The company that decided a stolen password should be worth absolutely nothing.
Above: the PreVeil wordmark and its horizontal key. The key is not decoration. It is the entire argument - you, and only you, hold it.
Somewhere in a machine shop in the American Midwest, a 14-person team is bidding on a defense contract it could not have touched five years ago. The reason is not a new lathe. It is software. Their email and their drawings are now wrapped in encryption so complete that even the company providing it cannot read a word. That company is PreVeil.
PreVeil sells something deceptively simple: encrypted email and file sharing that keeps working when everything around it fails. Passwords get stolen. Admins get phished. Servers get breached. PreVeil's bet is that none of that should matter, because the data is never readable on a server in the first place. From an office at 53 State Street in Boston, roughly 92 people now run the platform that has quietly become the default compliance path for thousands of defense contractors.
Here is the uncomfortable thing about most corporate security: it is a wall around a building where the doors are propped open. Encryption exists, but it is usually undone the moment data lands on a server, where one compromised administrator account can expose everything. The industry's quiet assumption was that the perimeter would hold. It rarely does.
For defense contractors, this stopped being academic. The Department of Defense began requiring small suppliers to protect Controlled Unclassified Information under NIST 800-171, and later under the Cybersecurity Maturity Model Certification - CMMC. Suddenly a CNC shop with a dozen employees needed the same data-handling discipline as a Fortune 500. The two obvious options were both unappealing: ignore the rules and lose the contracts, or buy Microsoft's GCC High and lose a six-figure chunk of the budget.
One contractor recalled getting a quote for the conventional government cloud: “It was over $200,000 for 33 users.” That is the wall PreVeil walked up to - and the price tag it set out to make look absurd.
The deeper problem was philosophical. Compliance frameworks treat encrypted data living on a server as “protected.” But if the server can decrypt it, so can whoever takes the server. PreVeil's founders looked at that logic and decided it was, politely, nonsense.
PreVeil was founded in 2015 by Randy Battat and Sanjeev Verma, with cryptography rooted in research from MIT and the work of co-founder and CTO Raluca Ada Popa. Battat was not an obvious candidate for a security startup. He had spent thirteen years at Apple - including a run as VP of the PowerBook division - and then built the wireless infrastructure firm Airvana from a startup into a 400-person company. Verma had co-founded Airvana with him. They were, by any reasonable measure, done.
Their bet was that end-to-end encryption - the kind that keeps data scrambled everywhere except on the user's own device - could be made usable by people who are not cryptographers. No PhDs required, no special hardware, no rip-and-replace of the email everyone already uses. Three principles guided the architecture: end-to-end encryption, no central point of attack, and ease of use. The third principle, oddly, was the hardest. Cryptography that nobody can operate is just expensive theater.
So they engineered around the human. PreVeil installs alongside Microsoft 365 or Google Workspace in under an hour. There is no master password and no single admin who can hand the keys to an attacker. Approval for sensitive actions is split across multiple people, the way a missile silo needs two officers to turn their keys at once. It is paranoid by design, and that is the point.
PreVeil's products are designed to be unremarkable to use, which is the highest compliment you can pay security software. You keep your email address. You keep Outlook, or Gmail, or the browser. The encryption simply happens, invisibly, on your device.
End-to-end encrypted email sent from your existing address via Outlook, Gmail, or browser. Never decrypted on any server, which defeats phishing and spoofing-driven breaches.
Encrypted file storage and sharing inside Windows Explorer, Mac Finder, and the browser - with granular permissions and tamper-evident cryptographic logging.
An assessment-ready package mapping all 110 CMMC controls, with pre-filled SSP/SOP docs, C3PAO-validated videos, and 1:1 expert support.
The compliance bundle is the part that turned a clever security product into a business. Instead of handing contractors raw encryption and wishing them luck, PreVeil ships the paperwork: documentation mapped to every control an auditor will check, with encrypted data stored in AWS GovCloud. The company says this cuts CMMC documentation work by roughly 60 percent. For a small business that does not have a compliance department, that is the difference between bidding and bowing out.
There is a quiet elegance to the design choices underneath. Files are encrypted before they leave the device and decrypted only after they arrive on another trusted one. Permissions are granular, so a contractor can share a single folder with a prime contractor without exposing the rest of its drive. Every access leaves a cryptographic log that cannot be quietly edited, which matters enormously when an auditor asks who touched what and when. None of this requires the user to think about cryptography at all - which was, of course, the whole idea.
Proof, in security, is rarely about marketing claims and almost always about the audit. PreVeil's strongest evidence is that more than 75 defense contractors and certified third-party assessors (C3PAOs) have walked into formal CMMC assessments and walked out with perfect scores of 110 out of 110. Customers describe the experience less like buying software and more like exhaling.
Backing that adoption is PSG, the growth-equity firm that led the $20M Series C in 2022, lifting total funding to about $27M. The money was earmarked for expansion beyond defense - into professional services, financial services, and healthcare, all industries with the same nagging problem: data that has to be shared, and must never leak.
PreVeil's stated mission is to bring radically better security to ordinary business and personal communication. Note the word ordinary. The cryptographic ideas behind PreVeil are not new to spies and banks. What is new is handing them to a machine shop, a law firm, or a clinic without requiring anyone to understand elliptic curves.
The culture runs on six values - Driven to Excellence, Build with Pride, Committed to Customers, Show Grit, Stay Cohesive, and Ethical & Transparent - and the last one is more than wall art for a company whose entire product is trust. PreVeil has been named a Built In Best Place to Work in Boston three years running, which suggests the grit is not only pointed at customers.
CMMC is moving from recommendation to requirement across the defense supply chain, which means the question for tens of thousands of contractors is no longer whether to encrypt, but how cheaply and how fast. That is precisely the gap PreVeil was built to fill. And the logic that hooked defense is now arriving in healthcare records, legal discovery, and financial files - anywhere the cost of a leak finally exceeds the cost of preventing one.
The skeptic's fair question is whether “the server can't read your data” is a durable moat or a feature larger players will copy. PreVeil's answer is the boring one: it already shipped, it already passes the audits, and it already deploys in an afternoon. In security, being early and proven beats being clever and late. The harder thing to copy is not the math - it is the years of audit results and the trust of customers who staked their contracts on it.
There is also a regulatory tailwind that is unusually kind to PreVeil. As deadlines firm up and primes begin pushing requirements down to their subcontractors, the pool of companies that suddenly need exactly this product is expanding faster than the market can comfortably serve it. That is a good problem, and an unusual one for an encryption company.
Return to that machine shop in the Midwest. The team just won the bid. Their drawings traveled across the country wrapped in encryption that no server, no admin, and no thief could open. The breach everyone fears may still come - it usually does. But for the first time, it would find nothing worth taking. PreVeil did not build a taller wall. It made the thing behind the wall worthless to steal.
// Official channels, coverage, and demos
// Watch: interviews & product demos