Skip to main content

How it works

Keyavi's encryption and policy-based protection is infused directly into the data itself. This protection is enabled across all platforms, methods of transit, operating systems, and device types. For example, this means that data stored on any flash drive, uploaded to any cloud service, or emailed through any provider can be protected by Keyavi.

Geolocations and geofencing

Geolocations and geofencing provide additional security to restrict encryption and decryption based on a specific location. Users have the option to restrict access to data by providing varying degrees of parameters that enforce authorized locations based on settings of Country, State, Zip Code, Street Address, and Latitude/Longitude. Also, exclude geolocations known for threat activities to protect the file. Users can only encrypt and decrypt autonomously to All Authorized locations or Office locations.

The Keyavi Web Portal dashboard shows a color-coded map with the access location of the file and if violations occurred.

Keyavi Web Portal dashboard

  • Green: File successfully accessed without violations.

  • Yellow: Policy violations occurred.

  • Red: Access violations occurred, which alerts the security admin.

All Authorized locations

All Authorized locations can be different geographical locations of the corporation. They're pre-set by the Keyavi Policy Administrator and identified by country, state, zip code, or street address.


Excluded countries cannot be added as an authorized location.

Office locations

Office locations are user-defined geographical locations identified by latitude and longitude coordinates. Users can set multiple locations for accessing the data from, for example, the office, home, or a coffee shop. A Location that is no longer used or needed can be removed.

Intelligent Directory

Intelligent Directory™ is a service that gets configured onto a folder. Then, when a user saves a file directly to the designated folder, it automatically creates a Keyavi-protected IKD file. The goal of Intelligent Directory is to make securing your files as easy and seamless as possible.

If you're a Keyavi Policy Administrator, you can define the directories you want to protect with Intelligent Directory. When you configure Intelligent Directory, you become the owner of the files. You can also allow authorized users to access Keyavi-protected data offline, without an internet connection.

Authorized time period

An authorized time period, or time embargo, adds another layer of security to the data. It gives the data owner the ability to put a time limit for when access to the data begins and expires, for example, before and after a business meeting.

If a time period isn't provided, access to the protected data doesn't expire and can be opened at any time (unless revoked). However, if an authorized user attempts to open the protected file outside of this time frame, they'll get an error.

Account types

There are four distinct account types available to use the Keyavi technology. Your account type will determine what functionality of the Keyavi technology is available to you.

  • Administrator Account -- Users with a Keyavi Administrator Account, you have full functionality of the Keyavi technology as defined in Full Control Account.


    It's up to the organization's system administrator to determine what functionalities and components a Keyavi admin can access. Access to each component and functionality should follow the defined Keyavi Security Groups and have access only to the allowed functionalities.

  • Full Control Account -- Users with full functionality of Keyavi, including the ability to both open and create IKD files. In addition, users can access the Keyavi Portal to view their dashboard and manage their data and settings.

  • Read-only Account -- Users can open IKD files but cannot create them.

  • External Account -- Recipients of a Keyavi-protected file or Smart Email who doesn't have a full Keyavi license within the organization. External users can access IKD files through an external account the sender created for the recipient. The external account has read-only access.

User authorization mode

Individual user rights take precedence over rights determined through group membership.

Authorization modeKeyavi applicationFile typePermitted action
Read-only – File opens in the native application.
  • All
  • Read-only
Edit – File opens in a protected view with limited editing capabilities.
  • Keyavi Desktop
  • Microsoft Word (.docx)
  • Microsoft Excel (.xlsx)
  • Text (.txt)
  • Read
  • Edit (including cut, copy, and paste)
  • Save changes to protected copy
Full Access – File opens in its native application.
  • Keyavi Desktop
  • Keyavi Web
  • All file types
  • Read
  • Edit (including cut, copy, and paste)
  • Save unprotected copy
  • Print
  • Screen share
  • Screen capture