Frequently Asked Questions

Q.Is SovCore subject to the US CLOUD Act?

A.
No. SovCore B.V. is a Dutch entity with no US parent company. Our infrastructure is hosted exclusively on 100% EU-owned and operated hardware, ensuring complete jurisdictional immunity from the US CLOUD Act. Since we have no technical means to decrypt data, we represent a zero-exposure path for your firm’s most sensitive litigation and M&A files.Learn more about the Sovereignty Gap.

Q.What happens if I lose my EUDI Wallet?

A.
  • Because SovCore is a Zero-Knowledge platform, we never hold a master key to your data. However, sovereignty doesn't mean you're on your own.
  • During your initial setup, we utilize a Sharded Recovery Protocol. You distribute encrypted 'recovery fragments' to two trusted partners of your choice. To restore access, you simply recombine these fragments. This ensures that even if your hardware is lost, your data remains accessible to you—and only you—without SovCore ever having back-end access.What is EUDI?

Q.How does the 'Blinded Server' architecture work?

A.
All encryption and decryption happen in your browser via a sandboxed WebAssembly (WASM) pipeline. The server only sees encrypted blobs of data and metadata. We have no technical means to access your unencrypted files, even if compelled by a court order.

Q.Is SovCore compliant with NIS2?

A.
Yes. SovCore is designed to help legal and medical entities meet the stringent security and reporting requirements of the NIS2 Directive and the 2026 Dutch Cybersecurity Act (Cbw). SovCore is built as a "Security-by-Design" infrastructure. By automating identity verification via EUDI and ensuring Zero-Knowledge storage, we significantly lower your firm's compliance reporting burden for "High-Risk" data processing.Understand NIS2 requirements.

Q.Where are the encryption keys stored?

A.
Nowhere on our servers. SovCore utilizes Client-Side Cryptographic Sovereignty. The encryption keys are derived from the hardware-backed secure enclave of the user’s device (via the EUDI wallet). Even under a subpoena or infrastructure breach, SovCore cannot decrypt any user data because we never hold the 'Master Key.'

Q.What is the performance impact of browser-based encryption?

A.
  • We bypass the standard JavaScript performance bottleneck by using a Multi-threaded WebAssembly (WASM) pipeline.
  • Memory Safety: WASM provides a sandboxed execution environment that is isolated from the main JavaScript thread, significantly reducing the risk of cross-site scripting (XSS) and side-channel timing attacks.

Q.How do you protect my keys from other open tabs in my browser?

A.
Most web apps share a single process with other tabs, creating a potential 'side-channel' for data theft. SovCore uses Cross-Origin Isolation. This is a high-security browser mode that locks our application into a 'Digital Vault' at the hardware-accelerated level. Even if you have a malicious website open in another tab, it is architecturally prevented from peeking into SovCore’s memory space.