CloudMask is a Software as a Service (SaaS) solution. Using patent-pending methods, CloudMask, running on user devices, transparently intercepts and analyses data to identify, tokenize, and encrypt sensitive information. The intercepted data may belong to a variety of applications, such as Google, SalesForce, Box, and MS Office 365 and practically any other application you could be using. CloudMask converts your sensitive data to tokens that have the same structure as the original data but are meaningless, jumbled texts bearing no relation to the original data. As a result, the application receives meaningless tokens, instead of the original private data. These tokens do not break the application’s functionality, nor can it be broken by any cryptanalysis. Accordingly, the application continues to function as before and security is transparent, without requiring any changes to existing applications. CloudMask protects you against unauthorized disclosure and vendor misuse of the data as well. These techniques also apply to on-premise applications, and accordingly CloudMask mitigates insider threats by utilizing user-owned keys (asymmetric key pair). These keys are never shared or transmitted over the network. Only users/systems explicitly authorized by the data owner may use their personal keys to restore tokens back to their meaningful data. One of the biggest competitive advantage of CloudMask is its scalability. This is needed not only to address the top of the pyramid, such as governments and large enterprise. But it is also very important when offering a cloud service to potentially millions of users, and even more devices. CloudMask is a Common Criteria certified. Common Criteria is a global security certification that approved by 26 governments, demonstrating that the user data remains private even if the network, application and CloudMask servers are fully compromised. Now to complete the picture, our long term vision is to expand the model to cover Internet of Things devices. In other words there is no reason to limit our space to end-user, we want to protect private information no matter where their being created.Something looks off?