What is offline secure storage?

Offline secure storage (OSS) is a data protection method where data is physically disconnected from the internet when not in use. Unlike cloud storage, data stored offline has zero remote attack surface — it cannot be hacked, ransomed or accessed remotely because it is not connected to any network. Firevault provides this through hardware-encrypted vaults that are physically isolated.

How does Firevault protect against ransomware?

Firevault protects against ransomware by physically disconnecting your data from the internet. Ransomware can only encrypt data it can reach over a network. When your data is stored offline in a Firevault, ransomware attacks cannot reach it. Even if your entire network is compromised, your offline vault remains untouched and intact.

How much does Firevault cost?

Firevault Vault starts from £75 per month (inc VAT) for individuals. Business Storage starts from £360 per month (inc VAT). Enterprise Platform pricing is available on request. All plans include hardware encryption, identity verification, and physical disconnection by default.

Who is Firevault designed for?

Firevault is designed for individuals protecting passports, wills and crypto keys; professionals such as solicitors, accountants and consultants protecting client data; SMEs and businesses protecting crown jewel data; and regulated industries including healthcare, financial services and legal sectors requiring offline backup for compliance with GDPR, NIS2, DORA and FCA regulations.

Is Firevault GDPR compliant?

Yes. Firevault is designed to support GDPR compliance by keeping sensitive personal data physically isolated and offline. Physical disconnection ensures data is not exposed to network-based attacks, supports data minimisation principles, and provides an audit trail of access. Firevault is also designed to support NIS2, DORA, FCA and SRA compliance requirements.

What is a physical air gap?

A physical air gap is a security measure where a computer or storage device is completely isolated from the internet and all unsecured networks. Unlike a logical or software air gap, a physical air gap cannot be bridged remotely. Firevault uses a Layer 1 physical air gap — your data is stored on hardware that is physically disconnected from any network when not in active use.

Setting Expectations

What Offline Secure Storage (OSS)
Is Not

Before you understand what Offline Secure Storage does, it helps to understand what it is not. We are fundamentally different from the tools you may be comparing us to.

OSS is not cloud, not SaaS, not an application. It is offline secure storage: dedicated hardware that is physically disconnected from all networks until you authorise access.

The Fundamental Difference

A side-by-side comparison of how OSS differs from connected storage solutions.

Feature

Others

OSS

Network Connection

Always connected

Disconnected by default

Infrastructure

Shared multi-tenant

Dedicated hardware

Access Control

Software policies

Physical isolation

Attack Surface

Always exposed

Zero when offline

Third-Party Access

Provider employees

Only you

Breach Impact

Mass exposure

Physically impossible

In Detail

What We Are Not

Each of these technologies has its place. But none of them provide physical disconnection.

Not Cloud Storage

Always online means always exposed

Cloud storage keeps your data online and reachable 24/7. That is the opposite of what we do.

Why This Is Risky

Data is always connected to the internet
Third-party employees can access your files
Subject to mass breaches and credential attacks
You do not control the physical infrastructure

The OSS Approach

OSS is physically disconnected. Your data exists on dedicated hardware that is offline by default. No internet connection means no attack surface.

Not a Data Diode

One-way recovery versus two-way control

Data diodes and immutable backup vaults are designed for post-breach recovery. OSS prevents the breach from happening.

Why This Is Risky

Data flows one way only (write-once, read-never until disaster)
Designed for recovery, not active protection of live assets
Cannot retrieve files on demand for operational use
Does not prevent the breach, only survives it

The OSS Approach

OSS is pre-breach prevention with two-way controlled access. Your data is offline and unreachable until you authorise access. Retrieve what you need, when you need it, on your terms.

Not a Network Appliance

Hardware isolation versus network segmentation

Network appliances segment traffic or control connections. OSS removes the connection entirely.

Why This Is Risky

Still operates within your network perimeter
Relies on software to control access policies
Can be bypassed through misconfigurations or exploits
The path to your data still exists when enabled

The OSS Approach

OSS is complete physical disconnection, not network segmentation. There is no path to manipulate because the cable is physically unplugged at Layer 1.

Not Traditional Backup

Copying data does not protect it

Backup solutions create copies of data that remains reachable. We remove reachability entirely.

Why This Is Risky

Backups are often connected to the network
Ransomware can encrypt backups too
Recovery assumes you detected the breach
Does not prevent the breach, only recovers from it

The OSS Approach

OSS is pre-breach protection, not post-breach recovery. Your most sensitive data is stored where attackers cannot reach it in the first place.

Not Immutable Storage

Write-once versus controlled access

Immutable storage locks data to prevent tampering. But locked data you cannot access operationally is not useful for business-critical assets.

Why This Is Risky

Data becomes read-only and inaccessible for updates
Designed for compliance archives, not operational use
Still connected to the network infrastructure
Immutability is enforced by software, not physics

The OSS Approach

OSS provides controlled access to live assets. Modify, update, and retrieve your data when needed. Protection comes from physical disconnection, not locking you out of your own files.

Not File Sharing

Collaboration versus protection

File sharing platforms prioritise easy access and collaboration. We prioritise controlled protection.

Why This Is Risky

Designed for convenience, not security
Shared links can be forwarded or leaked
No physical isolation from corporate networks
Access controls are software-based

The OSS Approach

OSS provides controlled access on your terms. Physical disconnection means access only happens when you explicitly authorise it.

Not a VPN or Firewall

Protecting the path versus removing it

VPNs and firewalls protect network paths. We remove the network path entirely.

Why This Is Risky

Still relies on software-controllable defences
Misconfiguration creates vulnerabilities
Zero-day exploits can bypass protections
The path to your data still exists

The OSS Approach

OSS takes a fundamentally different approach. If there is no network path to your data, there is nothing to protect or misconfigure.

Not a Password Manager

Credentials versus critical assets

Password managers store login credentials. We store irreplaceable documents and sensitive data.

Why This Is Risky

Focused on authentication, not data storage
Master password is a single point of failure
Cloud-synced password vaults can be breached
Not designed for large files or documents

The OSS Approach

OSS is a digital safe deposit box for your most sensitive assets: contracts, wills, intellectual property, evidence, and files that cannot be recreated.

Not an Application or SaaS

Software versus hardware isolation

SaaS applications run on shared infrastructure with software-based security. We use physical hardware isolation.

Why This Is Risky

Multi-tenant environments share resources
Software vulnerabilities affect all users
Provider has access to your data
If the provider is breached, you are breached

The OSS Approach

OSS is dedicated hardware, not a software layer. Your data lives on your own isolated storage that only you can access.

What We Are

OSS Is an Offline Secure Storage Platform for Data

A dedicated hardware platform for your customer, commercial, confidential, and crown jewel data. Physically disconnected from all networks, accessible only when you authorise connection.

Physical Disconnection

No network path means no attack surface

Dedicated Hardware

Your own isolated storage, not shared infrastructure

Identity Verified

KYC/AML at onboarding, MFA at every session

Learn How It Works Explore Vault

Understand what OSS actually does

Take two minutes to see whether offline secure storage is the right fit for your data protection needs.

Takes about 2 minutes. No account needed.

Free2 minsNo sign-up

What Offline Secure Storage (OSS)Is Not

The Fundamental Difference

What We Are Not

Not Cloud Storage

Not a Data Diode

Not a Network Appliance

Not Traditional Backup

Not Immutable Storage

Not File Sharing

Not a VPN or Firewall

Not a Password Manager

Not an Application or SaaS

OSS Is an Offline Secure Storage Platform for Data

Physical Disconnection

Dedicated Hardware

Identity Verified

Understand what OSS actually does

Your privacy matters

What Offline Secure Storage (OSS)
Is Not