Control plane for product analytics — zero data exposure, full insight

Product Analytics

Control Plane

Zero data knowledgeEnd-to-End encryptionComposable analytics

Modern SaaS product analytics with end-to-end encryption — your data stored in your stack, not ours.

Get Early AccessView Architecture
0
bytes of plaintext stored
E2E
encrypted at source
composable dashboards
how it works

Zero-Knowledge by Design

Every byte of analytics data is encrypted before it reaches us. Your private key never leaves your infrastructure — making it physically impossible for Enspect to read your data.

01 / Ingestion
01
your browser
Your App
SDK Layer

The Enspect SDK encrypts every analytics event with your public key (AES-256-GCM) before it leaves the browser. No plaintext ever hits the wire.

AES-256-GCM
02
enspect cloud
Ingestion
Enspect Layer

Encrypted payloads arrive at Enspect. We handle auth, rate limiting, queuing, and routing — operating on ciphertext only. We see zero plaintext data.

Zero knowledge
03
your infrastructure
Client API
Your Infra

A lightweight API deployed in your own infrastructure. Holds the private key. Decrypts the payload and writes clean rows into your ClickHouse instance.

Private key
04
your database
ClickHouse
Your Data

Data lands in your ClickHouse instance, running on your servers. Fully owned, fully queryable. Enspect dashboards query it directly — never staging a copy.

Your servers
02 / Dashboards & Queries

Dashboards query your data directly

Chart and dashboard metadata (schema, queries, layout) is stored with Enspect. When you open a dashboard, the query is routed to your Client API, which hits your ClickHouse — and the result is streamed straight back to your browser.

Enspect never receives query results. We are a pure control plane — metadata and routing, never data.

Enspect storeschart metadata, query templates, layout
Enspect never seesquery results, event payloads, user data
query request path
Enspect Dashboard
metadata only
Client API
your infra
ClickHouse
your data
query results
direct to browser ↩

Verifiable zero knowledge. You can audit every request your Client API receives. Enspect's inability to read your data is architectural, not just a policy.

why enspect

The Privacy-First Analytics Stack

Built for companies that take data sovereignty seriously — without sacrificing the analytics depth you need to build great products.

01

Zero Knowledge

We never see your data. Architecturally.

Enspect operates on ciphertext. We process encrypted payloads and route them to your infrastructure — making it physically impossible for us to read event data, query results, or user attributes.

  • Encrypted at source in the SDK
  • Ciphertext-only ingestion
  • Auditable by design
02

Client-Deployed API

Your infrastructure. Your private key.

Deploy a lightweight API into your own cloud or on-premise environment. It holds your private decryption key — Enspect never touches it. Every write into ClickHouse flows through your code.

  • Docker image, K8s-ready
  • Private key stays in your VPC
  • Bring your own ClickHouse
03

End-to-End Encryption

Encrypted before it leaves the browser.

Every analytics event is encrypted client-side with AES-256-GCM using your public key before the HTTP request is made. Transit encryption on top of payload encryption — defense in depth.

  • AES-256-GCM per-event
  • Public/private key pairs
  • No plaintext in transit
04

Composable Analytics

Any chart. Any query. Your schema.

Build dashboards, funnels, retention curves, and custom SQL reports. Chart metadata and query logic live in Enspect; the actual data execution happens in your ClickHouse — composable without compromise.

  • SQL-native query engine
  • Custom funnel & retention
  • Direct ClickHouse queries
traditional analytics
  • Your event data stored on vendor servers
  • Vendor can read all user behaviour
  • Data breaches expose customer data
  • Compliance audits cover vendor systems
  • Vendor sunset = data hostage
with enspect
  • All data encrypted, stored in your infra
  • Zero plaintext visibility for Enspect
  • Data breach = encrypted ciphertext, worthless
  • Compliance scope: your infrastructure only
  • Your data, your ClickHouse, forever yours
0bytes
of user data ever seen by Enspect
256bit
AES-GCM encryption per event
queries
on your own ClickHouse
section / cta
get started

Analytics that respects
your data sovereignty

Join the waitlist. Be among the first teams to run privacy-first product analytics with zero data exposure — and full composability.

No credit card. No lock-in. Deploy in your infra on day one.

ClickHouse-native
Open-source SDK
Docker / K8s ready
SOC 2 in progress
GDPR ready