We've all read the headlines. And most of us, at some point, have been on the receiving end: a notification email, a letter, a warning that somewhere, somehow, our data was exposed.
Sometimes it feels harmless. An email address. A username. Easy to dismiss.
But sometimes it isn't harmless at all.
A leaked national identity number becomes a fraudulent loan. A stolen medical record becomes leverage in an insurance dispute. Exposed financial data becomes drained accounts, wrecked credit scores, and years spent trying to prove your own identity to institutions that don't believe you. The headline disappears in a week. The damage doesn't.
Identity theft. Financial ruin. Reputational harm. These aren't edge cases. They are the documented, real-world consequences that follow millions of people after every major breach.
Every breach shares the same underlying condition: the data was readable.
The industry has spent decades responding to this with higher walls: better firewalls, stricter access controls, more complex perimeters. The assumption has always been that if you protect the door well enough, what's inside stays safe.
It doesn't work. There are over 26,000 documented breaches on record. The walls keep falling.
The problem isn't the locks on the door.
The problem is that the data is readable at all.
If a database contains nothing but unreadable ciphertext, with the server holding no means to decrypt it, then a breach yields nothing. An attacker can exfiltrate every byte and walk away with data that is cryptographically useless.
That is the problem we set out to solve. Not to make data harder to steal, but to make stolen data irrelevant.
That is Ghostables.
When you see the mark, the data behind it can't be read by anyone who isn't meant to see it.
Ghostables is the security standard for organisations that hold sensitive data. We define how that data should be protected, we build the systems that enforce it, and we accredit the sites and services that meet the bar. "Protected by Ghostables" tells users that a site has sealed its personal data behind the standard — and that an attacker who breaks in walks away with ciphertext, not records.
Standard database encryption protects data at rest and in transit. It does not protect it once someone has legitimate access to the system. Any actor with database credentials can read everything.
When a database is compromised, every record ever stored is exposed. There is no containment window. Data written years ago is as accessible as data written yesterday.
Audit logs can only detect tampering if they are stored independently of the data they protect. An attacker with sufficient access can alter records and the evidence of that alteration at the same time.
Ghostables defines what it means for personal data to be properly sealed at rest, end-to-end. The standard is published, the integrity layer is built into every Ghostables product, and the trust mark is reserved for systems that demonstrably meet the bar. We accredit; we don't pay to be accredited.
The Ghostables Standard sets the technical requirements for data-at-rest encryption, key custody, integrity proofs, and breach-impact containment. Updated openly. Engineered to outlast any single product.
Organisations whose deployments meet the standard are certified by Ghostables. Audits run against the published specification. The certification is renewable, revocable, and continuously checked through the integrity layer.
The customer-facing mark sits on a site or application's footer, login screen, or product page. It links to an independent verification page hosted by Ghostables — anyone can check, at any time, that the certification is current and active.
Traditional certifications expire the day after the audit. Ghostables' integrity layer pings in continuously — the trust mark only stays valid for as long as the system genuinely meets the standard. The moment it stops, the mark goes dark.
Ghostables Ltd is a UK security company. We build the cryptographic infrastructure that meets the standard, we run the certification programme that verifies it, and we operate the registry that powers the trust mark.
We don't sell vague assurances; we publish the standard, the audit criteria, and the verification surface. Customers can independently confirm that a certified site is currently meeting the bar — not just that it once passed an audit two years ago.
Our long-term mission is to make Protected by Ghostables the same instinctive trust signal that “HTTPS”, “ISO 27001”, and “BSI Kitemark” carry today — but with the integrity verified continuously, not annually.
Even if data is exfiltrated, the window of exposure is strictly bounded. A breach yields nothing usable beyond a narrow recent window, and nothing from the past at all.
A breach today cannot expose data from before it happened. Past records stay protected regardless of what is compromised going forward.
Exposure is automatically limited in time. Applications run at full speed and users experience no interruption.
Stored data yields nothing to an observer. Analysis of what is held returns no meaningful information about what it contains.
The server holds nothing it can use. An operator with full system access cannot read what users have stored.
Every record carries proof of integrity anchored outside the organisation. Tampering cannot be concealed, even by the operator.
SDK with support for major databases and frameworks. No application rewrite required. No cryptography expertise needed.
From outside the system, stored data yields nothing usable. An observer gains no meaningful signal from what is held.
The Integrity Layer anchors cryptographic evidence of every database write to a public distributed ledger no database operator controls. Tampering becomes provable to any third party, permanently.
Integrity proofs are anchored to a public distributed ledger outside the control of the database operator. Any tampering — modification, deletion, or insertion — becomes independently verifiable by any third party without trusting the operator.
Every record carries independent proof of integrity. A breach or insider modification cannot be concealed.
Regulators, auditors, and courts can verify record integrity against a public ledger — independently of the organisation that holds the data.
Each existing approach solves one part of the problem. Ghostables is the only architecture combining all seven properties simultaneously.
| Capability | Traditional DB Encryption | Zero-Knowledge Storage | Audit Logging | Ghostables |
|---|---|---|---|---|
| Server cannot decrypt user data | ✗ No | ✓ Yes | ✗ No | ✓ Yes |
| Post-compromise containment window | ✗ All history exposed | ✗ No bounded window | ✗ No | ✓ Bounded window |
| High-frequency key rotation at production scale | ✗ No | ✗ Impractical | — N/A | ✓ Yes |
| Production performance (<50ms latency) | ✓ Yes | ✗ Prohibitive | ✓ Yes | ✓ Yes |
| Traffic analysis resistance | ✗ No | ✗ No | ✗ No | ✓ Yes |
| Tamper detection for direct DB modification | ✗ No | ✗ No | ~ Same trust boundary | ✓ Yes |
| Tamper evidence independent of DB operator | ✗ No | ✗ No | ✗ No | ✓ Public ledger anchor |
Any organisation where a breach of database content carries regulatory, legal, or reputational consequences.
Transaction records and PII protected against insider access and legal compulsion. A breach yields only records an attacker cannot use. Exposure is strictly bounded in time.
Patient records protected in isolation. Ransomware encrypts the primary database — the most recent backup is untouched. Recovery measured in minutes, not weeks.
Privileged communications protected in a way the firm itself cannot undo under compulsion. Record integrity is independently verifiable without relying on the organisation's own systems.
Archive records carry verifiable proof of integrity anchored outside the organisation. Records cannot be altered without detection by an independent third party.
"Protected by Ghostables" changes the breach notification: the attacker received records they cannot use. A verifiable technical guarantee, not a policy promise.
Drop-in SDK for Postgres, MySQL, and the major web frameworks. Adapter-based — no cryptography expertise required. Currently in private beta with select integration partners. Request early access →
Measured under controlled test conditions. Detailed performance data is available on request to partners and prospective customers.
Filed October 2025. Each application covers a distinct novel mechanism in the Ghostables architecture.
The foundational layer that makes stored data cryptographically inaccessible — to attackers, operators, and the infrastructure itself.
A passive defence mechanism that makes stored data unidentifiable and resistant to analysis.
Search and query operations that expose no intent or content to the server or underlying infrastructure.
Encrypted file storage with lifecycle-bound protection that remains sealed at every stage of its existence.
Security properties applied to persistent AI conversation sessions, maintaining protection across context boundaries.
Ghostables works with organisations that hold personal data — fintech, healthcare, membership, e-commerce, government, professional services — to seal that data behind the standard and carry the trust mark. We also licence the integrity layer directly to platforms and SaaS vendors who want their own customers to see “Protected by Ghostables” in their product.
Whether you want to certify a product against the standard, embed the integrity layer into your platform, or talk through deployment for your team, leave your details below and we'll be in touch.
Every enquiry is reviewed personally. We'll respond within two working days.