Skip to content

Trust · Security

Security you can inspect, not a badge you take on faith.

Our security isn't a claim — it's a set of mechanisms you can check. The record is append-only, identity is phishing-resistant, sensitive data is encrypted at the record, and the stack is built clean-room so there is less to trust in the first place.

This very page is verifiable — toggle Verify in the header and recompute any element

How the posture holds

Security you can inspect — not a badge you take on faith.

01 · THE RECORD

Append-only by construction

Every record and every access is bound into a tamper-evident hash-chain. Nobody — not even an administrator — can quietly rewrite the past; break one link and the math stops matching.

02 · IDENTITY

Phishing-resistant passkeys

Sign-in is a WebAuthn passkey bound to the device — no shared secret to steal, phish, or replay. The person is the key.

03 · CONFIDENTIALITY

Encrypted at rest and in transit

Sensitive fields are encrypted at the record with AES-256-GCM (rolling in); data moves only inside authenticated, encrypted transport — TLS at the edge, sealed-header frames between our internal nodes.

04 · ACCESS

Least-privilege, and every access recorded

Access is scoped to need and the access itself becomes a logged, tamper-evident event — control that is observable, not merely configured.

05 · SURFACE

Clean-room, minimal attack surface

We build our own stack in Rust rather than stacking third-party software under our brand — fewer moving parts you have to take on trust.

06 · PROOF

You verify it, we don't ask for faith

Toggle Verify in the header and recompute any element of this page in your own browser. Security that resolves to something you can check.

Don't trust us — verify us

The standard isn't something we claim. It's something you run.

Toggle Verify in the header to recompute this page, or open the verifier to check the signed root, the witness quorum, and any record — in your own browser, against pinned keys.