SOVEREIGN · ON-PREMISES · NO VENDOR DATA EGRESS
Vespertil

Sovereign security for Indian enterprises

Contained by construction.

Most security tries to detect the attack. Vespertil contains it. Risky work runs inside a hardware-isolated boundary on infrastructure you own. No telemetry leaves the country, and your data never reaches us.

Request Vesper early accessBecome a HyperGate design partner
containment_boundary.svgyour infrastructure
HARDWARE-ISOLATED VMPayloadVesperChromiumor an appProxyTLS-termDLPchokepointAudithash-chainedvalue-freeInternetinspectedGolden image verified before bootNothing reaches the vendor
01 / THE ARGUMENT

Containment over detection.

The default posture is to chase the threat: detect it, block it, watch the browser for it. It keeps losing, because it has to recognize the attack first.

Vespertil takes the other approach. Isolate the risky activity inside a hardware boundary, so a compromise is contained whether or not anyone saw it coming.

02 / SOVEREIGNTY

Sovereignty is a property of the architecture.

Sovereignty is decided by where data lives and who controls the infrastructure, not by a checkbox. Vespertil is built in India, by an Indian company, for Indian enterprises.

Everything runs on your own infrastructure. No browsing, content, or audit data reaches us, and no telemetry leaves the country. A foreign vendor cannot make that promise, because jurisdiction and geography decide it, not policy.

03 / THE EVIDENCE

A defensible record that is never a second copy of your data.

Every mediated event is written to a hash-chained, tamper-evident audit. By design it records the finding type, classifier, count, action, site, identity, and timestamp, and never the matched content itself. You get a compliance record without the audit log becoming a second copy of the sensitive data it was meant to protect.

audit_record #00482hash-chained
timestamp
2026-06-21T14:32:08Z
identity
user: [email protected]
site
upload.example.com
classifier
pan_card
finding / count
match / 2
action
blocked
matched value
omitted by design

// the matched-value field is absent, not redacted. The sensitive data is never written.

04 / PRODUCTS

Two products. One control plane.

ProductWhat it isStage
HyperGate NativePer-device isolationPer-device hardware isolation on Windows, through the Windows Hypervisor Platform. The strongest per-user form.In development · design partner
HyperGate ServerCentralized isolationCentralized isolation on your own servers, with users connecting as thin clients. For untrusted endpoints and central control at scale.Roadmap
VesperSovereign browserA browser on Gecko, the one major engine both open source and independent of Google. De-googled, no foreign telemetry, controllable by the enterprise. Runs standalone or inside HyperGate.Early access · October 2026

Governance lives at the containment boundary, not inside the browser, so the controls apply to whatever runs in the box: stock Chromium for an enterprise whose internal applications assume it, an untrusted attachment, or a legacy desktop application that should not run on the host.