Enterprise customers can now bring their own encryption keys via AWS KMS. Keys remain in your AWS account; OnePointe encrypts and decrypts via your grant. You can rotate, revoke, or audit access independently of us.
- AWS KMS integration with cross-account grants
- Quarterly key rotation supported (manual or automatic)
- Revocation = immediate cryptographic deletion of access
- Compliance documentation updated for SOC 2 evidence