The simple wayencryption your data

Fully managed data encrypting service and annotation
platform for teams of all industries.

Get Started
Expedia
asana
zenefits
HubSpt
loom
What it does

One pipeline.
Every guarantee you need.

Xero is the encryption, annotation, and audit layer that sits between your data and everything that touches it — no rewrite required.

AES-256-GCM
ChaCha20-Poly1305
Ed25519 signatures
emailPII
user_idinternal
payment_tokensecret
timestampaudit
01
Ingest
02
Transform
03
Encrypt
04
Store
admin
readwriteredact
analyst
readwriteredact
external
readwriteredact
GPT-4o
Claude 3.5
Mistral 7B
Custom BERT
09:41:02key.rotatedsys
09:41:18field.redactedadmin
09:42:05access.deniedext
09:42:11export.queuedsiem
Developer-first

Drop it in,
keep your stack.

Six lines and a key. Xero wraps your existing reads and writes — no schema migration, no proxy hop, no surprises in production.

  • SDKs for Node, Python, Go, Rust, and Swift
  • Wraps Postgres, S3, BigQuery, Snowflake, and any HTTP store
  • Sub-millisecond overhead. Cached keys. No round-trip on hot paths
Read the docs
encrypt.ts
// wrap a column with one call
import { xero } from "@xero/sdk";

const client = xero({
  key: env("XERO_KEY"),
  scope: "customers.email",
  policy: "tokenize",
});

const rows = await client.write({
  table: "customers",
  rows: [{ email: "a@x.io", tier: 1 }],
});

// reads stay transparent — keys travel with the role
const { email } = await client.read(rows[0].id);
How it works

Three steps. Zero rewrites.

STEP 01

Connect a source

Point Xero at your warehouse, object store, or app. Read-only by default — we never store the data itself.

STEP 02

Annotate & encrypt

Tag fields with policies. Sensitivity, retention, owner, access scope — everything travels with the row.

STEP 03

Ship with proof

Every read, write, and key event is signed. Audit, replay, or revoke in a single click.

<1ms
Encryption overhead
99.999%
Multi-region availability
12B+
Records sealed monthly
SOC 2
Type II + HIPAA + GDPR
Customer stories

Teams that move without breaking trust.

"

We replaced three vendors and an internal team with Xero. The audit story alone paid for itself in the first quarter.

PA
Priya Aravind
Head of Platform, Lattice Health
"

Field-level keys without changing the schema. We rolled it out in production in eleven days.

MY
Marcus Yi
Principal Engineer, Northbeam
"

Annotations move with the data — that single idea changed how our analysts work. We don't ship without it.

DO
Daniela Okafor
Director of Data, Polara
Pricing

Honest pricing.
Predictable bills.

Pay for what you protect, not for seats. Every plan includes the full encryption + annotation layer.

Starter
$0/ forever

For small teams getting their first column under control.

  • Up to 5M records
  • 3 environments
  • Community support
  • Field-level encryption
Most popular
Team
$890/ month

Everything growing companies need to ship without rework.

  • Unlimited records
  • Unlimited environments
  • BYO keys & HSM
  • Audit export & SIEM hooks
  • Priority support
Enterprise
Custom

Dedicated infra, SLAs, and a deployment engineer in your Slack.

  • Single-tenant deployments
  • Custom data residency
  • 99.99% uptime SLA
  • Dedicated engineer
Questions

Answers, before you ask.

Where do my keys actually live?
On infrastructure you control. Xero never sees plaintext keys — we orchestrate envelope encryption against your KMS, HSM, or BYO provider. If we go away tomorrow, your data is still readable by you.
Do I need to change my schema?
No. Xero wraps existing reads and writes through the SDK. Encrypted fields keep their original column type. Annotations live in a separate signed ledger that links by row id.
What's the latency overhead?
Sub-millisecond on hot paths thanks to in-process key caching. Cold-start a region and you'll see ~5ms once, then steady state.
How does annotation differ from tagging?
Tags describe a column. Annotations describe a value — and they travel with that value through every read, transform, and export. You can scope, expire, and audit each one independently.
Can I self-host?
Yes. The Team plan is cloud-managed; Enterprise can deploy single-tenant in your VPC with the same control plane.
Get started

Encrypt every row.
Audit every move.

Ship the safer pipeline you've been postponing. Free for the first 5M records — no credit card, no demo gate.

Start freeTalk to sales
© 2026 Xero, Inc. All rights reserved.