or a name.

Control plane

Fleet operations

The API and scheduler that provisions VPN peers, handles billing, and operates the fleet. Our systems, not yours.

Trust posture

What we can see

A single page that lists, per module, what data Katafract can read, what we cannot, and why.

How to read these pages

Each page answers four questions in roughly the same order:

What is it? The function, in one sentence a non-engineer can parse.
How does it work? The stack. Protocol names, cryptographic primitives, deployment topology.
What can Katafract see? Concrete data we hold, for how long, and why.
What can Katafract not see? The things our architecture prevents us from knowing, even if we were compelled to disclose them.

Pages end with a short "What this means for you" note — what the architecture buys you, stated honestly. No upsell.

Why publish this

Trust is cheap to claim and expensive to verify. A product page that says "zero-knowledge encryption" without explaining where the key lives, which cipher does the work, and what the server actually stores is indistinguishable from one that says the same thing dishonestly. Describing the mechanism is the only way to let a technical reader check our claim against what is physically possible.

We publish this because our customers should be able to argue with our architecture. If you read these pages and find a claim that does not line up with the mechanism — tell us. hello@katafract.com.

Related transparency pages

Warrant canary — quarterly statement on legal process we have not received.
No-log policy — what the VPN and DNS modules do not store.
Privacy policies — per-app privacy documents.

What this means for you

You should be able to use a privacy tool without taking anyone's word for anything. These pages describe Enclave at the level of a VP-of-IT reading a vendor design review — protocol, primitive, trust boundary. Read whichever module you care about. Skip the rest.