Divvi Up: A privacy-respecting system for aggregate statistics

Privacy, Enforced by Technology

How Divvi Up Works

A user-generated metric

Divvi Up works for any data that can be collected across a population, like telemetry, survey results, or many other scaled metrics collection use cases.

Divide the metric

Metrics are fed into a library where they’re divided into two shares (Divvied Up!). The shares are then encrypted locally, before any data leaves the device.

Two non-colluding servers

With two separate servers, each with only a partial share, it's impossible to deduce the whole metric. After validating the input, each server performs additional de-identification and aggregation.

Cryptographically-guaranteed privacy

Produce insights while protecting privacy

Divvi Up makes it possible to gain insights about your population of users without compromising individual privacy. Mitigate compliance risks, eliminate the need to store PII for telemetry, and respect your users’ privacy.

Why you should Divvi Up

Divvi Up: A privacy-respecting system for aggregate statistics

Privacy, Enforced by Technology

How Divvi Up Works

A user-generated metric

Divide the metric

Two non-colluding servers

Combine aggregates

Anonymized insight

Cryptographically-guaranteed privacy

Produce insights while protecting privacy

Divvi Up: A privacy-respecting system for aggregate statistics

Privacy, Enforced by Technology

How Divvi Up Works

A user-generated metric

Divide the metric

Two non-colluding servers

Cryptographically-guaranteed privacy

Produce insights while protecting privacy

Recent Updates

A Year-End Letter from our Executive Director

ISRG raises more than $1M for advancing Divvi Up

Exposure Notifications Private Analytics: Lessons Learned From Running Secure MPC at Scale