PARAMANT

Post-Quantum Encrypted File Relay

ML-KEM-768 Burn-on-read EU hosted NIS2 ready

Sensitive files in transit are your biggest audit risk.

Email attachments linger in inboxes, cloud shares remain accessible long after a deal closes, and legacy transfer tools have no post-quantum protection. One breach exposes patient records, legal strategy, or industrial controls — and triggers mandatory reporting under NIS2, DORA, and NEN 7510.

Solution

Use Cases

Healthcare Patient data & imaging DICOM, EPD exports, and lab results — compliant with NEN 7510 and AVG. One-time links, logged in the CT chain.
Legal Contracts & discovery Send due-diligence packages under eIDAS-compliant identity. Files vanish after counsel opens them.
Finance Reports & SWIFT documents DORA-ready audit trail. Every transfer timestamped and included in an immutable Merkle log.
Industrial IoT Firmware & config push IEC 62443-aligned. Signed device identity, Ghost Pipe streaming for bandwidth-constrained edges.

Technical Specifications

Key exchangeML-KEM-768 + ECDH P-256 hybrid (FIPS 203 draft)
Symmetric cipherAES-256-GCM with per-file random IV
IntegrityMerkle CT log, SHA-256 leaf hashes
Relay identityML-DSA-65 self-signed certificate
TransportTLS 1.3, optional WebSocket streaming
File sizeUp to 5 MB (padded to hide true size)
InfrastructureHetzner Falkenstein DE, no US sub-processors
LicenseBUSL-1.1 CE (≤5 users free), Pro key for unlimited

Compliance

NIS2 Incident reporting, audit logging, and post-quantum transport satisfy NIS2 Annex I & II obligations.
NEN 7510 Healthcare information security standard met via end-to-end encryption, burn-on-read, and access logging.
DORA Immutable CT log and resilient multi-relay architecture support DORA ICT risk management requirements.
IEC 62443 Signed device identities, segmented relay sectors, and encrypted OT/IoT payloads align with IEC 62443-3-3.

Pricing

Community
Free
Self-hosted, open source
Professional
€149/mo
Managed or self-hosted
Enterprise
Custom
On-premise or private cloud