TRUST & SECURITY · HOW THE CONTAINMENT WORKS
Vespertil

Trust & Security

How the containment actually works.

Vespertil’s security is structural, not a set of promises. This page describes the design of record: how the system is architected, end to end, on the customer’s own infrastructure.

// This page describes how the system is designed. Stage labels throughout show where each product is today.

01 / CONTAINMENT MODEL

A boundary enforced below the operating system.

The risky activity runs inside a hardware-isolated virtual machine: a genuine isolation boundary enforced by the hypervisor, not a software sandbox inside a browser. A compromise inside the box is contained by construction. It does not reach the host.

HyperGate Native

Isolation through the Windows Hypervisor Platform on the user's own device.

HyperGate Server

Isolation through server virtualization on the customer's own servers. Thin clients connect.

02 / THE DATA FLOW

One path out, and it is inspected.

The payload runs inside the isolated VM. All network egress leaves through a TLS-terminating inspection proxy at the boundary, where DLP policy is enforced. Activity is recorded in a value-free, tamper-evident audit. Nothing reaches the vendor. Everything stays on the customer’s infrastructure.

FIG 1 · the containment boundary and data flow
YOUR INFRASTRUCTURE · NO VENDOR EGRESSHARDWARE-ISOLATED VMPayloadVesperChromiumor an appInspection proxyTLS-terminatingDLP enforcedsingle chokepointValue-free audithash-chainedfinding type onlynever contentInternet(inspected)Golden image verified before boot · ephemeral scratch discarded on shutdown · keys bound to device
03 / THE ISOLATED VM

Verified at boot, ephemeral by default.

Golden image

The VM boots from a read-only golden image, verified by signature and hash before it is allowed to run. A tampered or unrecognized image does not boot.

Ephemeral scratch

Discarded on shutdown. The workspace returns to a known-good state each session, so there is no persistent state for malware to occupy.

Encrypted user volume

One persistent user-data volume, the only persistent state, with its key bound to the device through DPAPI and the TPM.

04 / EGRESS AND DLP

A single chokepoint that fails toward enforced.

Egress is forced through a TLS-terminating proxy that is the single point for inspection and DLP policy enforcement. There is no other path out of the box. Security controls fail toward staying enforced rather than toward letting traffic through.

05 / VALUE-FREE AUDIT

A defensible record that is never a second copy of your data.

The audit trail is hash-chained, so any tampering is detectable, and value-free by design. It records the finding type, classifier, count, action, site, identity, and timestamp, and never the matched content itself. You get a defensible compliance record without the audit log becoming a second copy of the sensitive data it was meant to protect.

audit_record #00482hash-chained
timestamp
2026-06-21T14:32:08Z
identity
user: [email protected]
site
upload.example.com
classifier
pan_card
finding / count
match / 2
action
blocked
matched value
omitted by design

// the matched-value field is absent, not redacted. The sensitive data is never written.

06 / CONTROL PLANE

Authored centrally, signed, verified on the endpoint.

Policy is authored and signed centrally, then distributed to endpoints that verify it before use. A management admin console governs policy, fleets, and audit. Licensing is offline-verifiable, with no phone-home required. The control plane is shared across the product family.

07 / SOVEREIGNTY POSTURE

No vendor data egress. Ever.

Everything runs on the customer’s own infrastructure. Vespertil does not receive customer browsing, content, or audit data. Sovereignty is a property of the architecture, not a policy promise, because the data has no path to us in the first place.