Checking relay status...

Encrypted transport
that burns itself.

Post-quantum file transfer for healthcare, legal, and critical infrastructure. Data lives in RAM only — retrieved once, then gone forever.

ML-KEM-768
NIST FIPS 203
ML-DSA-65
NIST FIPS 204
AES-256-GCM
Symmetric
HKDF-SHA256
Key derivation
Burn-on-read
RAM-only
5MB padding
DPI masking
Hetzner DE
EU jurisdiction
Live network

Ghost Pipe — real-time transport

Public feed. Every dot is an encrypted blob in transit across the relay network. Data is destroyed on arrival.

Relay pipeline
Health
Legal
Finance
IoT
Fly.io
Node map
EU/DE · Anycast
AMS FRA Hetzner DE ARN Stockholm CDG Paris ORD eval Fly.io 6 nodes
AMS
NL
FRA
DE
ARN
SE
CDG
FR
ORD
eval
Fly.io
edge
Certificate Transparency Log
Every transfer is recorded in a public Merkle tree — without storing the content. Cryptographic proof of delivery, visible to anyone.
View live CT log →
Sectors & problems

Real problems. Real stakes.

Each sector has a data transport problem existing solutions cannot solve without leaving traces. Ghost Pipe is running today — two commands and it works.

Healthcare

Problem

MRI and CT scanners produce DICOM files that must reach the radiologist in milliseconds. SFTP leaves files on server. S3 is plaintext at rest. VPN breaks at firewalls. A breach costs €4.2M on average and triggers NEN 7510 liability.

Solution

DICOM → Ghost Pipe → PACS. The file exists only for the duration of the transfer, then burns. No NEN 7510 audit trail needed — there is nothing to audit.

# DICOM gateway — runs today
python3 dicom-gateway.py --port 8090 --device mri-001
# receiver → PACS
python3 paramant-receiver.py --forward https://pacs.hospital/api
Coming soon
Legal & Notary

Problem

Lawyers send contracts over email (unencrypted), WeTransfer (stored), or secure email (still stored somewhere). The moment a file lands on a server it can be subpoenaed, hacked, or leaked. Legal professional privilege does not survive a server breach.

Solution

Contract → Ghost Pipe → counterparty. After the notary retrieves the document it is cryptographically gone. The Merkle audit log proves delivery without storing what was delivered — admissible under eIDAS.

# send signed contract
python3 paramant-sender.py --key pgp_xxx --device notary-01 contract.pdf
# counterparty receives once — then gone
python3 paramant-receiver.py --key pgp_xxx --device counterparty-01
Coming soon
Industrial IoT / OT

Problem

PLCs and SCADA sensors send energy consumption, process temperatures, and production volumes. Plain MQTT leaks competitive intelligence. VPNs add latency and fail at scale. IEC 62443 requires encrypted transport with device identity. OT networks cannot have direct IT connections.

Solution

Sensor → Ghost Pipe → SCADA dashboard. Sub-100ms via NATS push. No VPN, no certificates, no IT overhead. Works on ESP32 and Raspberry Pi. Ghost Pipe acts as a quantum-safe data diode — OT never touches IT directly.

# PLC heartbeat every 15s
python3 paramant-sender.py --heartbeat 15 --device plc-factory-01
# forward to SCADA
python3 paramant-receiver.py --forward https://scada.intern/api
Coming soon
Finance & Compliance

Problem

Banks send KYC documents and signing keys over TLS — but the transport provider still sees metadata, timing, and payload size. US CLOUD Act means any US-hosted service can be compelled to hand over data. NIS2 and DORA require an auditable, tamper-proof delivery chain.

Solution

All traffic on finance.paramant.app runs exclusively on Hetzner Frankfurt. No US infrastructure. 20MB fixed padding means all transfers look identical. The Merkle audit chain gives per-transaction proof of delivery — verifiable without knowing the content.

# watch directory, auto-send new files
python3 paramant-sender.py --watch /export/iso20022/ --device bank-nl-01
# forward to compliance system
python3 paramant-receiver.py --forward https://compliance.bank.nl/api
Coming soon
9
relay nodes live
20MB
fixed padding
0
bytes stored
<100ms
delivery via NATS
Works today. No SDK required.
pip install cryptography  ·  two terminal commands  ·  no infra changes
View API docs →
Pricing

Simple. Per relay. No data fees.

You pay for access to the relay network — no fees per blob, no storage costs, no egress charges. Pay with money, not with your data. Or your customers'.

DEV
€9.99 / month
Cancel anytime
Send files. They vanish after opening.
  • + Up to 500MB per transfer via ParaShare
  • + Post-quantum encrypted transport
  • + 1 device
  • + One-time download links — burn on read
  • + Certificate Transparency log — proof of delivery
  • + No storage. No logs. No trace.
Coming soon
PRO
€49 / month
Cancel anytime
For teams handling data that must never be seen twice.
  • + Everything in Dev
  • + 3 devices included
  • + Extra device: €12/mo per device
  • + Team management — één factuur
  • + Unlimited devices + unique device identities
  • + Automatic webhook — notify your system on delivery
  • + Password-protected transfers
  • + Compliance audit export (JSON + CSV)
  • + Live monitor dashboard
  • + WebSocket streaming — sub-100ms delivery
  • + Priority relay access
Coming soon
Extra device: €12/mo Coming soon
ENTERPRISE
Custom
Volume and SLA pricing
For regulated industries — healthcare, legal, finance.
  • + Everything in Pro
  • + Dedicated relay — your data never shared with others
  • + DICOM / FHIR integration for medical systems
  • + NEN 7510 / IEC 62443 compliance documentation
  • + SLA 99.9% + priority support
  • + On-premise relay option
  • + Kubernetes operator
Contact us