tiCrypt Front-End Components

TL;DR:tiCrypt lets users collaborate and process data securely by combining isolated vaults, encrypted groups, drives (in VMs), and controlled project access - without ever exposing underlying data.

tiCrypt front end consists of three primary components:

  • Vault
  • Virtual Machines
  • Management

Vault

An end-to-end encrypted file storage system (similar to Google Drive) that protects data at rest and in transit while enabling secure collaboration without exposure. Each user has a fully isolated, encrypted vault under their sole control - no admin or system can access data unless explicitly shared. Users can import data from Dropbox, Google Drive, OneDrive, Box, local machines, or via SFTP for large transfers, and share it securely with granular permissions such as time-bound access or controls for viewing, downloading, or editing.

Groups of Users

Users operate within structured teams to enable controlled collaboration. Every user belongs to a team, which defines the organizational boundary.

Within and across teams, users form groups. Groups act as secure collaboration spaces where only approved members can access shared content. Permissions control exactly what each member can do - view, download, or edit - reducing risk while enabling teamwork.

Access Rights

  • Team Membership: defines organizational inclusion
  • Group Membership: defines collaboration scope
  • Project Membership: defines workload access

All three work together to clearly define who can access what, eliminating ambiguity and reducing the risk of over-permissioned users.

Projects Handling at Scale

Access is enforced, not assumed: users must be part of both the group and the project to access sensitive data.

Projects organize work securely across teams and groups. Files, folders, and drives can be assigned to projects, ensuring that only authorized users can access them.

Projects can also enforce security levels, ensuring only users with the required certifications can participate - supporting compliance without slowing operations.

Additionally, tiCrypt enables secure collaboration with external contributors through controlled ingestion methods such as inboxes and SFTP. Data remains contained within the environment, preventing unauthorized extraction while still allowing seamless contribution workflows.

Virtual Machines (VMs)

Virtual machines provide a secure workspace where users can process data without moving it outside the environment.

Users can bring their own compute resources, including GPUs, enabling high-performance workloads directly within a secure setting. Data is processed where it lives - reducing risk and improving efficiency.

Each VM includes encrypted drives tied to the user. Drives remain isolated per user and session, ensuring that workspaces are private and secure by default.

Users can share VMs for collaboration, including shared encrypted storage, while still maintaining controlled access boundaries. Each user retains private workspace directories within the VM. No admin can access these unless explicitly shared by the user.

VMs can be assigned to projects, enforcing the same access controls across compute and storage. Only users with the correct project membership - and required certifications, if applicable - can access them.

Group and project memberships combine to define access inside the VM, ensuring consistency across the platform.

Users can run multiple terminals within a VM and move data securely between the VM (processing) and Vault (storage).

Cluster VMs allow multiple machines to work together, enabling high-performance workloads with shared compute, memory, and storage - without compromising isolation. Secure access methods such as SFTP are supported for controlled data movement.

Management

A centralized layer for secure administration at scale, maintaining strict access boundaries.

Admins can delegate responsibilities by assigning teams and groups to sub-admins, enabling scalable operations. All users and admins operate within teams. Admins assign profiles to users, defining access to system components such as Vault, VMs, and Management. Permissions align with NIST 800-171 control families, and large workflows can be segmented into subprojects.

Admins can view system structure (teams and groups) but cannot access user data - preserving user control and privacy.

Admins can manage virtual machine environments through the front end, coordinating resources and configurations without direct exposure to user data.

This includes managing compute resources, storage, VM configurations, and deployment profiles to support different workloads.

Additional controls include branding, authentication methods (SSO), compliance banners, terms of service, and custom metadata fields for teams and projects.

Auditing

A dedicated auditing system supports compliance and oversight without compromising data security.

Provides a full, tamper-resistant audit trail from system deployment to present.

Includes cryptographically isolated audit logs, system-wide alerts, prebuilt compliance reports, and SQL query access to event logs for detailed analysis.

Conclusion

Nothing is visible unless explicitly shared - and even then, only under strict membership and security rules.