Encryption Management Platform

Confidential files, always encrypted. Manage your own keys, encrypt, store and share sensitive data across endpoints (Windows, Mac, iOS & Android), public clouds (Box, AWS & Azure) and private clouds.

For US State and Federal Government Agencies

DUNS # 080041915; CAGE # 7HLM3

About Us

KAPALYA empowers businesses and their employees to securely store sensitive files at-rest and in-transit across multiple platforms through a user-friendly desktop and mobile application. This ubiquitous encryption solution protects all your corporate data by seamlessly encrypting files on:

  • End-points computers/mobile devices.
  • Corporate servers and public cloud providers.
  • With KAPALYA, users have the ability to share encrypted files across multiple cloud platforms.
  • Integerated with Box, Amazon S3 and Microsoft Azure.

KAPALYA Solution

  • 01 End-point Security

      The encryption management platform creates a secure vault on user endpoints where:
    • A data classification engine scans the endpoint for sensitive files and prompts users to encrypt.
    • All data within the vault is encrypted.
    • Each file and folder is assigned a unique encryption key.
    • No additional disk or storage space is taken up on the endpoint.

    • The problem with using the encryption offered by public cloud vendors:
    • Vendors will encrypt files at-rest on their cloud, however, files sitting on a user’s endpoint are left unencrypted and vulnerable to attacks.
    • The cloud provider won’t protect your files on endpoints or private clouds.
    • Most cloud providers control the encryption keys, making data visible to their cloud administrators.
    • Some cloud providers allow customers to bring and manage their own keys. However, integrating with a cloud provider’s key management system requires programming which could result in time consuming efforts and if not configured properly, could expose the customer’s data.
    • The Encryption Management Platform is cloud agnostic and uses client-side encryption so files and folders are encrypted before leaving the endpoint. While in-transit, files are double encrypted as they move through an SSL tunnel. Since the user controls the keys, your files are protected from eavesdropping by any third-party, including your cloud storage provider.
    • A unique encryption key per file allows users to share protected files across cloud storage platforms and to other Encryption Management Platform users.

    • KAPALYA creates a secure vault for each user on your private cloud as well, to allow file and folder protection within your network.
    • Your internal corporate administrators do not have privileges to view end-user data.
    • User’s credentials are not tied to the enterprise’s active directory.

    • Key management done differently:
    • One unique key for each file and folder Keys are served in real-time.
    • Keys are never stored on endpoints, public clouds or private clouds. Once the function is complete, the keys are destroyed.
    • This approach allows for encrypted file sharing within and outside your network.
    • When file sharing, only the unique key for that file is shared, not the keys to all your files.

    • KAPALYA’s data classification engine scans 250+ file types for social security numbers, credit card numbers, state I.D.s and driver's’ license numbers. The engine is customizable to identify the sensitive data your organization handles.
    • If confidential data is found sitting on endpoints, the platform will prompt users with a list of files, and options to preview, encrypt or delete. The frequency of scans can be on-demand or programmed to run at certain times or intervals and can be configured based on business needs.




Data is encrypted in-transit and at-rest on endpoints, corporate servers and public clouds.


Out-of-the-box data classification engine scans over 250 file types for sensitive data.


Zero-knowledge encryption masks cloud and corporate admins visibility into your data and encryption keys.


A unique key for each file and folder provides ultimate data security.


Allows end-to-end encrypted file sharing across multiple public cloud platforms.

Save Time & Money

Eliminates the need of managing multiple vendors to secure your data at different points.

How it Works ?

Launch the app on your Windows or Mac computer and the Encryption Management System automatically scans for sensitive data.

Upload and encrypt any confidential data on endpoints (computers/mobile devices), corporate servers and/or public cloud providers.

Securely share your encrypted files, photos and videos through a public cloud provider.

Encryption is based on NSA Suite B Cryptography Standards using a FIPS 140-2 certified virtual key manager (vHSM).

Service Offerings

Kapalya's Differentiators

Cloud Key Management

KAPALYA’s Approach:
Manage your own encryption keys.
Other Vendor's:
Use cloud provider’s encryption keys.

File & Folder Encryption

KAPALYA’s Approach:
Unique key served per file and folder.
Other Vendor's:
One key served per user for all their files.

Key Storage

KAPALYA’s Approach:
Keys are served in real-time and destroyed after encrypting.
Other Vendor's:
Keys could be stored on endpoints or public clouds.

SSL Tunnel

KAPALYA’s Approach:
Files are sent encrypted and through an SSL tunnel.
Other Vendor's:
Files are sent in clear-text via an SSL tunnel.


KAPALYA’s Approach:
Client-side - Files are encrypted on the endpoint before upload.
Other Vendor's:
Server-side - Files are encrypted after data is uploaded.


KAPALYA’s Approach:
Files are encrypted on the end-point, before upload.
Other Vendor's:
Files are in clear text on endpoints and encrypted only when leaving the corporate perimeter.

Role-Based Policies

KAPALYA’s Approach:
Privileged users never have visibility into end-user data.
Other Vendor's:
Access to end user data is defined using role-based policies.

Privileged Cloud Admins

KAPALYA’s Approach:
Cloud admins are masked from viewing all data.
Other Vendor's:
Admins at public cloud providers have visibility into your corporate data.


Executive Management

Sudesh Kumar

Founder &

Saeed Khosravi

Co-founder & CTO

Mohamed Menakbi

VP of Sales & Marketing | EMEA
Sales/Marketing/Business Developer

Emanuele Cerroni

Managing Director

Nixon Sebastian

Pre-sales & Business Developer

Omar Ben Hamadou

Sales Manager

Zia Ismail

Customer Success

Nanci Piazza

Cryptography Engineer

Pulkit Gupta

Full Stack Developer

Imen Joubeli

Front-end Developer

Sarra Benamara

Mobile Developer

Wayne Lewandowski

Senior Cyber Security Sales Leader

Derek Tumulak

Chief Product Officer

Santhana Krishnasamy

Product Leader | Startup Advisor
Board of Directors

Sudesh Kumar

Saeed Khosravi

David Saber

Julio Polanco


Thanh Nguyen



Private Investors



Gold OEM Partner


Integration Partner



US Federal & State Government

Caltrop Middle East

Europe/Middle East/Africa

Contact Us

Contact Us For More Informations



1935A Addison St.
Berkeley, CA 94704


1050 Bishop St.
Honolulu, HI 96813


+1 (808) 728-7508

Your message has been sent. Thank you!

Frequently Asked Questions