What is Private Cluster?

Private Cluster is a dedicated Web3 infrastructure (RPC nodes, archive nodes, indexers) running inside TEE enclaves in GetBlock data centers. It provides cryptographic guarantees that GetBlock physically cannot read your RPC queries — the enclave generates its own keys and all communication is end-to-end encrypted.

How is Private Cluster different from On-Prem?

With On-Prem, nodes run in the client's own data center — full zero-trust. With Private Cluster, nodes run in GetBlock's data centers but inside TEE enclaves, so the provider cannot access query content. Private Cluster is for teams that need privacy guarantees without managing their own hardware.

What is TEE and how does it protect my data?

TEE (Trusted Execution Environment) is an isolated zone inside a processor (Intel SGX / AMD SEV). Code and data inside the enclave are invisible to the server owner — even GetBlock cannot read what happens inside. The enclave generates its own encryption keys, and the client verifies them via attestation signed by Intel or AMD.

What does attestation mean?

Attestation is a cryptographic report signed by the hardware manufacturer (Intel/AMD) proving that the public key belongs to a genuine TEE enclave — not to GetBlock. The client verifies this report before sending any queries, ensuring the encrypted channel goes directly to the enclave.

Do I need to change my code to use Private Cluster?

Minimal changes. GetBlock provides a Client SDK (npm/pip package) that wraps your standard RPC client. The SDK handles attestation verification and encryption under the hood. On your side, only the endpoint URL changes — standard RPC calls work exactly as before.

What about write privacy (transactions)?

TEE protects read privacy (your queries). For write privacy (broadcasting transactions), Private Cluster offers two add-ons: IP Rotation (standard — rotates your IP on each transaction, ~50ms latency) and NYM Mixnet (advanced — hides IP, timing, and patterns via a decentralized mixnet, ~500ms latency).

Enterprise Privacy

Private Cluster
Your Infrastructure.
Invisible to Us.

Managed blockchain nodes running inside TEE enclaves. Your queries stay private — we physically can't read them.

TEE enclave isolation

Dedicated infrastructure

Verifiable attestation

TEEEnclave

E2EEncryption

SOC 2Certified

24/7Expert Support

What Your RPC Traffic Reveals

intercepted queries

$eth_getBalance(0xABC...)// Which wallets you monitor

$eth_call(Uniswap Router)// Which contracts you interact with

$getLogs(Transfer, 0xDEF...)// Which events you track

For hedge funds, exchanges, and custodians — this is a leak of strategies, portfolios, and investigation targets.

On-Prem solves this — but not everyone has a data center.

The Solution

Hosted by Us.
Invisible to Us.

Private Cluster is dedicated Web3 infrastructure running inside TEE enclaves in GetBlock data centers. We host the nodes — but cryptographically cannot read your queries. You get managed infrastructure with zero exposure.

TEE Enclave Isolation

Your node runs inside a hardware-protected enclave (Intel SGX / AMD SEV). Even GetBlock as the server owner cannot read what happens inside.

End-to-End Encryption

Every RPC request is encrypted with the enclave's public key on the client side. GetBlock receives an encrypted blob — cannot decrypt it.

Verifiable Attestation

The enclave generates an attestation report signed by Intel/AMD. You verify the key belongs to the enclave — not to GetBlock.

No Data Center Required

Unlike On-Prem, you don't need your own hardware. GetBlock hosts everything — you get the same privacy without the infrastructure overhead.

How It Works: We Made Ourselves Blind

On the client side, only the endpoint changes. Standard RPC calls work exactly as before — the SDK handles attestation and encryption under the hood.

Deploy

GetBlock deploys your node inside a TEE enclave. The enclave generates its own key pair. The private key never leaves the enclave.

Attest

The enclave produces an attestation report signed by Intel/AMD. The client verifies: this key belongs to the enclave, not to GetBlock.

Encrypt

The client encrypts every RPC request with the enclave's public key. GetBlock receives an encrypted blob — can't read it.

Process

The blob enters the enclave, gets decrypted, the node processes the request. Nothing is visible from the outside.

Respond

The response is encrypted and sent back. No one except the client and the enclave has seen the request or the response.

Read Privacy — Solved.
Now Secure Your Writes

When your node broadcasts a transaction, your IP, timing, and patterns become visible to any observer. Two add-ons to fix this.

Added latency:~50 ms

IP Rotation

Standard Privacy

Each outgoing transaction is broadcast from a different IP via GetBlock proxy pool. Observers cannot link transactions to your cluster.

Hides IP:Yes
Hides timing:No
Prevents clustering:Yes
Best for:Exchanges, trading desks

Recommended

Added latency:~500 ms

NYM Mixnet

Advanced Privacy

Transactions are encrypted into Sphinx packets and routed through 3 mix-nodes with delays and dummy traffic. Nobody can correlate sender, timing, or patterns.

Hides IP:Yes
Hides timing:Yes
Prevents clustering:Yes
Best for:Banks, custodians

Enterprise Use Cases

Built for teams that can't afford leaks

Private Cluster keeps your RPC activity invisible — even to the infrastructure provider.

Hedge Funds & Trading Desks

Strategy-leak-proof RPC
Hidden query patterns
MEV protection
Confidential analytics

Crypto Exchanges

Private withdrawal monitoring
Hidden balance checks
Deposit flow isolation
High-throughput indexing

Custodians & Banks

Client wallet isolation
Regulatory data residency
SOC 2 audit-ready
NDA-backed operations

AML / Compliance

Hidden investigation targets
Private address screening
Confidential lookups
Audit trail export

Asset Managers

Portfolio monitoring privacy
Address risk scoring
Staking operations
On-chain data residency

Where Private Cluster Fits

	Public RPC	Private Cluster	On-Prem
Infrastructure hosted	Provider (shared or dedicated)	Provider (dedicated + TEE)	Client's data center
Read privacy	None	Yes (TEE + E2E)	Yes (full)
Write privacy	None	Add-on (IP/NYM)	Add-on (IP/NYM)
DevOps by GetBlock	No	Yes	Yes
Client needs own DC	No	No	Yes
Trust model	Full trust	Trust-but-verify	Zero trust

No major RPC provider offers managed infrastructure with verifiable read privacy guarantees. The niche is empty.

Verified, Not Just Claimed

SOC 2 Type 1Certified

SOC 2 Type 2In Progress

TEE AttestationVerifiable

Transparent Logging Policy

NDA + Right to Audit

The audit report confirms our no-logging architecture. This is not a marketing claim — it's a verifiable fact.

Data centers: Frankfurt, New York & Singapore.

100+ Blockchains Supported

Any chain you need — running inside a TEE enclave, managed by GetBlock.

ETH

Ethereum

BTC

Bitcoin

SOL

Solana

MATIC

Polygon

BNB

BNB Chain

ARB

Arbitrum

Optimism

TON

AVAX

Avalanche

TRX

Tron

NEAR

90+

More chains

Frequently Asked Questions

Can't find an answer? Contact our support team via live chat.

What is Private Cluster?
Private Cluster is a dedicated Web3 infrastructure (RPC nodes, archive nodes, indexers) running inside TEE enclaves in GetBlock data centers. It provides cryptographic guarantees that GetBlock physically cannot read your RPC queries — the enclave generates its own keys and all communication is end-to-end encrypted.
How is Private Cluster different from On-Prem?
With On-Prem, nodes run in the client's own data center — full zero-trust. With Private Cluster, nodes run in GetBlock's data centers but inside TEE enclaves, so the provider cannot access query content. Private Cluster is for teams that need privacy guarantees without managing their own hardware.
What is TEE and how does it protect my data?
TEE (Trusted Execution Environment) is an isolated zone inside a processor (Intel SGX / AMD SEV). Code and data inside the enclave are invisible to the server owner — even GetBlock cannot read what happens inside. The enclave generates its own encryption keys, and the client verifies them via attestation signed by Intel or AMD.
What does attestation mean?
Attestation is a cryptographic report signed by the hardware manufacturer (Intel/AMD) proving that the public key belongs to a genuine TEE enclave — not to GetBlock. The client verifies this report before sending any queries, ensuring the encrypted channel goes directly to the enclave.
Do I need to change my code to use Private Cluster?
Minimal changes. GetBlock provides a Client SDK (npm/pip package) that wraps your standard RPC client. The SDK handles attestation verification and encryption under the hood. On your side, only the endpoint URL changes — standard RPC calls work exactly as before.
What about write privacy (transactions)?
TEE protects read privacy (your queries). For write privacy (broadcasting transactions), Private Cluster offers two add-ons: IP Rotation (standard — rotates your IP on each transaction, ~50ms latency) and NYM Mixnet (advanced — hides IP, timing, and patterns via a decentralized mixnet, ~500ms latency).

Get a Private Cluster Quote

Tell us about your infrastructure needs. We'll prepare a tailored proposal within 24 hours.

Private Cluster Your Infrastructure. Invisible to Us.