Encrypted Client Intake, File Exchange, and Card Collection. No Login Friction.

Collect, Manage, and Share
Customer Data Securely

Collect cards, documents, and signatures through branded secure links, automatically encrypted, audit logged, and isolated per tenant.

Contact Sales Explore Features
WebAuthn Passkeys
AES-256 Encryption
Multi-Tenant Isolated
Audit Logged
Product

See Customer Vault in Action

A modern, secure interface your team and customers will love. Here's what the experience looks like.

app.enigmavault.io/customers
Customer management dashboard with search and filtering

Search, filter, and manage all customer records from a single dashboard. View associated cards, files, and activity at a glance.

app.enigmavault.io/customers/cust_29xK4m
Customer profile with details, card entry, and linked records

Centralized customer records with tokenized cards, encrypted files, signatures, and notes all linked to a single profile.

app.enigmavault.io/intake/acme-corp
Branded public intake form with signature capture and card entry

Customers submit cards, files, and electronic signatures through branded intake links. No account or login required.

app.enigmavault.io/inbox
Staff inbox showing incoming customer submissions with assign and delete actions

Review incoming submissions in real time. Assign to customer profiles, add notes, and track processing status from a shared team inbox.

app.enigmavault.io/files
Share file dialog with password protection and delivery method options

Share files with customers through expiring, password-protected links. Full download tracking and audit trail on every file.

app.enigmavault.io/customers/cust_29xK4m
Customer profile with custom sensitive data fields tokenized through Data Vault

Define custom sensitive fields like SSN, Driver's License, and Tax ID per tenant. Values are automatically tokenized through the Data Vault and can be revealed, hidden, or deleted from customer profiles.

Features

Everything You Need to Manage Customer Data

From branded intake forms to secure file sharing, Customer Vault gives your team the tools to handle sensitive data without the security headaches.

Branded Intake Forms

Create public intake links that let customers submit cards, files, and signatures without needing an account. Branded with your company name and customizable per tenant.

  • No customer account or login required
  • Collect payment cards, documents, signatures, and custom sensitive fields
  • HTML sanitization on all submitted content
  • CAPTCHA protection against abuse

Customer Profiles

Centralized customer records with associated cards, files, signatures, and notes. Assign intake submissions to existing or new customer profiles.

  • Cards, files, and signatures linked per customer
  • Search and filter across all customers
  • Custom notes and metadata per record
  • Bulk operations and pagination

Staff Inbox

Review incoming intake submissions in a shared inbox. Assign submissions to customer profiles, add notes, and track processing status.

  • Real-time submission feed
  • Assign to new or existing customers
  • Status tracking per submission
  • Staff notes and internal comments

Secure File Sharing

Configurable expiration policies (24-hour default) with optional password protection and full audit tracking.

  • Configurable link expiration (24-hour default)
  • Optional password protection
  • Download tracking and audit trail
  • Files encrypted via Enigma Vault API (AES-256-GCM)

Custom Sensitive Fields

Define custom sensitive data fields per tenant that are automatically tokenized through the Enigma Data Vault API. Collect and protect PII beyond payment cards.

  • Presets for SSN, Driver's License, Passport, DOB, and Tax ID
  • Custom regex validation for any field type
  • Values tokenized automatically via Data Vault
  • Reveal, hide, and delete from customer profiles

Electronic Signatures

Capture electronic signatures from customers through intake forms. Signatures are stored securely and linked to customer profiles.

  • Canvas-based signature capture
  • Signatures linked to customer records
  • Encrypted storage with audit trail
  • Collect via intake forms or directly

Multi-Tenant Architecture

Each tenant gets fully isolated data, authentication, and encryption. Isolated data partitioning with dedicated authentication per tenant.

  • Per-tenant data isolation
  • Dedicated authentication per tenant
  • Tenant-branded interface
  • Role-based access control per tenant
The Problem

Stop Collecting Sensitive Data Through Email

Email, fax, and shared drives are…

  • Not encrypted end-to-end
  • Forwardable to anyone
  • Hard to audit
  • Permanently stored in inboxes
  • A PCI and compliance risk

Customer Vault replaces them with…

  • Encrypted intake links
  • Expiring downloads
  • Tokenized card capture
  • Audit-ready logs
Use Cases

Designed for Organizations in Regulated and Compliance-Sensitive Environments

Any organization that collects customer information, payment cards, documents, or signatures can replace insecure email and paper workflows with Customer Vault.

Health Clinics & Medical Practices

Collect patient intake forms with insurance cards, signed consent forms, and medical history before appointments. Share test results and treatment plans through expiring, password-protected links instead of unsecured email.

Private Clubs & Membership Organizations

Onboard new members with branded intake forms that collect payment cards for dues, signed membership agreements, and ID documents. Manage member profiles with cards and files linked to each account.

Restaurants & Hospitality

Manage catering clients and event bookings with secure intake forms. Store corporate client payment cards for recurring orders, collect signed contracts for private events, and share invoices through secure links.

Travel Agencies

Collect passport copies, travel insurance documents, and payment cards from travelers via branded intake forms. Share itineraries, booking confirmations, and visa documents through time-limited secure links.

Law Firms & Legal Services

Collect signed retainer agreements, sensitive case documents, and payment information from clients. Share legal filings and contracts through password-protected, expiring links with full download audit trails.

Accounting & Tax Firms

Securely collect W-2s, bank statements, and financial records from clients via encrypted intake forms. Share completed returns and financial reports through password-protected links instead of email attachments.

Property Management

Process rental applications with signed leases, ID copies, and security deposit payments through branded intake forms. Manage tenant profiles and share maintenance documents or renewal agreements securely.

Insurance Agencies

Process new policy applications with intake forms that collect signed disclosures, identification documents, and payment cards. Share policy documents and claims correspondence through secure, auditable links.

How It Works

Three Steps to Secure Customer Data

From intake to management, Customer Vault handles the security so your team can focus on your customers.

1

Create an Intake Link

Generate a branded, public intake link for your customers. They can submit cards, upload files, and sign documents without creating an account.

2

Customer Submits

Customers fill out the secure intake form. All data is encrypted in transit and at rest. Submissions appear in your staff inbox instantly.

3

Staff Manages

Your team reviews submissions, assigns them to customer profiles, shares files securely, and manages ongoing customer relationships.

Security

Built for Sensitive Data

Customer Vault is built on Enigma Vault's encryption platform with additional layers of authentication, access control, and audit logging. Customer Vault enforces a hardened trust boundary between your staff, your customers, and sensitive data.

WebAuthn Passkeys

Staff authenticate with FIDO2 WebAuthn passkeys. No passwords to steal, phish, or brute force. Hardware-backed security by default.

Enforced MFA

Multi-factor authentication is mandatory for all staff accounts. TOTP as a fallback when passkeys are unavailable. No opt-out.

Tenant Isolation

Each tenant operates in complete isolation. Separate authentication, data partitions, and encryption keys per tenant.

Activity Audit Logging

Every user action is logged with user ID, action type, timestamp, and affected resources. Full compliance audit trail.

PCI Scope Reduction

Cards are tokenized immediately through the Card Vault. The full card number is never returned to your application. Card data is removed from internal systems and sensitive payment data stays outside your CRM and databases. Simplify audits by offloading PCI scope entirely.

Encrypted at Every Layer

Every file is encrypted with AES-256-GCM envelope encryption through the Enigma Vault API, and every card is tokenized the moment it enters the Card Vault. Data is protected at rest and in transit. Plaintext never touches your infrastructure.

Technology

Built on Enigma Vault

Customer Vault is powered by the same encryption engine that runs the Enigma Vault API. Enterprise-grade security with zero compromise.

Real-Time Web Application

Responsive, interactive interface that updates instantly. No page reloads, no lag. Just a fast, modern experience for your team.

Identity & Authentication

User authentication and management with dedicated identity pools per tenant. WebAuthn and TOTP support built-in.

Cloud-Native Storage

Serverless data storage for records and encrypted files. Scales automatically with usage.

Enigma Vault API

File encryption, card tokenization, and presigned URL generation powered by the same API available to developers.

For Developers

Embed Customer Vault in Your Application

Create customers, generate secure intake links, and receive real-time webhook notifications — all through the Enigma Vault API. Your customers fill out a branded intake page. You get notified the moment they submit files, cards, signatures, or sensitive data.

integrate.sh 
# Authenticate
TOKEN=$(curl -s -X POST \
  https://api-auth.enigmavault.io/oauth2/token \
  -d "grant_type=client_credentials" \
  -d "scope=io.enigmavault/customervault" \
  | jq -r .access_token)

# Create a customer and get their intake link
curl -X POST \
  https://api.enigmavault.io/customervault/customers \
  -H "Authorization: Bearer $TOKEN" \
  -H "x-api-version: 1.12" \
  -H "Content-Type: application/json" \
  -d '{"externalId":"cust-001","firstName":"Jane","lastName":"Doe","email":"jane@example.com"}'

# Response:
# {
#   "customerId": "a1b2c3...",
#   "intakeUrl": "https://app.customervault.io/intake?customerId=a1b2c3...&tenant=acme"
# }

# Check intake status
curl -X GET \
  https://api.enigmavault.io/customervault/customers/cust-001 \
  -H "Authorization: Bearer $TOKEN" \
  -H "x-api-version: 1.12"

# Response: { "status": { "fileCount": 2, "cardCount": 1, ... } }

Real-Time Webhooks

Get notified instantly when files are uploaded, cards submitted, signatures captured, or custom fields saved. Every payload is signed with HMAC-SHA256 so you can verify authenticity.

Customer Status Polling

Check intake progress with lightweight counts or request full detail mode for file names, card tokens, signature timestamps, and field values. Look up customers by your own external ID.

Self-Service Webhook Config

Configure your webhook URL and shared signing secret directly through the API. No admin portal access needed. Your secret is write-only — it can never be read back.

Ready to Get Started?

Whether you need a turnkey intake platform or want to embed Customer Vault into your own application, we can help.

Contact Sales API Documentation Explore the API
Get in Touch

Let's Talk Security

Have questions about Enigma Vault, need a custom plan, or want to see a live demo? Fill out the form and our team will get back to you within one business day.