New Product — Nexoryn Security

Protect Your Files
With Military-Grade
Encryption

Nexoryn Vault Pro is a desktop encryption vault for businesses, professionals, and security-conscious individuals. AES-256-GCM encryption. 100% offline. No subscription. No cloud.

100% Offline Windows 10 & 11 No Subscription Built in India
Nexoryn Vault Pro — Client Documents
Dashboard
Files
Passwords
Audit Log
Integrity
Security
24 Files
3.2MB Size
147 Events
Safe Status
🔒 client_contract_2025.pdf AES-256
🔒 tax_records_FY24.xlsx AES-256
🔒 patient_data_confidential.docx AES-256
🔒 legal_brief_sharma_v2.pdf AES-256
Auto-lock in 287s  ·  DPAPI bound  ·  🟢 Unlocked
AES-256-GCM Argon2id KDF HMAC-SHA3 DPAPI / TPM TOTP RFC 6238 DPDP Act 2023 100% Offline Made in India 🇮🇳

Everything you need to
protect sensitive data

Nexoryn Vault Pro combines the most trusted encryption standards with features designed for real-world business use.

🔒

AES-256-GCM Encryption

Every file encrypted with its own unique AES-256-GCM key. Compromising one file never exposes the rest. Same cipher used by banks and governments.

🔑

Argon2id Key Derivation

Passphrase stretched with Argon2id — winner of the Password Hashing Competition. 64MB memory cost makes GPU brute-force practically impossible.

📋

Tamper-Evident Audit Log

Every unlock, file add, extract, and delete is logged in an HMAC-SHA3-256 chained log. Any deletion or modification is instantly detected.

🔩

DPAPI Hardware Binding

Vault master key is sealed to your specific PC via Windows DPAPI and TPM. Copy the vault to another machine — it won't open.

🎭

Decoy Vault Protection

Set a duress passphrase. If forced to unlock, enter it — attacker sees a fake empty vault. Your real data stays completely hidden.

📱

TOTP Two-Factor Auth

Compatible with Google Authenticator, Aegis, and Authy. Require a 6-digit code in addition to your passphrase on every unlock.

🛡

SHA-3 Integrity Checks

SHA3-256 hash of every file stored at time of encryption. One-click integrity check detects if any file has been tampered with outside the vault.

Auto-Lock & Session Control

Vault locks automatically after configurable idle time. Failed attempt counter with lockout. Master key wiped from memory on lock.

🗂

Multi-Vault Management

Create separate vaults for different clients, projects, or departments. Each vault has its own passphrase, audit log, and encryption keys.

🔐

Password Generator

Built-in cryptographically secure password generator using secrets.choice. Generate strong passwords or memorable passphrases instantly.

✂️

Secure File Shredding

Optionally overwrite original files with 3-pass random data before deletion after encrypting. No file recovery possible.

🌐

100% Offline

No internet connection required. No cloud sync. No telemetry. No accounts. Your data never leaves your device under any circumstances.

Defence in depth —
multiple layers of protection

Every layer independently protects your data. Even if one is bypassed, the others hold.

01

Passphrase → Argon2id → Master Key

Your passphrase is never stored. It is stretched with Argon2id (64MB, 3 iterations) into a 256-bit master key — a process that takes ~1 second and makes brute force infeasible.

02

Per-File AES-256-GCM Keys

Each file gets a unique randomly generated AES-256 key. This key is encrypted (wrapped) by the master key and stored alongside the file. No two files share a key.

03

DPAPI Hardware Seal

On Windows, the master key derivation parameters are additionally sealed to your specific PC via DPAPI and TPM. The vault cannot be opened on any other machine.

04

HMAC Audit Chain

Every vault event is written to a tamper-evident log where each entry contains an HMAC of the previous one. Deleting or modifying any past entry breaks the chain.

🖥
GUI — Nexoryn Vault Pro

Dashboard · Files · Audit · Integrity · Settings

CustomTkinter
🔐
Session Manager

TOTP · Auto-lock · Attempt limiting · Decoy

Python
🗂
Vault Engine

Multi-vault · Metadata · Integrity tree

AES-256-GCM
📋
Audit System

HMAC-SHA3-256 chained binary log

Tamper-evident
🔑
Key Manager

Argon2id · Per-file wrapping · Memory wipe

Argon2id
🔩
Hardware — DPAPI / TPM

Machine-bound key seal via Windows TPM

DPAPI

Built for professionals
who handle sensitive data

Any business that stores confidential client files needs Nexoryn Vault Pro.

📊

CA Firms & Accountants

Protect client ITR files, financial statements, audit reports, and tax records. Encrypted per-client vaults with full access history. DPDP Act 2023 compliant.

ITR Documents Financial Records Audit Reports DPDP Compliance
⚖️

Law Offices & Advocates

Encrypt case files, client communications, contracts, and legal briefs. Tamper-evident audit log proves chain of custody. Attorney-client privilege protected.

Case Files Contracts Client Comms Chain of Custody
🏥

Clinics & Healthcare

Secure patient records, diagnostic reports, prescription histories, and medical images. Decoy vault protects patient privacy even under pressure.

Patient Records Diagnostic Reports Medical Images IT Act 2000
🏢

Small & Medium Businesses

Protect employee data, trade secrets, financial projections, vendor contracts, and business strategies from data breaches and ransomware.

Employee Data Trade Secrets Financial Plans Ransomware Defence
🔍

Security Researchers

Store exploit code, credentials, pentest reports, and sensitive findings securely. DPAPI binding prevents evidence from being accessed on seized hardware.

Pentest Reports Credentials Research Files DPAPI Binding
🎓

Educational Institutions

Protect student records, exam papers, fee data, and faculty records. Multi-vault support lets different departments have isolated encrypted storage.

Student Records Exam Papers Fee Data Multi-Vault

One-time purchase.
No subscription. Ever.

Pay once, use forever. No recurring fees, no cloud account, no lock-in.

Individual

₹499
one-time · + GST
  • Single user license
  • All encryption features
  • Multi-vault support
  • Password generator
  • Email support
Get License

Enterprise

₹9,999
one-time · + GST · unlimited PCs
  • Unlimited PC licenses
  • All Business features
  • On-site setup & training
  • Custom deployment
  • Dedicated support
  • Lifetime updates
Contact for Enterprise

All licenses include a signed NDA. International pricing available on request. Contact us for custom enterprise pricing.

Meet your data protection
obligations

Nexoryn Vault Pro helps you meet regulatory requirements for data security in India and globally.

IT Act 2000

Fulfils data protection obligations under the Indian Information Technology Act for businesses handling sensitive personal data.

DPDP Act 2023

Supports compliance with India's Digital Personal Data Protection Act 2023 by encrypting personal data at rest with AES-256.

ISO 27001 Alignment

Encryption at rest, access control, audit logging, and integrity checks align with ISO/IEC 27001 information security requirements.

Healthcare Data

Protects patient health information in line with best practices for clinical data security under Indian healthcare regulations.

Legal Privilege

Attorney-client privilege protected through hardware-bound encryption and tamper-evident audit chain proving document integrity.

Financial Sector

Suitable for CA firms and financial institutions protecting client financial data under ICAI and RBI data security guidelines.

Common questions about
Nexoryn Vault Pro

Is Nexoryn Vault Pro completely offline?

Yes, 100%. Nexoryn Vault Pro never connects to the internet. No files, keys, passwords, or metadata leave your device under any circumstances. All encryption and decryption happens locally.

What happens if I forget my passphrase?

There is no recovery option. This is by design — if there were a backdoor, it could be exploited. We strongly recommend writing your passphrase on paper and storing it in a physically secure location. Consider using a passphrase like "Maple-River-47-Torch-Zebra" that is memorable but strong.

Can I move my vault to another PC?

Yes, but if you have DPAPI hardware binding enabled, you must disable it first. Without DPAPI, the vault can be opened on any PC with the correct passphrase. With DPAPI, the vault is bound to your specific machine's hardware — a security feature for users who want extra protection.

How is this different from BitLocker or WinZip encryption?

BitLocker encrypts the entire drive — if you're logged in, all files are accessible. Nexoryn Vault Pro encrypts individual files with per-file keys, requires explicit authentication, auto-locks on idle, maintains an audit trail, and includes features like decoy vaults and TOTP 2FA that enterprise-grade tools charge thousands for.

Is this suitable for DPDP Act 2023 compliance?

Nexoryn Vault Pro implements AES-256 encryption, access controls, and audit logging — the technical safeguards recommended under the DPDP Act 2023 for protecting personal data. We recommend consulting a legal professional for full compliance assessment specific to your organisation.

Does it work on Mac or Linux?

The current version is optimised for Windows 10 and 11. Most features work on Linux and Mac, but DPAPI hardware binding is Windows-only. Mac and Linux builds are planned for a future release. Contact us if you need a cross-platform deployment.

Built by Nexoryn Security

Start protecting your
files today

One-time purchase. No subscription. No cloud. No compromise. Contact us to get your license and have it set up for your organisation.

Call us: +91 90583 25613  ·  nexoryn.vapt@gmail.com