S3-Compatible Storage on a Peer-to-Peer Network
Use your existing S3 tools with your self-hosted gateway. Same API, your endpoint. Encrypted by default.
Any file, any size. Encrypted before it leaves your device.
A unique fingerprint derived from your file's contents.
A permanent link. Valid as long as your content is pinned.
Any file, any size. Encrypted before it leaves your device.
A unique fingerprint derived from your file's contents.
A permanent link. Valid as long as your content is pinned.
Drop-In Replacement
Change Your Endpoint, Keep Your Tools
Encrypts and distributes your files
Host A
Encrypted shard
Host B
Encrypted shard
Host C
Encrypted shard
Host D
Encrypted shard
Encrypts and distributes your files
Host A
Encrypted shard
Host B
Encrypted shard
Host C
Encrypted shard
Host D
Encrypted shard
Zero-Knowledge Encryption
Encrypted by Default

Predictable Pricing
No surprise bills
What you can store
Use the S3 tools you already have, on a network you control.
Backups & Disaster Recovery
Automated backups to S3-compatible storage on a peer-to-peer network. Use rclone, restic, or any S3 backup tool you already run. Encrypted by default, no surprise bills.
Start StoringPrivate AI & RAG Pipelines
Store embeddings, vector databases, and knowledge bases through your own gateway. Your data is encrypted locally before it leaves your server. You control the keys.
Start StoringAgency Client Files
Keep sensitive client documents on storage you control. Deploy your own gateway, use your existing S3 tools, and maintain custody of your encryption keys.
Start StoringFrequently Asked Questions
Deploy the gateway appliance on your server, then change your endpoint URL and credentials to point at it. That's it. AWS CLI, boto3, rclone, Terraform, and any S3-compatible tool will work. Your buckets, objects, and access patterns stay the same.
We support the core S3 operations: CreateBucket, ListBuckets, PutObject, GetObject, DeleteObject, ListObjects, and multipart uploads. The S3 implementation is part of the Sia network's open-source software. If you need an operation that isn't supported yet, let us know and we'll pass the feedback to the team.
Your gateway appliance encrypts files locally before anything leaves your server. The encryption key lives on your machine. Not in our database, not on the Sia storage hosts. They only see encrypted fragments.
Any tool that speaks the S3 API works: AWS CLI, boto3, rclone, s3cmd, Cyberduck, Terraform's AWS provider, MinIO client, and language SDKs for Go, Python, JavaScript, Java, and more. Just point them at your gateway's endpoint.
Yes. You deploy your own gateway appliance that handles encryption locally. A simpler 1-click setup is in development. Subscribe to get notified when it's ready.
Your endpoint. Your keys. Your data.
Encrypted by default. Predictable pricing. S3-compatible.
