Skip to content


Connectivity made easy, without losing custody of your data

Zero-Trust Required

The Next Generation of Privacy Protection

It’s no secret that connecting data to develop actionable insights on customers and patients brings massive value across industries. But the current solutions leave gaps in identity protection. Karlsgate is here to fix that.  

Introducing Cryptoidentity

Gone are the days of transferring custody of Personal Data. Cryptoidentity allows the free flow of insights while maintaining control of sensitive information. This breakthrough Privacy Enhancing Technology (PET) can extend your zero-trust approach beyond information security to data management as well. It’s finally data protection with simplicity and scale. 


Karlsgate Identity Exchange

Karlsgate Identity Exchange (KIE™) shepherds in a new approach to connecting data. Using a distributed network architecture, it brings together all of the capabilities to support modern consumer data collaboration, making it easy to connect with anyone, anywhere, at any time in a safe and privacy-compliant manner 

Privacy by Design...

KIE ensures the highest level of data security and privacy compliance by using Cryptoidentities—encrypted, single-use pseudonymized tokens—and a distributed network architecture to match two data sets without sharing or exposing personal data.

  • Personal data never leaves your data environment 
  • Built-in cryptography ensures that no party, including Karlsgate, can re-identify any data
  • Distributed architecture democratizes connectivity and enables you to build private connectivity networks 
fingerprint icon 2

...With Full Lifecycle Data Security

For protecting data at rest, Karlsgate has partnered with LexisNexis® Risk Solutions to deliver the next generation in de-identification services with LexisNexis® Gravitas™ – next-generation tokenization combined with identity resolution backed by a Referential Data Layer.  

  • Leveraging the expertly sourced and curated data assets from LexisNexis® Risk Solutions, KIE can detect ambiguous identities, reducing incorrect and missed matches typically found in current solutions, while also uncovering previously missed matches due to name and/or address changes 
  • Our Actionable De-identification™ means you have connectivity built into the token itself  
  • Privacy firewalls between each party ensures identity resolution does not leak identity during the tokenization process 
  • The next-generation tokenization solution, Gravitas™ - powered by KIE - combines access to a comprehensive data network with powerful, next-generation technology to unlock the power of real-world data for clinical research, gaining a more precise and more complete view of patients' healthcare journeys, and even removing barriers to care

Simplify Data Preparation

KIE removes and simplifies the workload involved in preparing data to be connected. From data format detection and normalization to the ease of data refresh, many of the lengthy and costly steps required before data is connected are now automatic. 

  • Keep your data format and structure intact (no transformations required)
  • Scalable from 1 record to 1 billion records per listing, with unlimited listings per node and unlimited nodes per member 
  • Data refresh requires zero downtime; listings can be updated while actively connecting data files 
  • Key allineation enables users to match data effortlessly even if the underlying identifiers are subtly different 
time icon 3
globe icon 4

Handling Real-World Complexity

Automation cannot become a reality unless it is able to adapt to advanced scenarios and reduce custom effort. KIE brings efficiencies starting with a connect-once, transact with everyone approach. Free your IT resources from tactical data operations.  

  • Choose any identifiers for matching like email, address, device ID, IP address, geolocation, member-devised custom ID and more 
  • Matching rules are transparent and verifiable to both parties 
  • Optimize match rates using cascading match logic based on a pre-defined sequence 
  • Flexible outcomes for each match range from “see nothing” to appended attributes to anonymous record links 
  • Gain visibility into duplication within your data sets as well as your trading partners 

Distributed Processing

Each data partner sets up a locally controlled node to facilitate data exchanges. Each node is a part of the distributed encryption and communication exchange network and automatically processes explicitly approved exchanges. 

  • Reads input identifiers from the original source file
  • Negotiates shared secrets to protect each exchange 
  • Performs all hashing and encryption to create Cryptoidentities 
  • Uploads Cryptoidentities for match facilitation 

Collaboration Portal

The KIE portal provides users direct access to the Exchange Proposal collaboration workflow. It allows users full control of the automated processes for connecting data. 

  • Requires zero technical coordination to execute transactions
  • Discover data partners and available data 
  • Invite partners to connect data 
  • Manage match logic agreements digitally 
  • Control data matching rules 



Simple and Secure Identity Exchange Without the Work

Lightweight and secure implementation

Deploy a one-time node software installation that runs on all major operating systems. Secure API using SSL encryption, password-protected network access and Cryptoidentities, so your Personal Data never leaves your environment.

Distributed automation

Minimize manual work and iterative troubleshooting with automation including secret key creation, linkage key detection, identifier compatibility alignment, in-line hashing algorithms, cascading match processing and attribute append execution.

Streamlined operations

Use auto-detection routines to reduce the effort involved in modeling data formats and structure. No external taxonomy is implied or needed. Your data modeling stays completely intact. A built-in ETL engine and resilient data transfer mechanisms keep the full exchange procedure “hands-off.”

Resource Center

Browse our latest articles 

The Power of Connecting Identifiable Patient Data

The Power of Connecting Identifiable Patient Data

Fresh, accurate, and plentiful data from a wide variety of sources is crucial to fueling AI and ML in the healthcare space.

Beyond Compliance: Business Associate Agreements Do Not Protect Data

Beyond Compliance: Business Associate Agreements Do Not Protect Data

Discover why relying solely on Business Associate Agreements for data protection is no longer enough in today's healthcare landscape.

Transforming Healthcare Data Connectivity for Precision Insights

Transforming Healthcare Data Connectivity for Precision Insights

There hasn’t been a way to access precision data needed at scale, without sacrificing the security of PHI in one way or another – until now...


Frequently Asked Questions

How long does it take to process a trade?

It depends on the size of the files and the number of match passes and attributes appended. In general, 1 million records can be processed in 11 seconds (simple match pass) whilst 100 million records with 10 match passes and 600+ attributes appended would be processed in less than 18 hours.

Does Karlsgate do fuzzy matching?

We define fuzzy matching as loose matching rules based on probabilities. Our matching is fully deterministic—you will always have clarity over a match versus a non-match. To ensure that all potential matches are found, our software performs “soft matching,” or matching on equivalent alternatives, for examples “1 MAIN ST. APT. 2” = “1 Main Street #2”. Soft matching does not need direct access to PII to work and automatically rectifies differences in standardization, whitespace, punctuation, abbreviations, and phonetically similar words.

How does Karlsgate optimize matching to ensure high-quality match rates?

While the ultimate matching is deterministic due to the nature of the cryptoidentities being matched, Karlsgate’s node software performs robust data normalization and standardization processes to align identifying data elements prior to creating the cryptoidentities, which boosts match rates without over-matching.

How many match passes can I use?

For a single trade, you can have up to 10 different match passes, cascading down.