Skip to main content
New: mintBlue wins Dutch Ministry of Justice fraud verification projectRead the story

Data Sovereignty Meets Enterprise Security.

Privacy Enhancing Technologies (PETs) built into every layer. You control deployment, encryption keys, and data access. Cryptographically enforced, not contractually promised. Trusted by Dutch Tax Authority and UK Tax Authority.

Schedule security reviewExplore platform
Client-Side Encryption

Client-Side Encryption

Data encrypted before it leaves your device.

Self-Sovereign Deployment

Self-Sovereign Deployment

Run on your infrastructure, your rules.

Cryptographic Access Control

Cryptographic Access Control

Permissions enforced by math, not policy.

Zero Vendor Lock-in

Zero Vendor Lock-in

Export everything, anytime, no questions.

Data Sovereignty Meets Enterprise Security.

Trusted by enterprises and governments across Europe

Belastingdienst
Ministry of Justice and Security
National Office for Identity Data
VISMA
Yuki
Dockflow
NOWATCH
Sheltersuit
Intersolve
KvK
mintBlue turned our nightmare of invoice exchanges into a dream of automation. Now we strive to make taxation less of a headache for everyone involved.

Claire Arens

Innovation & Strategy, Netherlands Tax Administration

Netherlands Tax Administration
6 million invoices annually validated and processed automatically. No manual reconciliation. No disputes over what was agreed.

Sebastian Toet

Solutions Architect, VISMA | Yuki

VISMA | Yuki
Real-time, verifiable carbon tracking across our entire supply chain without exposing sensitive supplier data.

Pauline Van Ostaeyen

Cofounder, Dockflow

Dockflow

Why Security Teams Choose mintBlue

Privacy Enhancing Technologies with mathematical proof, not contractual promises.

01

Self-Sovereign Deployment

On-premise, your cloud, or mintBlue-hosted. You choose. You control. Dutch Tax Authority required on-premise with zero cloud dependencies. UK Tax Authority needed multi-cloud redundancy. Both deployed on mintBlue.

02

Client-Side Encryption

Password-based key derivation encrypts user keys client-side. mintBlue never accesses your keys directly. If mintBlue is compromised, attackers get only encrypted data, useless without your keys.

03

Cryptographic Access Control

Privacy Enhancing Technologies in action: multiparty encryption defines data access per partner, auditor, or regulator. Zero-knowledge proofs prove compliance without disclosing data. Selective disclosure shares only what is needed. Mathematics enforces permissions, not application logic.

04

Zero Vendor Lock-in

Base blockchain plus overlay networks. Not tied to specific cloud provider. Can operate without blockchain if needed. Complete data export capability. You control the exit, not us.

Schedule security review

From Policy-Based to Proof-Based Security

Traditional platforms rely on application logic to enforce permissions. One vulnerability exposes everything. Cloud SaaS means trusting vendors with your data. Blockchain consortiums lock you into specific networks. Self-hosting means building everything yourself.

mintBlue eliminates this trade-off with cryptographic guarantees.

Policy-Based Security

  • Application-layer access control
  • Vendor has access to encryption keys
  • Trust depends on contractual promises
  • Platform compromise exposes all data

Proof-Based Security

  • Cryptographic access control
  • Client-side encryption (zero vendor access)
  • Mathematical guarantees, not promises
  • Platform compromise yields only ciphertext

How Your Data Stays Yours

Client-Side Encryption Flow

From authentication to encrypted payload. mintBlue infrastructure handles only ciphertext.

User Authentication (Local)
Schedule security review
  • 01

    User Authentication (Local)

    User authentication happens in browser or client application. PBKDF2 key derivation with 100,000+ iterations generates encryption key from password.

  • 02

    Key Derivation (Client-Side)

    Password derives AES-256-GCM encryption keys locally. Keys never transmitted over the network. Everything happens in your browser before any data leaves your device.

  • 03

    Data Encrypted Before Transmission

    Data encrypted in browser with your keys before any network transmission. Authenticated encryption with associated data (AEAD) ensures integrity. mintBlue receives only ciphertext.

  • 04

    Authorized Decryption Only

    Only authorized clients with correct keys can decrypt. Multiparty encryption lets you define per-partner access cryptographically. Revoke access by revoking keys.

  • Zero-knowledge architecture: platform operates on ciphertext

    AES-256

    Encryption standard

    FIPS 140-2

    Key management

    Zero

    Vendor key access

    HSM

    Hardware integration

Deploy Your Way

Three deployment options. Same security guarantees. You choose what fits your requirements.

On-Premise

On-Premise

Complete infrastructure in your data center. Zero cloud dependencies. Full air-gap capability. Proven with Dutch Tax Authority.

Learn more
Client Cloud

Client Cloud

Deploy to AWS, Azure, GCP in your account. Your cloud, your encryption keys. Multi-cloud redundancy supported. UK Tax Authority runs multi-cloud.

Learn more
mintBlue-Hosted

mintBlue-Hosted

Managed infrastructure with same security guarantees. 99.95% uptime SLA. You still control encryption keys. Fastest path to production.

Learn more

Regulatory Compliance by Design

Security architecture validated by government agencies across Europe. Every action logged with cryptographic proof. Complete accountability built into the infrastructure layer.

Schedule security review

Compliance standards

eIDAS logo
GDPR logo
EBSI logo
Peppol logo
eIDAS logo
GDPR logo
EBSI logo
Peppol logo
eIDAS logo
GDPR logo
EBSI logo
Peppol logo

Security Questions

Data Protection

Architecture

mintBlue platform illustration

Enterprise security

Ready for Enterprise-Grade Security?

Free security architecture review for qualified enterprises and government agencies. Our team helps you design deployment that meets your security requirements.

Schedule security reviewExplore the platform