All productsLocker

    Store the documents auditors want, with the controls they ask for.

    Envelope encryption, per-tenant keys, region pinning, policy-tied reads. Customer contracts, KYC, wire instructions β€” all safe, all scoped, all logged.

    Every document sealed, scoped, and searchable.

    AES-256 envelope encryption, a tenant-specific KEK, region pinning on upload. You search metadata, you read the plaintext only when policy says yes.

    Locker β€” tenant-scoped documents
    envelope AES-256 Β· per-tenant KEK Β· region eu-west
    encrypted
    document
    size
    key scope
    state
    contract-acme-msa.pdf
    412 KB
    tenant-acme/2026-q1
    sealed
    kyc-sarah-chen.pdf
    2.1 MB
    tenant-acme/kyc
    sealed
    soc2-report-2026.pdf
    6.8 MB
    tenant-acme/compliance
    sealed
    wire-instructions.pdf
    88 KB
    tenant-acme/finance
    sealed
    dpa-globex-signed.pdf
    540 KB
    tenant-globex/legal
    sealed
    Vault
    Envelope AES-256
    Per-tenant KEK
    Region pinning
    Metadata search

    Every read, every share, on the record.

    Reads, downloads, share links, key rotations β€” each one resolved through the same identity and policy model as the rest of Authaz. Cross-tenant attempts die at the door.

    filteralldownloadscross-tenantkey eventsstreaming Β· immutable
    time
    actor
    event
    document
    result
    17:44:02
    sarah@acme.com
    DOC.READ
    contract-acme-msa.pdf
    allow
    17:43:41
    marcus@acme.com
    DOC.DOWNLOAD
    wire-instructions.pdf
    allow
    17:43:02
    eve@globex.com
    DOC.READ
    contract-acme-msa.pdf
    deny
    17:42:20
    legal@acme.com
    DOC.SHARE_LINK
    dpa-globex-signed.pdf
    allow
    17:41:58
    rob@authaz
    KEY.ROTATE
    tenant-acme/kyc
    allow
    17:41:04
    audit@partner.io
    DOC.READ
    soc2-report-2026.pdf
    allow
    Access log
    Immutable trail
    Policy-bound read
    Key rotation log
    SIEM export
    Pairs with

    Locker sits on top of everything else.

    Multi-tenant Organizations
    Every document lives inside a tenant. Cross-tenant access is a policy error, not a bug waiting to ship.
    Explore
    RBAC & Permissions
    Reads and downloads run through the same policy engine as the rest of your product. One model, one audit trail.
    Explore
    Multi-factor Authentication
    Step-up before downloads of sensitive classes β€” KYC, contracts, wire data β€” require passkey re-auth.
    Explore

    Stop emailing contracts and hoping they stay put.

    Locker is included in every plan. Free up to 2,000 monthly active users.