Seald is a developer-focused end-to-end encryption (E2EE) SDK designed to integrate client-side encryption into web, mobile, and desktop applications. It handles cryptographic operations and key exchanges, allowing developers to encrypt data locally on the client side before it is transmitted or stored in a backend system. The SDK is built around the concept that even if backend servers or infrastructure are compromised, encrypted data remains inaccessible to unauthorized parties — including server administrators, hackers, and third-party service providers. This is achieved by ensuring that decryption keys are only ever held by authorized end users. Key architectural components include: - A "Sig-Chain" mechanism that validates all of a user's public keys using the Trust-On-First-Use (TOFU) paradigm, mitigating man-in-the-middle attacks. - A "2-man-rule" key recovery mechanism that allows users to recover private keys without a backdoor, even if passwords or devices are lost. - Zero-trust architecture, where no server is inherently trusted, including Seald's own servers. - Access rights management that allows recipients of encrypted data to be added or revoked without re-encrypting the data. The SDK supports integration via a simple API (sdk.encrypt()), abstracting away cryptographic complexity for developers. It targets industries handling sensitive data, including healthcare, legal, and insurance sectors. Seald has been acquired by OVHcloud and is available through OVHcloud Labs.