Sombra (end-to-end encryption)

Sombra is an encryption gateway that secures your data.


By design, it is not possible for Transcend to see your data, so that if Transcend were hacked, it would not present a security issue to customers. This document explains how we achieve that with an extremely lightweight on-premise security module. It is a single Node server with zero storage requirements. It is only accessible to Transcend and your internal servers.

Transcend is not interested in your data, and we never receive access to it. When one of your users requests to view an export of their personal data, Transcend compiles that user’s data across your systems and provides it to the user. To build your user’s data export file asynchronously across your data systems, Transcend temporarily stores the user's data in an encrypted format. All data is encrypted by our API gateway (called Sombra) before being stored in Transcend. Once all the data is compiled, it’s provided to the user and decrypted on their end.

Crucially, because the data is encrypted by Sombra and decrypted client-side, Transcend never sees your user’s unencrypted data.


Sombra is an encryption engine within the Transcend API that encrypts your data before sending it to Transcend’s cloud storage. That way, the data is not visible to Transcend. Sombra is a simple Node server with no storage requirements. You can choose between two possible architectures involving Sombra: on-prem (within your firewall) and Transcend-hosted (within a Transcend-owned firewall).

Option A: On-premise

The on-prem architecture guarantees the highest level of security, since hosting Sombra within your firewall ensures no unencrypted data is ever available to Transcend, and you own the keys. By hosting Sombra yourself, the data can only be decrypted by you and by the user requesting their data; Transcend never has access to your keys (the source is available for review so that you may verify these properties). Under this architecture, Sombra sits in your network’s DMZ and can optionally use your key management service such as Amazon KMS to generate and manage data keys on hardware security modules (HSMs).

Option B: Transcend-hosted

If you prefer a full SaaS solution, you can use the Transcend-hosted Sombra. Under this architecture, your data is still encrypted, as we still route all incoming requests through Sombra, which we host in the cloud. In this case, the keys are stored by Transcend’s KMS, meaning we technically have the means to decrypt the data sent to us. As a strict company policy, we never will. Again, Transcend has no interest in your users' data, and we take thorough measures to ensure employees cannot access the data. Our cloud-hosted Sombra instance is in an entirely separate AWS account, which is strictly limited to a small group of Transcend administrators and requires dual approvals for any access.

Whether you use the Transcend-hosted version of Sombra or host it yourself, the API is the same.

Read more

You may request a full system description by contacting [email protected] .