Every Consent Action, Cryptographically Proven
Our verification infrastructure ensures every consent grant, access, and revocation is recorded in an append-only, tamper-evident log with cryptographic proofs.
What It Is
An append-only, cryptographically signed log of all consent events. Each action is hashed, chained to the previous entry, signed with Ed25519, and included in a merkle tree. Third-party auditors can independently verify consent records using only public keys and published merkle roots.
What It Is Not
- Not a blockchain — no distributed consensus, no tokens, no mining
- Not a separate database — integrated with the same infrastructure
- Not public — verification API requires authentication; only merkle roots are public
How It Works
Four steps from consent to verifiable proof.
Consent Event
A user grants, accesses, or revokes a consent. The event is captured by the governance layer.
Hash & Sign
All identifiers are hashed (zero PII). The entry is chained to the previous entry and signed with Ed25519.
Merkle Block
Entries are batched into blocks. A merkle root is computed and published to the global registry.
Independent Verification
Anyone with a proof can verify it against the published root. No platform access needed.
Trust Properties
Append-Only
INSERT-only at database level. No updates, no deletes. The record is immutable.
Zero PII Storage
All actor identifiers are salted SHA-256 hashes. The ledger contains no personal data.
Non-Repudiation
Ed25519 signatures prove the platform produced each entry. Legally binding proof.
Regional Compliance
Per-country ledgers satisfy data residency requirements. Only merkle roots cross regions.
Independent Verification
Third parties verify with only the public key and merkle root. No platform access needed.
Tamper-Evident
Modifying any field in the chain breaks the hash from that point forward. Instantly detectable.
Ready to Verify?
Check the integrity of any consent record or browse published merkle roots.