Format-Preserving Encryption for Sensitive Data
Protect sensitive values while preserving the format applications expect. Ubiq pairs format-preserving encryption with identity-governed runtime controls, so teams can decide when data is revealed, masked, de-identified, or denied based on who or what is accessing it.
Trusted in production by security & data teams
Independently attested
SOC 2 Type II
PCI DSS SAQ-D
CMMC 2.0 Level 1What is format-preserving encryption?
Format-preserving encryption (FPE) is a method of encrypting data so the protected value keeps the same format, length, and character set as the original. A 16-digit card number stays a 16-digit value and a national ID keeps its structure, so encrypted data fits existing database schemas, applications, and validation rules without changes.
Preserves format and length
Encrypted values keep the original data type, length, and character set, so they drop into existing fields, schemas, and APIs without migrations.
Keeps referential integrity
Deterministic encryption maps the same input to the same protected value, so joins, lookups, and analytics keep working across systems.
Reversible by policy
Authorized identities can recover the original value, while every other identity only ever sees the protected form.
Format-preserving encryption keeps data usable
Sensitive values are protected while preserving the structure applications expect.
| Type | Original value | Method | Protected value (output) | Format preserved? |
|---|---|---|---|---|
| 123Credit card | 4111 1111 1111 1111 | FPE | 4823 9047 1182 6675 | Yes16 digits, grouped the same way |
| AbcSecret passphrase | SUNFLOWER | FPE | KQZMXPVTB | YesSame length, all uppercase letters |
| A1ID number | ID-4829-7712 | FPE | ID-9154-3380 | YesSame prefix, separators, and digit pattern |
| Standard encryption (AES)Not format-preserving | 4111 1111 1111 1111 | AES | 9pQ2k7Hd3xR1m8Lf0vT== | NoLength, character set, and format change |
Format preserved:16 digits, grouped the same way
Format preserved:Same length, all uppercase letters
Format preserved:Same prefix, separators, and digit pattern
Not format-preserving:Length, character set, and format change
FPE helps protect structured sensitive data without breaking schemas, validation rules, or downstream workflows.
What format-preserving encryption does not solve
Format-preserving encryption protects the value and keeps it usable, but it does not control who can read that value in cleartext at runtime. Whether it comes from a legacy data protection platform or a built-in integration, encryption on its own still leaves overprivileged access, insider risk, and inconsistent controls unaddressed across applications, databases, APIs, analytics, and AI workflows.
It protects the value, not the access
Format-preserving encryption keeps a value usable, but it does not decide which identities can turn it back into cleartext at the moment of access.
Decrypt rights become read-everything rights
Once a system or service can decrypt, every identity behind it can read plaintext, regardless of role or context.
Controls drift across systems
Applied per application or database, encryption policies become inconsistent across the many paths that touch sensitive data.
No view of who is accessing what
Encryption alone gives no visibility into which identities and workflows are actually reading protected values.
Ubiq keeps format-preserving encryption and adds identity-governed control over who can read protected values at runtime.
How Ubiq works
Same sensitive data. Different identities. Different runtime outcomes.
Format-preserving encryption protects the value. Ubiq evaluates the requesting identity, context, and policy at runtime, then returns only the representation that identity is authorized to see.
Access request
Protected payment record
- Card number
- 4823 9047 1182 6675
- Name on card
- Maria Chen
- Expiry
- 08 / 27
Real-time evaluation
Runtime data outcome
Payments service
Full viewAuthorized to process the charge
Support analyst
MaskedNeeds to confirm the card, not read it
Analytics API
De-identifiedAuthorized for analysis without direct identifiers
AI agent
ProtectedOperates on protected values, never cleartext
Protected once. Resolved differently at runtime for each identity.
Where teams use format-preserving encryption
Format-preserving encryption protects sensitive fields without breaking the systems that depend on their shape. These are the workflows where it matters most.
Cardholder data (PCI DSS)
Protect PANs and payment data while keeping the 16-digit format that payment systems, gateways, and validators expect.
PII in analytics and BI
Encrypt names, emails, and national IDs so analysts and BI tools can join and segment on protected values without exposing cleartext.
Cross-border and data residency
Keep regulated data protected as it moves between regions and teams, with cleartext access decided by identity and policy.
AI and ML pipelines
Feed format-preserving protected values into training and inference so models work without sensitive data in the clear.
Legacy and mainframe modernization
Protect fixed-format fields in older systems without rewriting schemas or breaking downstream integrations.
Test data and secure data sharing
Share realistic, format-correct data with vendors and lower environments while the real values stay protected.
Built to fit your environment
Ubiq deploys inside your own environment and integrates where sensitive data already lives, so teams adopt it without heavy operational friction.
SDKs and APIs
Add protection with a few lines of code across major languages, live in minutes.
Database and warehouse integration
Protect and reveal values through SQL UDFs and native database and data warehouse integrations.
Application and API patterns
Integrate at applications, services, and API gateways without rearchitecting them.
Identity provider integration
Reuse your existing IAM so runtime decisions follow the identities you already manage.
Customer-managed keys
Bring your own HSM or KMS so key control stays with your team.
No agents, proxies, or schema changes
Deploy with no proxies in the data path and no database schema changes where applicable.
Frequently asked questions
What is format-preserving encryption (FPE)?
Format-preserving encryption is a method of encrypting data so the protected value keeps the same format, length, and character set as the original. A credit card number stays a 16-digit value and a national ID keeps its structure, so encrypted data fits existing schemas, applications, and validation rules without changes.
How is FPE different from tokenization?
Format-preserving encryption uses a cryptographic key to transform a value into a same-format ciphertext that can be reversed with the key. Tokenization replaces a value with a substitute token, which can be vaultless or vault-based. Ubiq supports both, and in either case governs at runtime which identities can recover the original value.
What types of data are good candidates for FPE?
Fixed-format fields where the shape matters: payment card numbers, account numbers, national IDs, phone numbers, and customer identifiers. Format-preserving encryption protects these values while keeping them compatible with systems and validation that expect the original format.
Does format-preserving encryption control who can see plaintext?
On its own, no. Format-preserving encryption protects the value, but it does not decide which identities can read it in cleartext. Ubiq adds that layer: it evaluates identity, context, and policy at runtime and returns full cleartext, masked, de-identified, or no data.
How does Ubiq use FPE with identity-governed access?
Ubiq protects values once with format-preserving encryption, then evaluates the requesting identity, context, and policy at runtime and returns the authorized outcome. The same protected value resolves to different outcomes for different identities across applications, databases, BI tools, and AI workflows.
Can Ubiq support FPE across applications, databases, and analytics workflows?
Yes. Ubiq integrates through SDKs and APIs, SQL UDFs, and database and data warehouse integrations, so format-preserving protection and identity-governed access apply consistently across applications, APIs, databases, warehouses, BI tools, and AI workflows.