We build systems where the data never exists

Maelstrom AI designs privacy-preserving infrastructure for regulated environments. Cryptographic verification, zero knowledge protocols, consent-first architectures, and verifiable builds. Based in regional Victoria, Australia.

About us Get in touch

What we do

Privacy engineering for regulated industries

We design systems that prove what needs proving without collecting what doesn't. Our work combines applied cryptography, privacy regulation, production infrastructure, and open source development.

🔐

Cryptographic Verification

Zero knowledge proof systems that let one party demonstrate a fact to another without revealing the underlying data. Output: a single bit.

🏗️

Protocol Design

Multi-party protocols where data paths for personal information are architecturally absent. Not toggled off, not access-controlled. Missing by design.

📖

Open Source Development

Everything we build ships with source code. Cryptographic libraries, backend services, protocol specifications, mobile applications. Published and auditable.

⚖️

Regulatory Alignment

Systems built for the Online Safety Act (AU), GDPR (EU), Age Appropriate Design Code (UK), COPPA and CCPA (US). One architecture, multiple jurisdictions.

Our product

Provii

Our flagship product. Provii is a privacy-preserving age verification system that uses zero knowledge proofs. Websites and apps confirm a visitor meets an age threshold without ever receiving a name, a date of birth, a photo, or any identifying information.

Works in both directions. The same credential proves "over 18" for restricted content or "under 13" for children's platforms. Verified kids' spaces where adults are cryptographically excluded.

Learn about Provii → Visit provii.app

192 Bytes per proof

0 PII on servers

100% Open source

Free For end users

Expertise

Technical capabilities

Applied Cryptography

Groth16, BLS12-381, Pedersen commitments, HMAC-SHA256, Ed25519. Production-grade implementations in Rust with constant-time guarantees.

Mobile Security

Hardware-backed keystores, biometric authentication, secure enclaves. Native iOS (Swift) and Android (Kotlin) with shared Rust cores via UniFFI.

Edge Infrastructure

Cloudflare Workers serverless deployment. Global distribution. KV storage, Durable Objects, rate limiting. No origin servers holding personal data.

Supply Chain Security

SLSA Level 3 build provenance. Sigstore-signed artefacts. SHA-pinned CI dependencies. Automated licence compliance and vulnerability scanning.

Company

Regional Victoria. Global standards.

Based in St Arnaud, Victoria. We build under Australian privacy law, publish our ISMS documentation publicly, and maintain our entire codebase as open source.

About Maelstrom AI Open source