As data is captured at the IBM cloud, after events are applied, the data should be encrypted with cert/key that only the specific customer has access to and inserts this key on their browser to unlock the data. This keeps the data encrypted on the IBM cloud in a way that only the customer can unlock.