Zero inbound corporate path
The on-premise appliance exposes no WAN listener. UUID sync travels outbound, minimizing the attack surface to near zero.
Software made for Swiss Financials
ACWA keeps your public workload fully anonymous while enriching detail views on demand — only when the browser reaches the corporate resolver. No inbound connections, no PII hosted publicly, no attack surface.
How ACWA works
Customer records live on the internet under random UUIDs. No names, no cities, no identifying data. Safe enough for any hosting provider.
When viewed from the corporate network, the browser calls the internal resolver to swap the UUID for the real name — one record at a time, with a strict timeout.
If the resolver is unreachable the record stays anonymous and is labeled clearly. No fallback, no cache, no leakage.
Why ACWA
The on-premise appliance exposes no WAN listener. UUID sync travels outbound, minimizing the attack surface to near zero.
Only the single detail view asks for context. Bulk scraping is throttled by design, keeping data flows modest and auditable.
Remove PII from hosted workloads and reduce the compliance and secrecy burden your public infrastructure carries.
PHP, SQL, Apache on the public side. Appliance on premise. No cloud lock-in, no heavy middleware. Transparent and auditable.
Consultant-guided demo
We walk you through the full POC — public view, corporate enrichment, appliance administration — on a live system. No slide decks.