The Cryptographic Integrity Layer for Modern Digital Infrastructure
Generate tamper-evident proofs for any record, file, action, release, or transaction — without storing sensitive business data — enabling attestations, publish receipts, and audit-ready evidence by design.
Anyone can independently verify GetIntegrityAPI proofs — online or offline — instantly, for free — with no accounts, no API keys, and zero verifier data retention.
Built for human-led, automated, and AI-driven workflows — attach verifiable proof records for audit-ready evidence, from day one.
No local app required for first pilots. This guided demo shows how field teams can start with a demo flood-impact image or their own local file, capture the audit trail — what happened, when it happened, who/what captured it, and whether it can be independently verified — then package approved metadata and local file fingerprints into a portable integrity capsule for offline checks and online public receipt.
Offline: verify integrity locally.Online: issue an independent public receipt.
Real offline test: open the demo once. The demo may ask to cache a last-known location context; if no prompt appears, use the GPS/context button inside the demo. Then switch Wi-Fi / internet off: you can still seal, queue and verify locally. Reconnect later to issue the independent public receipt.
Purpose: demonstrate tamper-evident field evidence records for disaster response, infrastructure recovery, insurance support, supplier deliveries and audit milestones — without storing raw sensitive files.
CaptureField eventDamage assessment, inspection, delivery or repair milestone.
FingerprintNo raw file storedBrowser Web Crypto creates a local file digest and approved metadata record.
CapsulePortable integrity capsuleGPS/time context, custody trail and fingerprints travel in a portable integrity capsule.
ReceiptOnline attestationSync later to issue an independent public verification receipt.
Generate a tamper-evident proof record for an AI-assisted or dictated clinical documentation lifecycle — draft created, clinician reviewed, signed, exported or amended — without storing the clinical content.
Integrity proof only: not diagnostic, not clinical validation, and not a replacement for clinical review.
Workflow fit: documentation platforms create and move clinical notes; GetIntegrityAPI adds an independent proof layer around the lifecycle using approved metadata and cryptographic fingerprints only.
What this demo proves
It does not verify the clinical meaning of the note. It verifies the documentation lifecycle: what happened, who did it, when it happened, whether the final record changed later, and how it can be independently checked.
DraftAI/dictated note created
ReviewClinician review completed
SignClinical sign-off recorded
ExportDocument version exported
VerifyProof receipt generated
Proof record contents
The proof capsule can include document reference, workflow event, template version, AI workflow reference, reviewer role, sign-off status, export state, sequence, timestamp and cryptographic fingerprints.
Not stored: clinical note, transcript, audio, patient data, PHI, or raw document content.
Complementary integration angle
It sits beside existing systems — human-led, automated or AI-driven — and adds independently verifiable proof records to the workflows teams already run.
Integration question: where are the key lifecycle events, and can those events call a lightweight proof API?
Why it matters
GovernanceHuman review proofShow clinician review and sign-off occurred.
IntegrityChange detectionVerify whether the final record changed after approval.
AuditLifecycle evidenceDraft, sign-off, export and amendment events become provable.
PrivacyNo content storedOnly approved metadata, hashes and proof receipts.
Pixel-level change localization for trusted imaging workflows.
Seal imaging evidence, detect byte-level change, localize the affected pixel and grid region, and generate a privacy-preserving integrity capsule with near-instant verification — without storing the underlying medical image.
Integrity proof only: not diagnostic, not clinical validation, and not a replacement for qualified review.
Workflow fit: attach portable, independently verifiable proof records to imaging workflows you already run — across DICOM/PACS-style evidence, AI outputs, review events, exports and clinical handovers.
1. Seal an original imaging file
Use the built-in CT demo image or select a local image. The file is read in the browser and is not uploaded or stored. Then add a controlled sub-mm demo alteration to the second image and localize the affected evidence region.
Original / sealed
Changed / localized
Sealed gridChanged regionForensic review zone
Whole-file stateNot sealedSHA-256 detects whether the evidence state changed; verification is near-instant in this demo.
Localization scorePendingScore reflects how tightly the pixel delta is concentrated into a reviewable grid zone.
Media storage0 bytesCapsule stores hashes and metadata, not the image.
2. Integrity capsule payload
After sealing or comparing, the capsule below shows the metadata-only proof payload: evidence fingerprint, pixel-delta state, grid localization, localization score, custody context, sequence, storage posture and verification timing.
Healthcare evidence needs more than storage. It needs independent proof.
Create a portable integrity capsule for healthcare evidence — containing a SHA-256 evidence fingerprint, chain of custody, sequence and public proof receipt, without storing or exposing sensitive healthcare files.
Live demo: choose one healthcare workflow below and generate a real integrity capsule in seconds.
Workflow fit: most healthcare systems store and display evidence. GetIntegrityAPI adds the portable proof layer, attaching independently verifiable receipts across imaging, pathology, clinical handovers, device records and batch evidence.
Demo 01
Imaging Evidence Integrity
Example payload IMG-DEMO-2026-001
Integrity layer Metadata, SHA-256 digest, chain of custody, sequence and public proof receipt.
Get a scoped API key, open the interactive API docs, create your first tamper-evident proof, and verify it publicly — without storing sensitive business payloads.
Fast path: from API key to verified proof
This path is designed for developers, founders, compliance teams, and operators who want to test GetIntegrityAPI before integrating it into a production workflow.
01
Request a scoped API keyUse the access request form. Developer and Pro demo keys can be issued instantly for quick evaluation and first proof generation.
02
Open the interactive API docsUse Swagger to explore the Proofs endpoint and authorize with your scoped key.
03
Create a proof capsuleSubmit a small metadata-only payload for a file, action, record, transaction, or workflow event.
04
Verify the proofOpen the public verification URL or paste the proof ID into the website verifier.
Start with a simple metadata-only event. Keep sensitive documents, files, and business content outside the payload. Submit hashes, timestamps, IDs, and approved context only.
Metadata-only examplesafe pattern
eventrecord.created
subjectcustomer_onboarding_file
hashsha256:example_digest_here
metadata.systemdemo
metadata.operatorhuman-led
metadata.purposeevaluation
metadata.environmentsandbox
InputMetadata + hashesNo sensitive file or document storage required.
OutputProof ID + URLPublic verification without requiring a platform account.
EvidenceReceipt-readyDesigned for audit, handover, compliance, and review workflows.
Use casesAny eventRecords, files, actions, releases, transactions, AI outputs.
Best practice: submit only what needs to be proven. Use cryptographic hashes and approved metadata, not sensitive customer, patient, or proprietary content.
Public verificationMetadata-only postureSHA-256 integrityProof receiptsHuman-led, automated, and AI-driven workflows
Create a verifiable CI/CD publish receipt in under 5 minutes.
Add the GetIntegrityAPI Proof-of-Publish Action to a GitHub workflow and generate a public verification URL, SHA-256 receipt digest, PDF receipt, and downloadable artifact bundle for your release or deployment event.
Fast path: from workflow to publish receipt
Use this path when your team wants release integrity evidence directly from GitHub Actions. Each successful run creates a verifiable receipt that can be retained with release, audit, or compliance records.
01
Add your API key as a GitHub secretCreate a repository secret named GI_API_KEY under Settings → Secrets and variables → Actions.
02
Create the workflow fileAdd .github/workflows/publish-receipt.yml to the repository where publish proofs should be generated.
03
Use the Proof-of-Publish ActionAdd the Action snippet to the workflow and pass your scoped key from GitHub Secrets.
04
Run, verify, and retain artifactsOpen the public verification URL and download receipt.json, receipt.sha256, and receipt.pdf.
The full workflow belongs in your GitHub repository. This is the core step that generates the publish receipt.
Core workflow stepcopy-ready
nameGenerate Publish Receipt
idpublish
usesGetIntegrityAPI/proof-of-publish@v1
api_key${{ secrets.GI_API_KEY }}
Outputproof_idUnique proof identifier for verification and evidence tracking.
Outputreceipt_urlPublic verification URL that reviewers can open without an account.
Outputreceipt_sha256SHA-256 digest for offline integrity verification.
Outputreceipt_pdf_pathRunner path to the generated human-readable PDF receipt.
Artifact bundlereceipt.json · receipt.sha256 · receipt.pdfDesigned for release records, audit packages, compliance review, and offline integrity verification.
Verification modelPublic receipt + retained artifactsReview proof status online, then preserve generated artifacts with your release or deployment records.
Best practice: use a scoped key, store it only in GitHub Actions Secrets, and preserve generated receipt artifacts with your release or deployment records. Use the demo repository for the full workflow example.
GetIntegrityAPI launch proof, recorded and independently verifiable.
GetIntegrityAPI launched publicly in April 2026. This record connects the public launch story with cryptographic proof artifacts generated through GetIntegrityAPI Proof of Publish.
Public Launch Finalization Proof
Records the final public launch state after the website, GitHub Marketplace, README, demo proof materials, LinkedIn pages, and public messaging were aligned.
This pricing and architecture model is intentional: verification must remain universally accessible and independently verifiable for trust to scale.
Powered by GetIntegrityAPI
Verification Across the Integrity Lifecycle
Verification Is Not a Single Moment — It’s a Lifecycle
Every verification follows a lifecycle: proving who did what, when, and where — before, during, and after it happens — and binding those events into proofs across every attestation and report.
No verifier data processing •No customer data storage• No stateful verification
For teams that require a precise, audit-grade understanding of how integrity, verification, and evidence relate — this is the reference architecture we use.
GetIntegrityAPI Lifecycle Model — Reference Architecture
The canonical model for integrity, verification, and auditability. This architecture defines how events become cryptographic facts, how those facts are verified independently, and how evidence holds under audit.
Proofs are cryptographically signed, metadata-only artifacts asserting that a specific event occurred at a specific time.
Generated at event time
Digitally signed (Ed25519)
SHA-256 digest integrity
Immutable once issued
No raw content stored
Proofs are atomic cryptographic records that form the root of all downstream verification.
Verification confirms authenticity and integrity of a proof.
Signature validation against published public keys
Hash recomputation and comparison
Stateless for verifiers
No platform retention required
Verification is always free and does not require dashboard access. Portable artifacts (PDFs, JSON exports, VAR reports) contain sufficient cryptographic material for independent validation against the public key registry. Verification does not expire.
A record is a logical grouping reference for related proofs.
Contains no stored content
Contains no mutable state
Used for indexing and navigation
Optional architectural layer
A record is a reference structure — not a storage container.
Logs are append-only streams of generated proofs.
Ordered
Sequential
Metadata-only
Immutable within retention scope
Logs show that events occurred. They do not assert relationships between events.
Lineage establishes verifiable ordering and relationships across proofs.
Parent / child references
Fork and merge recording
Sequence guarantees
Chain-of-custody continuity
Lineage forms a cryptographically linked event graph explaining how events relate over time.
Retention defines how long platform-hosted evidence remains available.
Policy-driven (e.g., 90 / 180 / 365 days)
Forward-only activation
Non-retroactive
Retention affects hosting guarantees — not cryptographic validity. Proofs remain verifiable indefinitely, even after platform retention expires.
Attestations are signed summaries of integrity posture across a defined time window.
Time-bound
Derived from proofs and lineage
Digitally signed
Exportable
They attest to integrity controls operating as configured during the stated period. They do not assert business correctness.
VARs (Verifier Attestation Reports) are single-event integrity receipts.
Human-readable
Machine-verifiable
Cryptographically signed
Portable
Each VAR encapsulates one proof with verification metadata, hash reference, timestamp, and validation method. VAR bundles (100- and 500-event packs) support recurring reporting cycles and structured compliance submissions.
Audit interpretation is external to the system.
The platform establishes cryptographic integrity facts
Auditors evaluate meaning and compliance impact
Verification is independent of the platform operator
The system proves integrity
Governance determines consequence
(function(){ const root = document.getElementById('mental-model'); if (!root) return; const isMobile = () => window.matchMedia('(max-width:767px)').matches; function getPadTop(){ return isMobile() ? 18 : 20; } function getPadBottom(){ return isMobile() ? 24 : 28; } function getOpenHeight(panel){ const inner = panel.querySelector('.acc-inner'); if (!inner) return 0; const innerHeight = Math.ceil(inner.getBoundingClientRect().height); return innerHeight + getPadTop() + getPadBottom() + 2; } function openPanel(panel){ if (!panel) return; panel.classList.add('open'); panel.style.maxHeight = 'none'; requestAnimationFrame(() => { const h = getOpenHeight(panel); panel.style.maxHeight = h + 'px'; }); } function closePanel(panel){ if (!panel) return; const h = getOpenHeight(panel); panel.style.maxHeight = h + 'px'; requestAnimationFrame(() => { panel.classList.remove('open'); panel.style.maxHeight = '0px'; }); } function syncItem(item){ const checkbox = item.querySelector('input[type="checkbox"]'); const panel = item.querySelector('.content'); if (!checkbox || !panel) return; if (checkbox.checked) { openPanel(panel); } else { closePanel(panel); } } function syncAll(){ root.querySelectorAll('.acc-item').forEach(syncItem); } root.querySelectorAll('.acc-item input[type="checkbox"]').forEach((checkbox) => { checkbox.addEventListener('change', function(){ const item = this.closest('.acc-item'); if (item) syncItem(item); }); }); if (window.ResizeObserver) { const ro = new ResizeObserver(() => { syncAll(); }); root.querySelectorAll('.acc-inner').forEach((el) => ro.observe(el)); } window.addEventListener('load', () => { requestAnimationFrame(() => { requestAnimationFrame(syncAll); }); }); window.addEventListener('resize', () => { clearTimeout(window.__mentalModelResize__); window.__mentalModelResize__ = setTimeout(syncAll, 120); }); if (document.fonts && document.fonts.ready) { document.fonts.ready.then(() => { setTimeout(syncAll, 0); setTimeout(syncAll, 120); }); } setTimeout(syncAll, 50); setTimeout(syncAll, 250); setTimeout(syncAll, 700); setTimeout(syncAll, 1400); })();
This visible result is shortened for readability, while the copied example preserves the full stored verification response.
Verification confirms the stored capsule, digest integrity, Ed25519 signature, and the original metadata-only payload for 703185ca-8334-40cb-add0-561e85704264.
Verification can be performed by anyone — without authentication — ensuring proofs remain independently verifiable and cryptographically trusted.
Fast, portable, independently verifiable cryptographic proofs — with free public verification and zero customer data stored.
Why Teams Trust GetIntegrityAPI
GetIntegrityAPI provides a universal integrity layer for systems and workflows — issuing cryptographically signed, metadata-only proofs with deterministic verification and audit-grade lineage.Built for engineering, security, compliance, and operations teams, the platform ensures independently verifiable evidence across deployments, documents, releases, and events — without data custody or verification lock-in.
What teams count on:
Instant verification → Scales globally in milliseconds
Free public verification → Verify any issued proof at no cost, without authentication
Stateless verification → No customer data stored
Portable proofs → JSON, signed PDFs, or embeddable verification links
Independently verifiable → Works online, offline, or off-grid
Audit-ready → SOC 2, ISO 27001, GDPR, AI governance, and regulatory-aligned evidence outputs
Simple API → One call: attest, verify, report
Predictable pricing → Pay only for proofs you generate
Millisecond-scale verification • No customer data persisted • Public verification always free
Stateless by design — minimizing storage, infrastructure, and energy overhead.
Powered by GetIntegrityAPI
The Integrity Layer that powers every proof-based workflow — including:
The integrity layer for modern digital infrastructure — engineered for scale, speed, and sovereignty.Built to generate tamper-evident cryptographic proofs and enable independent, online or offline verification — without platform lock-in or verifier data retention.
GetIntegrityAPI is an integrity API service operated by Intellactuate Pty Ltd (ABN 97 623 952 554). Registered in Australia. 🌍 Serving clients worldwide.
Intellectual property protected — two related patent applications filed in September 2025, covering a tamper-evident verification architecture enabling independent verification through a stateless design, without reliance on a specific platform, alongside offline-capable portable proofs using metadata-only, hash-based evidence, and scalable cross-industry deployment.
Our promise: Every record, every action, every proof — sealed in milliseconds.
Powered by GetIntegrityAPI
The Integrity Layer for the Internet — verifiable by design, portable by default.
Built to reduce audit friction and compliance overhead across modern systems.
Whether your workloads run continuously or surge unexpectedly, proof generation scales with demand — while verification stays instant, predictable, free, and audit-ready in real time.
⏳
Slots
Always-on proof generation & verification channels for continuous assurance
Dedicated validator channels — reserved exclusively for your organization.
Ideal for councils, enterprises & regulators — continuous audit readiness.
Use anytime — audits, inspections, peaks, or trial projects.
Low-commitment entry point — ideal for innovation and pilot teams.
Scales instantly — from pilot to enterprise rollout.
Capacity is reserved (Slots) or priority-routed (Micro-Slots) — never best-effort.
Scaling Integrity — Flexible by Design
Integrity demand isn’t linear. Your verification infrastructure shouldn’t be either.
Slots — Always-on verification channels for councils, enterprises, and regulated operations needing continuous assurance.
Micro-Slots — Shared validator capacity with predictable monthly throughput — priority routing and regional residency alignment for hybrid SaaS + mid-size teams.
Bursts — Elastic, prepaid validation bundles for audits, inspections, reconciliations, peaks, trials, or fast-moving innovation teams.
Instant Scale — Move from pilot to enterprise rollout seamlessly, with portable proofs aligned to SOC 2, ISO 27001, GDPR, HIPAA, and more.
Slots deliver predictable throughput. Bursts deliver instant surge capacity. Both operate on the Sovereign Validator Cloud — the region-pinned, audit-grade infrastructure behind all scaling modes.
One engine, two scaling modes — purpose-built for real-world integrity workflows.
Where Compliance Becomes Provable Not policies • Not dashboards • Cryptographic evidence
Turn policies, rules, and operational controls into cryptographically verifiable outcomes — enforced automatically by systems and provable independently to regulators, auditors, and insurers.
Compliance Hooks validate real system actions against proof — at the moment they occur — producing audit-ready evidence by default, not after the fact.
Compliance That Runs Itself — Automatically, in Real Time
Compliance That Regulators Can Verify, Instantly
Traditional compliance systems enforce rules and generate logs.Compliance Hooks evaluate proofs generated by the Integrity Workflow, meaning:
Compliance decisions are made against cryptographic evidence.
Not logs, screenshots, dashboards, or vendor trust.
Every decision is deterministic, reproducible, and independently verifiable.
“Forever” refers to cryptographic verifiability of the proof itself; platform-hosted verification is policy-governed.
With Compliance Hooks, your rules enforce themselves — creating real-time, verifiable integrity through automation.
🌱 Proof Farming extends this system only after Compliance Hooks validate proofs, ensuring that only policy-compliant actions are scaled into recurring evidence:
Compliance program
ESG reporting
Operational integrity
Continuous assurance
Compliance Hooks are the trust gate.Proof Farming is the scale layer.
The Green Successor to Mining Real Verification • Reusable Proof • Zero Speculation
Earn proofs by performing meaningful verification work — replacing wasteful computation with verifiable integrity.
What You Can Do With Proof Farming
Proof Farming enables individuals, teams, and organizations to earn by powering real-world verification — not speculation.When your machine performs authorized verification work, it farms a proof — a real, measurable unit of integrity used by enterprises worldwide.This yield of integrity becomes reusable proof value for compliance, ESG, and operational trust.No rigs • No mining • No waste Just real work → real integrity → real value
Why it matters:
No rigs required → Runs on laptops, mini-PCs, or lightweight nodes.
Deterministic rewards → Every verification produces a proof. No randomness.
Green by design → Uses a tiny fraction of mining energy, with forensic accuracy.
Real-world impact → Proofs power finance, healthcare, compliance, and cybersecurity.
Enterprise-ready → Proofs are portable, verifiable, and immediately useful.
This is the beginning of a new trust economy — powered by real work, never speculation.
✅ No mining ✅No tokens✅No customer data processed
The Proof Economy
The Proof Economy transforms real verification work into trust-grade, portable units of integrity.Instead of mining or speculation, integrity is created when organizations verify real actions at scale.These cryptographically attested proofs become utility assets relied on by enterprises, regulators, insurers, infrastructure operators, and audit teams.Together, they form the backbone of a distributed integrity ecosystem — where value is created only when real work is verified.
Participation-Based Revenue,Not Service Fees
Participation rewards are based on verifiable workload contribution, not speculative incentives.
How Value Flows
Demand is driven by real-world verification volume — compliance checks, inspections, approvals, transactions, events, file lineage, and audit workflows.
Supply comes from distributed validator capacity — home units, desktops, managed fleets, and sovereign slots — performing real verification work on behalf of customers.
Value is created by producing proofs that enterprise customers rely on to demonstrate integrity, continuity, compliance, and operational correctness.
No speculation — proofs are generated only when real actions are verified. No mining, no tokens, no synthetic incentives.
Why Enterprises Drive the Economy
Proofs are portable — independently verifiable, with long-term cryptographic validity.
Proofs are audit-grade — align with SOC 2, ISO 27001, financial controls, and regulated workflows.
Proofs are universal — work across apps, systems, industries, and countries.
Verification is always free — encouraging adoption by auditors, regulators, insurers, and public bodies.
What Makes It a True Economy
Real workloads — real proofs (not speculative or synthetic).
Growing enterprise demand as more industries automate compliance.
Transparent metering — capacity, routing, and payout logic are verifiable.
Distributed participation — households, operators, and institutions contribute capacity.
Sovereign trust — region-pinned, regulator-aligned validation.
Integrity protected. Proof designed for audit — without storing your data.
Core Security Controls
Non-custodial by design — GetIntegrityAPI verifies cryptographic proofs without storing customer documents, payload content, secrets, or financial assets.
Tamper-evident integrity model — Proofs and lineage records are cryptographically hash-linked and signed, enabling deterministic detection of modification.
Encryption in transit and at rest — TLS 1.2+ protects data in transit. Stored evidence is encrypted at rest using managed encryption mechanisms.
Configurable retention windows (90 / 180 / 365 days) — Select how long stored evidence (proofs, lineage, attestations) is retained. Exports are available at any time; deletion follows defined policy rules.
Redundant backups — Regular backups are maintained to support resilience and operational recovery.
Coordinated disclosure policy — Security reports are handled through a defined responsible disclosure process.
Assurance & Audit Readiness
Framework-aware security design — Access control, logging, cryptographic integrity, monitoring, and retention mechanisms are structured to support recognized compliance frameworks including SOC 2, ISO 27001, NIST CSF, HIPAA technical safeguards, and AI governance controls.
Privacy-supportive architecture — Non-custodial processing, data minimization, and configurable retention support GDPR and CCPA principles.
Independent verification model — Signed proofs, audit exports, attestations, and VAR reports can be validated against the platform’s published public key registry.
No certification claims — Alignment does not imply certification unless explicitly stated.
Your data stays yours. We minimize collection and retain only what’s required to operate, secure, and improve the service.
Minimal data collection — Only account details, essential usage metrics, operational logs, billing records, and security events required to run the service are stored.
No customer content — Stored evidence consists of cryptographic hashes, timestamps, identifiers, signatures, verification metadata, and audit records — not raw customer content.
Analytics — We may use privacy-conscious website analytics, including Google Analytics, to understand aggregate site usage, improve pages, and measure performance. Analytics may use cookies or similar technologies. We do not use advertising cookies, retargeting pixels, or cross-site behavioural advertising unless explicitly disclosed and consented to where required.
Configurable retention — Default hosted proof retention is 90 days. Extended hosted retention, such as 180 or 365 days, may be provisioned for approved regulated, compliance, or enterprise arrangements.
Independent verification unaffected — Public verification records, signed receipts, exported artifacts, hashes, and offline-verifiable evidence may remain usable independently of hosted retention windows.
Exports & deletion — You may export or request deletion of your data, subject to legal, security, billing, fraud-prevention, and audit obligations.
No resale. No sharing. No monetization. Data is never sold. We do not monetize customer data.
Designed to support GDPR and CCPA principles including purpose limitation, data minimization, transparency, access, portability, and deletion.
GetIntegrityAPI is designed to support regulated environments and independent audits.
Framework-aware design — Operational, cryptographic, and logging controls are structured to support recognized compliance frameworks including SOC 2, ISO 27001, NIST CSF, HIPAA technical safeguards, and emerging AI governance standards.
Audit-ready by default — Proofs, lineage records, attestations, VAR reports, and signed audit exports are generated in structured formats suitable for external auditors and regulators.
Independent verification model — Signatures and exported artifacts can be validated against the platform’s published public key registry.
No certification claims — Alignment does not imply certification unless explicitly stated.
No custody — We do not handle funds, tokens, financial assets, or returns.
Not a financial service — We are not a bank, processor, or exchange.
Fair use — Do not misuse, disrupt, or attempt to interfere with the API.
Service level — Best-effort availability; refunds are governed by Australian consumer law.
Governing law — Operated under Australian law by Intellactuate Pty Ltd (ABN 97 623 952 554).
📬Contact us
If you have any questions, require support, or would like to explore a partnership, please reach out.From billing and API operations to compliance and commercial enquiries, every message is reviewed by a human — with secure tooling assisting our team to provide fast, consistent, and high-quality responses.
These principles apply uniformly to household units, desktops, clusters, and managed fleets.
2. Hardware Requirements
Household Units (Individuals & Small Offices)
Designed for low-energy, continuous operation.
Minimum requirements
64-bit CPU (x86_64 or ARM64)
4 GB RAM (8 GB recommended)
20 GB free disk space (SSD preferred)
Hardware clock with stable timekeeping
TPM or secure enclave recommended (not mandatory)
Supported examples
Laptops (dedicated or lightly used)
Mini-PCs (Intel NUC, ARM SBCs, equivalents)
Small desktop workstations
Approved pre-configured validator units
Not required
GPUs
High-performance CPUs
Mining hardware
Specialized accelerators
Managed Fleets (Operators, Funds, Institutions)
Designed for scalable, high-availability operation.
Minimum per-unit requirements
Server-grade or workstation-grade hardware
8 GB RAM minimum (16 GB+ recommended)
SSD-backed storage
Stable clock synchronization (NTP/PTP)
Redundant power where feasible
Fleet-level capabilities
Multiple validator units per location
Consistent hardware profiles across units
Ability to apply updates uniformly
Monitoring access for uptime & throughput
3. Network Requirements
All Validators
Reliable broadband connection
Low packet loss and stable latency
Outbound HTTPS/TLS allowed
No inbound ports required
Firewall/NAT supported
Works with
Residential ISPs
Corporate networks
NAT, firewalls, and restricted environments
IPv4 or IPv6
Does NOT require
Public IP addresses
Port forwarding
VPN tunnels (unless operator-managed)
Managed Fleets (Additional)
Redundant networking preferred
Region-aware routing support
Optional private peering for sovereign programs
Ability to enforce regional residency rules
4. Power & Physical Environment
Household Units
Stable mains power
Surge protection recommended
UPS optional (recommended for high uptime)
Well-ventilated, dry location
Away from heat sources
Managed Fleets
Redundant power where feasible
Environmental monitoring (temperature, airflow)
Documented physical access controls
Compliance with local zoning/regulatory rules
5. Security & Isolation
All validators must ensure:
OS-level isolation from unrelated workloads
Regular security updates
Restricted administrative access
No co-hosted untrusted software
No inspection of customer-related metadata beyond verification needs
Important: Validators never decrypt, inspect, or store customer content — even fleet operators cannot access it.
6. Software & Configuration
Approved validator runtime only
Automatic update channel (signed)
Deterministic build verification
Cryptographic identity per validator unit
Secure key storage (hardware-backed preferred)
Not permitted
Modified validator binaries
Debug hooks in production
Traffic interception or manipulation
Co-resident mining or speculative workloads
7. Energy Efficiency & Profiling
All validators participate in energy-aware operation.
Energy usage is measured relative to output
Efficiency scores influence routing & payouts
Household units may tune profiles (eco / balanced)
Fleet operators may optimize at scale
Energy efficiency improves rewards, but never compromizes verification integrity.
8. Uptime, Availability & Performance
Household Units
Expected uptime: best-effort
Graceful handling of offline periods
No penalties for temporary disconnects
Managed Fleets
Uptime targets defined per program
SLA-aligned availability for enterprise slots
Participation in priority routing programs
9. Compliance & Audit Alignment
Validator operation is aligned with:
SOC 2 principles
ISO 27001 controls
NIST CSF
Financial and insurance audit requirements
Government & sovereign deployment models
Operators may be asked to attest to compliance posture, but never to customer data handling, as no customer data is processed.
10. Approval & Activation
All validator units follow the same lifecycle:
Verify eligibility (hardware + network)
Approve configuration
Register cryptographic identity
Activate routing & metering
Begin proof farming
Managed fleets may batch-approve units under a single operator profile.
11. What Validators Never Do (Explicit Guarantees)
No mining
No tokens
No speculation
No randomness
No customer data storage
No opaque reward logic
Proof Farming produces real proofs from real work — nothing else.
Summary
Validator Unit Requirements ensure that anyone can contribute capacity, while enterprises, regulators, and insurers can trust the outputs completely.Whether you operate:
a single household unit, or
a multi-region managed fleet,
the guarantees are the same:deterministic verification, audit-grade proofs, and transparent revenue.
This section explains why integrity can no longer be assumed — and why verification must become infrastructure.
Trust used to be implied
Today, it must be proven — instantly, independently, and at scale.Modern systems move faster than traditional audit and compliance models can follow.Records, actions, and transactions now span APIs, clouds, devices, and jurisdictions — yet integrity is still proven using manual logs, screenshots, and after-the-fact reconciliation.This gap is where trust breaks.
The problem
Most organizations still rely on:
Logs that can be altered or selectively retained
Centralized systems that require trust in the operator
Expensive, time-bound audits that reconstruct events weeks or months later
Verification processes that are slow, opaque, and costly
As systems become more distributed and automated, these approaches no longer scale. These models assume trust. Modern systems require proof.
The shift
Integrity is moving from process-based trust to cryptographic evidence.Instead of asking “Do we trust this system?”, modern audits ask:
Can this record be independently verified?
Can its integrity be proven without access to raw data?
Can anyone verify it — now or later — without permission?
Verification must be portable, immediate, and non-custodial.
GetIntegrityAPI Model
GetIntegrityAPI introduces a universal integrity layer built around a simple principle:Generate proofs once. Verify them forever — free, instant, and without storing data.
Proofs are generated once and sealed cryptographically
Verification is stateless, always free, and requires no accounts
Proofs can be verified online, offline, or independently — forever
Why this changes everything
Verification becomes infrastructure, not a cost centre.By separating generation from verification:
Audits accelerate — evidence is already sealed
Compliance overhead drops — no reconstruction
Verification costs collapse — no accounts or fees
Trust scales globally — without custody or lock-in
Integrity becomes continuous — not reactive.
What proofs become
Proofs are not logs. They are cryptographic artifacts that can be:
Embedded into attestations
Aggregated into audit-ready reports (VARs)
Exported as signed JSON, PDFs, or verification links
Chained into lineage trails across workflows and systems
Used across files, events, deployments, transactions, and operations
One proof engine • Many outputs • Zero lock-in
Built for the systems that come next
GetIntegrityAPI is designed for environments where:
Data cannot be centralized or retained
Verification must work offline or across borders
Compliance must be proven without exposing content
Infrastructure must be resilient, sovereign, and energy-efficient
Stateless by design. Non-custodial by default. Audit-ready from the first event.Designed to evolve toward fully decentralized verification models.
The outcome
Teams using GetIntegrityAPI:
Accelerate audit preparation
Reduce compliance overhead
Give auditors clearer, independently verifiable evidence
Minimize internal effort and manual workflows
Integrity becomes automatic — not an operational burden.
Why now
As regulation tightens and systems decentralize, verifiable integrity is becoming mandatory.That matters because audit, compliance, customer trust, and regulated operations often require more than logs, dashboards, or screenshots.The question is no longer if integrity must be proven — but how efficiently, how independently, and at what cost.GetIntegrityAPI is built for that future.
Two related patent applications filed in September 2025, covering a tamper-evident verification architecture enabling independent verification through a stateless design, without reliance on a specific platform, alongside offline-capable portable proofs using metadata-only, hash-based evidence, and scalable cross-industry deployment.
Common Questions & Clarifications
Clear answers to common technical, security, and compliance questions.
Clarification: Verification is intentionally designed to be stateless, non-custodial, and computationally lightweight.
Because verification does not store customer data, does not require accounts, and performs deterministic cryptographic checks, it incurs minimal operational cost. This allows verification to remain globally accessible, instant, and free — without trade-offs.
Free verification is a design decision, not a promotional tactic.
Clarification: Logs record events. Proofs cryptographically seal them.
Each proof is tamper-evident, independently verifiable, and portable across systems — without relying on the issuing platform.
This moves integrity from internal logging to externally verifiable evidence.
Clarification: Traditional blockchains introduce latency, public exposure, fees, and operational complexity.
GetIntegrityAPI delivers private, low-latency, offline-verifiable proofs without consensus delays or custody requirements.
The result is enterprise-grade integrity at real-world speed and cost.
Clarification: No. Certification is performed by auditors — not platforms.
The system produces verifiable evidence aligned with audit expectations and regulatory frameworks.
Auditors certify. GetIntegrityAPI supplies the proof.
Verify access, inputs, events, logs, files, and transactions — before they happen, as they happen, and long after.
The Integrity Lifecycle consists of six verification layers:
These lifecycle layers are part of the broader Integrity Lifecycle — governing how evidence is generated, enforced, retained, and verified over time.
Powered by GetIntegrityAPI
One Proof Engine — Any Workflow
Every verification follows the same trusted process:
Capture — Inputs, events, logs, files, or transactions are hashed, attested, and packaged into tamper-evident proofs — including field actions, measurements, or handoffs.
Verify — Each proof is verified in milliseconds via API or independently using portable proof artifacts — stateless for verifiers and audit-ready.
Record — Proof metadata is immutably recorded with configurable retention (90 / 180 / 365 days).
Export — Generate audit-ready reports aligned with SOC 2, ISO 27001, GDPR, HIPAA, and more.
Integrate — Attach proofs to existing systems: CMMS, EHR, finance platforms, IoT/OT networks, public-sector workflows, or field-inspection operations.
A single lifecycle, infinite applications — from diagnostics and access control to inspections, reconciliations, and cross-system handoffs.
Any record • Any source • Any system — verifiable instantly, without storing underlying business data.
Proof Workflow in Practice
From system event to verification — a real-world proof lifecycle.
1
EVENT
What happens
A system action occurs (deploy, upload, transaction)
Triggered by software, user, or automated workflow
No integrity-specific step required
This is a real operational event — not an audit task.
2
PROOF
What is generated
Cryptographic hash + immutable timestamp
Actor, system, and context metadata
Signed proof capsule (portable)
Metadata only. No content, files, or secrets.
3
RECORD
How it’s preserved
Proof metadata is immutably recorded
Ordered sequence ensures lineage
Retention rules applied (90 / 180 / 365 days)
Ordering and retention are policy-driven, not inferred later.
4
INTEGRATE
Where it flows
APIs, dashboards, workflows, or systems
CI/CD, CMMS, EHR, ERP, public-sector platforms, and automation platforms like Zapier / Make
No vendor lock-in
Proofs move freely — systems don’t become sources of truth.
5
OUTPUT
What’s produced
Audit-ready evidence record
Optional attestation or VAR bundle
JSON / PDF export
Evidence is created at event time — not reconstructed later.
6
VERIFY
How anyone confirms
Online: API-based verification
Offline: portable proof artefacts (PDF / JSON)
No account required · always free
Generate once·Verify forever
“Forever” refers to cryptographic verifiability of the proof itself; platform-hosted verification is policy-governed.
Integrity attached to the workflow you already run.
A maintenance, inspection, or project-completion event happens in your existing systems. GetIntegrityAPI creates portable proof, packages evidence, and attaches it back for operations, audit, and AI-ready decision-making.
Audit & complianceReviews portable, cryptographically sealed records.
✓
AI / analytics systemsProcess trusted inputs instead of unverifiable data.
No workflow replacementNo vendor lock-inMetadata-only proofPortable evidence records
Existing systems in. Portable evidence out. One integrity pattern works across inspections, maintenance, handovers, releases, audits, and regulated workflows.
Inspection Integrity — portable, independently verifiable, and audit-ready by design
Inspections occur across every industry — equipment checks, safety audits, compliance tests, field reports, maintenance logs, handovers, and operational sign-offs.With GetIntegrityAPI, every step can generate tamper-evident cryptographic proofs instantly — without changing existing tools, workflows, or infrastructure.
How it works:
Capture → Technicians record inspection data, photos, measurements, or approvals. Only cryptographic hashes and metadata are processed, producing a verifiable proof of the event at the point of capture.
Verify → Supervisors, auditors, or automated systems verify proofs in milliseconds — via public verification endpoints or offline verification using portable proof artifacts.
Log & Export → Proof events can be exported as portable JSON artifacts, QR-verified PDFs, or structured reports designed for audits, compliance reviews, and regulatory submissions.
From a single verification workflow, teams gain trusted inspection records, lower audit overhead, and defensible operational evidence — across industries and regulatory environments.
One Integrity Layer for Every Inspection
Every inspection proof follows the same trusted lifecycle:
Portable verification — proofs can be independently verified without platform dependency.
Offline-capable validation — portable artifacts support verification even in remote or restricted environments.
Minimal data exposure — only hashed fingerprints and metadata are processed; operational data remains in your systems.
Cryptographically sealed provenance — timestamps, signatures, and lineage establish tamper-evident event history.
Framework-aware reporting — outputs align with common audit and governance frameworks including SOC 2, ISO-aligned controls, ESG reporting, and AI governance requirements.
Operational interoperability — proofs attach to existing systems such as CMMS, EAM, EHR, ERP, IoT/OT platforms, and regulatory reporting portals.
Energy-efficient verification — proof generation and validation require minimal compute and infrastructure overhead.
All use-cases follow the same trusted verification lifecycle — portable, stateless, and audit-ready by design.
All use-cases follow the same trusted verification lifecycle — portable, stateless, and audit-ready by design.
Explore how the Integrity Layer applies across critical industries — each following the same trusted verification lifecycle. Verification is instant online, with offline verification for portable proofs (PDFs / JSON capsules).
What it is: Tamper-evident integrity for diagnostics, handovers, EHR updates, imaging workflows, and clinical decisions — portable across providers.
Connect your systems to portable, audit-ready proofs.
Every verification workflow can attach proof records to your existing systems — without migration, agents, or vendor lock-in.
Integrations follow one simple pattern
Capturerecord the event
Verifyconfirm integrity
Recordseal the proof
Exportpackage evidence
Attachconnect to system
Stateless verificationProofs can be checked without depending on a closed platform workflow.
Portable artifactsEvidence can travel with files, handovers, releases, records, and audit packages.
Cryptographic sealingProof records are designed for tamper-evident review and long-term verification.
Verification remains portable, offline-verifiable, and cryptographically sealed — ready to attach wherever business-critical records are created, reviewed, approved, or handed over.
No migration requiredNo agents requiredNo vendor lock-inAudit-ready proof artifacts
Powered by GetIntegrityAPI
Integration Categories
Connect the GetIntegrityAPI Integrity Layer to the systems you already use. Each category follows the same pattern: Capture an event, verify it, generate a cryptographic proof, and attach it back to your system.
Identity & Access
Bind identity, device, and credential events to tamper-evident proofs.
The Sovereign Validator Cloud provides dedicated, region-pinned, audit-verifiable validator capacity for governments, banks, councils, infrastructure providers, and regulated enterprises.All sovereign regions enforce strict data residency: proofs are generated within-region, and only verification metadata propagates — never raw data, private records, or underlying content. Verification remains free, independent, stateless, and globally accessible.
This enables national-scale proof generation with independent verification through:
Dedicated validator Slots
Reserved monthly Micro-Slots
Residency-controlled proof routing
Compliance-aligned proof lineage
Regional uptime SLAs
Independent audit linkage through verifiable attestations and VAR reports
Designed for sovereign systems, public institutions, and mission-critical workloads.
Turn approved home units, desktops, or managed fleets into metered validator capacity — with transparent routing, energy-aware operation, and fiat-denominated payouts.
What is proof farming?
Proof Farming connects approved validator capacity to real verification workloads.Each validator unit receives verification workloads and executes cryptographic verification events, and earns a share of the revenue generated by verification workloads.Every validation is stateless, tamper-evident, and never processes customer data.
Home Units
Small, energy-tuned validator units — ideal for homes or small offices
Single approved unit, desktop, or a small cluster
Automatic routing + real-time metering
Local energy-efficiency profiles
Transparent monthly fiat payout summary
Managed Fleets
Validator fleets operated by funds, family offices, or infrastructure investors
1–50+ units under a managed operator model
Fleet-level uptime + revenue reporting
Region-aware routing + global workload pooling
Eligible for dedicated capacity programs, subject to availability
Hardware & network basics
Every validator must meet a consistent baseline for stability, safety, and performance.
Home Units
Approved validator unit or workstation-class desktop
Reliable broadband (low jitter, wired preferred)
Stable power (surge protection or UPS recommended)
Basic router/firewall access for validator traffic
Safe physical placement (ventilated, dry, away from heat)
Operators & Funds
Dedicated room or micro-facility for multiple units
Redundant power & networking (where feasible)
Monitoring access for uptime & throughput
Documented access control for staff/contractors
Ability to meet local regulatory or zoning requirements
Full specifications and PDF copies of the Validator Unit Requirements and Operator Guide packs will be provided during onboarding.
How onboarding works
Both household units and investor fleets follow the same verify → approve → activate model.Capacity activation occurs in phases during the pilot and is subject to regional availability and system readiness.
Household Validators
Request the Household Unit Pack
Confirm eligibility + specs
Assemble or register your approved validator unit
Connect power + network, run validation checks
Enable routing & metering in the operator console
Review first-month performance and tune energy profile
Investor Bundles
Define bundle size + operating jurisdictions
Finalize operator model + revenue-sharing framework
Provision or migrate units to approved configuration
Attach fleet to Enterprise Slots or Micro-Slots
Enable fleet-level reporting + payout schedules
How payouts are calculated
Proof Farming is not speculative — no tokens, no mining, no synthetic incentives.Validators earn based on real verification workloads, measured through:
Volume of proofs routed
Measured uptime and responsiveness
Participation in priority & dedicated programs
Energy-efficiency score
Regional Workload Guarantee
Validators do not depend solely on local demand.All capacity draws from a global workload pool, providing:
Global workload pooling ensuring regional fairness
Baseline internal validation traffic (non-customer, integrity-check workloads) in low-demand regions
Internal integrity checks that produce continuous verifiable work
Surge redistribution during high-load periods
This ensures predictable, stable payouts in any region, including during early network growth.During the pilot phase, payout volumes may vary as routing weights, demand patterns, and capacity programs mature.
A regulator-grade map of how capacity becomes verifiable proofs, how proofs become audit-ready artifacts, and how enterprise demand funds deterministic payouts — no mining, no speculation, metadata-only.
1) Full Architecture (Capacity → Work → Proof → Attestation → Revenue)
2) Household Version (Simple + Easy to Understand)
Audit-Ready Cryptographic Evidence for Critical Events
Attestations provide signed evidence of what occurred across a proof range.Verifier Attestation Reports (VARs) provide a formal, verifier-ready report for a single proof or event.
Metadata-only, hash-based by design— no document content leaves your environment.
Attestations are generated from proofs — not manual interpretation.
A structured breakdown of attestations, VAR reports, lineage logs, and readiness drills — built for audits, regulators, compliance teams, and mission-critical operations. All outputs are cryptographically signed and independently verifiable — online or offline — with no reliance on the platform.
Attestations are cryptographically signed summaries of system behaviour, proof generation, user actions, and lineage metadata. They provide auditors, regulators, and internal risk teams with verifiable evidence of integrity across workflows.
They deliver:
Regulator-grade proof of integrity
Immutable, tamper-proof logs
Full timestamp + sequence lineage
Zero-content exposure (metadata only)
Exportable PDF or JSON formats
Used by organisations that require:
Operational transparency
Continuous compliance reporting
Framework-aware evidence packages (e.g., SOC 2, ISO 27001, NIST CSF, HIPAA technical safeguards, AI governance controls)
Insurance-grade verification
Government or regulated submissions
How attestations work
Generate proofs: Events or actions create cryptographic proofs
Validate lineage: Timestamp, origin, and sequence are confirmed
Sign attestation: A structured, audit-ready record is produced
Export or convert: Used directly or transformed into VAR reports
All verification links remain public and free, enabling instant validation via the platform or independent verification using portable proof artefacts.
VAR Reports (Verifier Attestation Reports) are signed, verifier-ready reports designed for audits, regulator filings, external disclosures, and customer trust validation.
Each VAR includes:
Source event summary
Proof metadata & cryptographic hash
Verifier identity & validation method
Timestamp (+ drift validation)
Chain-of-custody trail
Jurisdiction & compliance markers
Optional ESG efficiency badge (where applicable)
Ideal for:
Audit packages (SOC 2 / ISO 27001-aligned)
Insurance & legal evidence bundles
Banking & fintech trust disclosures
Public statements with verifiable backing
Internal governance & risk review
Control coverage documentation aligned to recognised compliance frameworks
VAR bundles (100- and 500-event packs for Pro and Compliance plans) support structured reporting cycles, audit checkpoints, and recurring evidence generation.
A proof layer for releases, events, documents, and automations across CI/CD pipelines, webhooks, and no-code tools.
Cryptographically signed • Independently verifiable •Zero-content exposure
Proof-of-Publish / Release Integritycreates signed proof receipts for releases, artifacts, and publish events with verification URLs and portable proof bundles.
Workflow Toolssuch as GitHub Actions, Zapier, Make, webhooks, and document pipelines run the work — while GetIntegrityAPI proves the outcome.
One verification model across releases, automations, documents, and event-driven workflows.
How the Integrity Workflow Layer Fits
Why it Matters
Workflow platforms are built to execute. Audit teams need evidence.GitHub Actions, Zapier, Make, webhooks, CI/CD tools, and document pipelines can trigger tasks, move data, publish files, and run automations. But their logs are usually locked inside the platform that created them, and they do not always provide independent, portable proof of the final business outcome.
GetIntegrityAPIadds that missing proof layer.
It turns important workflow outcomes — such as releases, published documents, webhook events, compliance reports, generated PDFs, and operational records — into signed, independently verifiable proof artifacts.That matters because audit, compliance, customer trust, and regulated operations often require more than a platform log or screenshot. Teams need to prove what happened, when it happened, what was published or generated, which payload or document hash was involved, and whether the proof can be verified outside the original workflow tool.In simple terms:
Workflow tools run the process.
GetIntegrityAPI creates the proof.
This lets teams keep their existing low-code, code-based, event-driven, or document-centric workflows while making every important outcome verifiable, portable, tamper-evident, and audit-ready.
Automated Integrity Workflows
Automated Integrity Workflows connect existing tools — such as GitHub Actions, APIs, webhooks, Zapier, Make, and document pipelines — to GetIntegrityAPI’s proof generation and verification layer.They can be used to generate signed proof artifacts for release verification, document authenticity, webhook events, compliance evidence, generated reports, and other high-value workflow outcomes.Designed for DevOps, SecOps, compliance teams, operations teams, and audit-heavy environments, these workflows help turn routine automation into verifiable evidence that can be checked by developers, auditors, counterparties, customers, and external stakeholders.Traditional workflow tools can execute actions and move data. GetIntegrityAPI makes the important outcomes independently verifiable.
What this layer delivers
Verified deploys → prove exactly when and what was published or deployed.
Automated proof generation → reduce manual evidence collection for audits and reviews.
Tamper-evident documents → make authenticity and verification part of the workflow by default.
Verified webhook and event pipelines → prove logs, alerts, transactions, and workflow triggers as independently verifiable records.
Portable compliance evidence → preserve signed proofs, verification URLs, and offline-verifiable artifacts across tools and environments.
Developer and no-code integrations → apply the same trust model across GitHub Actions, APIs, Zapier, Make, and document workflows.
Designed for DevOps, SecOps, compliance teams, and document-heavy operations.
✅Proofs attach to outcomes,not just tools or repositories.
Modern software delivery pipelines generate logs, statuses, and artifacts —but not an independently verifiable integrity record of what was released.
Release Integrity / Proof-of-Publish for GitHub Actions closes that gap by generating a publicly verifiable publish receipt for every CI/CD run.
A structured breakdown of Release Integrity, automation connectors, document workflows, readiness capabilities, and verified event pipeline patterns.
What It Does: Generates verifiable publish receipts for CI/CD releases, deploys, and website or application update events — with signed proofs, public verification URLs, and portable receipt artifacts. Only cryptographic hashes and metadata are processed; no document content or business data is stored. Proof-of-Publish captures cryptographic fingerprints and timestamps, not underlying content.
Who It’s For:
Engineering & DevOps teams
Security & compliance teams
Regulated SaaS & FinTech providers
Teams needing audit-friendly release workflows
Key Features:
GitHub Action for CI/CD pipelines
Auto-generated verifiable receipts
Public verification URLs and portable proof artifacts
Hash-only, zero-content exposure
Additional publish integrations available by request
Example Use Cases:
Verifying new app releases
Proving production deploys and publish events
Integrating release evidence into audits
Tracking and proving change history
Onboarding:
Install the GitHub Action
Add your scoped API key
Run the workflow or release event
Review the receipt URL and downloadable artifacts
FAQ:
Does this slow down CI? — No. Proof calls run with minimal overhead and are designed for workflow use.
Can receipts be public or internal? — Yes. Verification can support public or internal-facing usage patterns.
Proof-of-publish for GitHub Actions and audit-friendly CI/CD release workflows.
What It Does: Sends proofs automatically from operational workflows — without requiring custom middleware or bespoke event pipelines. Zapier and Make handle workflow orchestration. GetIntegrityAPI handles proof generation and verification. Automation platforms never become the source of truth — proofs remain portable, independently verifiable, and platform-independent.
Who It’s For:
Operations teams
Low-code builders
Document-heavy teams
Enterprise workflow designers
Example Automations:
Notion → Proof
Google Drive → Proof
Gmail → Proof
Slack → Proof
CRM → Proof
Forms → Proof
Capabilities:
Drag-and-drop automation patterns
Multi-step workflows supported
Signed metadata only leaves your environment
Designed for operational proof generation, not platform lock-in
Status / Provisioning:
Beta access by request
Provisioned with scoped access after review
Guided onboarding for initial workflows
Designed for controlled rollout before wider self-serve availability
Beta document-integrity workflows are currently provisioned by request with guided onboarding.
What It Does: Supports guided readiness validation before launch, milestone events, operational surges, audits, or controlled deployment windows. This is positioned as an assisted capability rather than a standard self-serve beta connector.
Reference workflow patterns showing how modular proof, stamping, reporting, and automation steps can be composed across the platform.
What It Does: Turns system events — deploys, logs, transactions, alerts, and workflow triggers — into verifiable, signed proof artifacts that can be routed across tools or stored for audits. Unlike traditional logs or webhooks, each event remains independently verifiable long after it was generated via portable proof artifacts, without requiring ongoing platform access.
Ideal For:
DevOps & SecOps event flows
Compliance & audit-driven teams
Cross-system integrations
Zero-trust, multi-cloud, and sovereign environments
Pipeline Capabilities:
Event → Proof → Archive
Event → Proof → Notification
Event → Proof → VAR Report
Event → Proof → Multi-Tool Workflow
Example Pipelines:
Log Event → Proof → Slack Alert: prove critical logs and alert teams instantly.
Transaction → Proof → Compliance Vault: make system actions audit-ready.
Event → VAR → Attestation: automate internal or regulatory reporting flows.
Recommended Framing:
Capability category / solution pattern
Not a standalone SKU unless separately provisioned and sold that way
Status reflects availability and onboarding model — not capability maturity.
Pricing Details & Onboarding Guide
A complete breakdown of all plans and pricing options — including plan inclusions, onboarding steps, and usage guidance.
Showing USD pricing.
What it is: A lightweight integrity API for generating cryptographically verifiable events from applications and backend services — without running validator infrastructure. Designed for teams adding tamper-evident proof generation to their products. Default hosted retention: 90 days
Pricing:USD $199/month • Includes 2M proof calls
Verification remains free and publicly accessible. Renews monthly. Cancel anytime. Access continues until the end of the billing period after cancellation.
Onboarding:
1. Get your API key instantly after checkout
2. Send events to the /proof endpoint
3. Receive tamper-evident cryptographic proofs
4. Verify proofs publicly using the verification API
5. Build verifiable integrity into your application events
Generate your first proof immediately after checkout.
Works with any backend • No validator infrastructure required • Verification remains free and publicly accessible
What it is: A high-volume integrity tier for production systems requiring batched proof generation, shared production workflows, and formal attestation outputs. Default hosted retention: 90 days. Extended retention available by arrangement.
Pricing:USD $499/month • Includes 10M proof calls and 100 signed VAR reports
Verification remains free and publicly accessible. Billed monthly. Cancel anytime. Access continues through the active billing period.
What you unlock:
• Higher-volume proof generation for production environments
• Signed VAR outputs for operational trust workflows
• Suitable for shared operational use across one managed account
• Verification remains free and publicly accessible
Onboarding:
1. Enter your email and confirm it to continue to secure checkout
2. Complete your Pro subscription in Stripe
3. Receive your secure API key reveal link by email
4. Reveal your Pro API key from the secure page
5. Start using Pro features and signed VAR outputs
Built for production-scale integrity workflows • Signed VAR outputs included • Verification remains free and publicly accessible
What it is: An audit-grade integrity tier for regulated and review-heavy environments that need verifiable ordering, formal attestation outputs, regulator-friendly evidence exports, and higher-volume audit reporting. Suitable for SOC 2, ISO 27001, financial services, insurance, and public-sector workflows. Includes 365-day hosted, searchable retention for qualifying Compliance accounts.
Pricing:USD $999/month • Includes 50M proof calls, 500 VAR bundles, and 500 compliance reports
Verification remains free and publicly accessible. Billed monthly. Cancel anytime. Access continues through the current billing period.
What you unlock:
• High-volume proof generation for regulated production environments
• Chain verification for integrity continuity checks via /verify/chain
• Attestation output generation via /attest
• VAR export workflows via /var
• Compliance report generation via /compliance/report
• Verification remains free and publicly accessible for independent validators
Onboarding:
1. Enter your email and confirm it to continue to secure checkout
2. Complete your Compliance subscription in Stripe
3. Receive your secure API key reveal link by email
4. Reveal your Compliance API key from the secure page
Designed for audit-ready evidence workflows • Verification remains free and publicly accessible • Built for external review and regulator-facing reporting
What it is: A reserved capacity model within the Validator Cloud providing Dedicated Slots or Reserved Micro-Slots, regional routing, and jurisdictional controls for teams requiring predictable performance and scoped operational guarantees. Capacity is provisioned without customers operating validator infrastructure directly.
Capacity models:
• Dedicated Slots for fixed, reserved validator capacity with scoped regional availability and operational assurance
• Reserved Micro-Slots for predictable monthly throughput within the validator pool, with priority routing and flexible scaling
• Burst-tolerant routing for peak periods, scoped events, and variable production demand
Engagement model: Capacity-based provisioning aligned to reserved throughput, region, residency, and operational assurance requirements. This is a scoped onboarding path rather than an instant self-serve API plan.
Onboarding:
1. Submit a reserved capacity request
2. Define region, throughput, residency, and capacity model requirements
3. Complete allocation review and scope confirmation
4. Provision Dedicated Slots or Reserved Micro-Slots
5. Activate routing, dashboards, monitoring, and operational reporting
Dedicated Slots and Reserved Micro-Slots for predictable validator throughput, residency control, and scoped enterprise onboarding.
(function () { let selectedPlan = null; let selectedCurrency = "usd"; const pricingCatalog = { developer: { usd: { line: "USD $199/month • Includes 2M proof calls", taxNote: "Verification remains free and publicly accessible. Renews monthly. Cancel anytime. Access continues until the end of the billing period after cancellation.", muted: "Works with any backend • No validator infrastructure required • Verification remains free and publicly accessible" }, aud: { line: "AUD $299/month • Includes 2M proof calls", taxNote: "Includes GST where applicable. Verification remains free and publicly accessible. Renews monthly. Cancel anytime. Access continues until the end of the billing period after cancellation.", muted: "Works with any backend • No validator infrastructure required • Verification remains free and publicly accessible" } }, pro: { usd: { line: "USD $499/month • Includes 10M proof calls and 100 signed VAR reports", taxNote: "Verification remains free and publicly accessible. Billed monthly. Cancel anytime. Access continues through the active billing period.", muted: "Built for production-scale integrity workflows • Signed VAR outputs included • Verification remains free and publicly accessible" }, aud: { line: "AUD $749/month • Includes 10M proof calls and 100 signed VAR reports", taxNote: "Includes GST where applicable. Verification remains free and publicly accessible. Billed monthly. Cancel anytime. Access continues through the active billing period.", muted: "Built for production-scale integrity workflows • Signed VAR outputs included • Verification remains free and publicly accessible" } }, compliance: { usd: { line: "USD $999/month • Includes 50M proof calls, 500 VAR bundles, and 500 compliance reports", taxNote: "Verification remains free and publicly accessible. Billed monthly. Cancel anytime. Access continues through the current billing period.", muted: "Designed for audit-ready evidence workflows • Verification remains free and publicly accessible • Built for external review and regulator-facing reporting" }, aud: { line: "AUD $1499/month • Includes 50M proof calls, 500 VAR bundles, and 500 compliance reports", taxNote: "Includes GST where applicable. Verification remains free and publicly accessible. Billed monthly. Cancel anytime. Access continues through the current billing period.", muted: "Designed for audit-ready evidence workflows • Verification remains free and publicly accessible • Built for external review and regulator-facing reporting" } } }; function inferCurrencyByViewer() { try { const locale = String(navigator.language || "").toLowerCase(); const timezone = Intl.DateTimeFormat().resolvedOptions().timeZone || ""; if ( locale.includes("-au") || locale.includes("-nz") || timezone === "Australia/Sydney" || timezone === "Australia/Melbourne" || timezone === "Australia/Brisbane" || timezone === "Australia/Adelaide" || timezone === "Australia/Perth" || timezone === "Australia/Hobart" || timezone === "Australia/Darwin" || timezone === "Pacific/Auckland" ) { return "aud"; } } catch (e) {} return "usd"; } function updateCurrencyToggleUi() { const usdBtn = document.getElementById("currency-toggle-usd"); const audBtn = document.getElementById("currency-toggle-aud"); if (usdBtn) { usdBtn.style.background = selectedCurrency === "usd" ? "#00BFA5" : "#0C1624"; usdBtn.style.color = selectedCurrency === "usd" ? "#001b0c" : "#D1E5DF"; usdBtn.style.borderColor = selectedCurrency === "usd" ? "#00BFA5" : "#FFFFFF22"; } if (audBtn) { audBtn.style.background = selectedCurrency === "aud" ? "#00BFA5" : "#0C1624"; audBtn.style.color = selectedCurrency === "aud" ? "#001b0c" : "#D1E5DF"; audBtn.style.borderColor = selectedCurrency === "aud" ? "#00BFA5" : "#FFFFFF22"; } } function applyPricingCurrency(currency) { selectedCurrency = currency === "aud" ? "aud" : "usd"; try { localStorage.setItem("gi_pricing_currency", selectedCurrency); } catch (e) {} const note = document.getElementById("pricing-currency-note"); if (note) { note.innerHTML = selectedCurrency === "aud" ? "Showing AUD pricing." : "Showing USD pricing."; } const dl = document.getElementById("price-developer-line"); const dtn = document.getElementById("price-developer-tax-note"); const dm = document.getElementById("price-developer-muted"); const pl = document.getElementById("price-pro-line"); const ptn = document.getElementById("price-pro-tax-note"); const pm = document.getElementById("price-pro-muted"); const cl = document.getElementById("price-compliance-line"); const ctn = document.getElementById("price-compliance-tax-note"); const cm = document.getElementById("price-compliance-muted"); if (dl) dl.innerHTML = pricingCatalog.developer[selectedCurrency].line; if (dtn) dtn.innerHTML = pricingCatalog.developer[selectedCurrency].taxNote; if (dm) dm.innerHTML = pricingCatalog.developer[selectedCurrency].muted; if (pl) pl.innerHTML = pricingCatalog.pro[selectedCurrency].line; if (ptn) ptn.innerHTML = pricingCatalog.pro[selectedCurrency].taxNote; if (pm) pm.innerHTML = pricingCatalog.pro[selectedCurrency].muted; if (cl) cl.innerHTML = pricingCatalog.compliance[selectedCurrency].line; if (ctn) ctn.innerHTML = pricingCatalog.compliance[selectedCurrency].taxNote; if (cm) cm.innerHTML = pricingCatalog.compliance[selectedCurrency].muted; if (typeof globalThis.applySecondaryPricingCurrency === "function") { globalThis.applySecondaryPricingCurrency(selectedCurrency); } updateCurrencyToggleUi(); } function getInitialCurrency() { try { const saved = localStorage.getItem("gi_pricing_currency"); if (saved === "usd" || saved === "aud") return saved; } catch (e) {} return inferCurrencyByViewer(); } function closeCheckoutModal() { const modal = document.getElementById("emailModal"); if (modal) modal.style.display = "none"; document.body.style.overflow = ""; } function checkoutTitleForPlan(plan) { switch (plan) { case "pro": return "Upgrade to Pro"; case "compliance": return "Enable Compliance"; case "release_starter": return "Enable CI Proofs — Starter"; case "release_growth": return "Enable CI Proofs — Growth"; case "developer": return selectedCurrency === "aud" ? "Get your API key (AUD)" : "Get your API key"; default: return "Continue to secure checkout"; } } globalThis.setPricingCurrency = function (currency) { applyPricingCurrency(currency); }; globalThis.openCheckout = function (e, plan) { if (e && typeof e.preventDefault === "function") e.preventDefault(); selectedPlan = plan; const title = document.getElementById("checkoutModalTitle"); if (title) title.textContent = checkoutTitleForPlan(plan); const emailInput = document.getElementById("checkoutEmail"); const confirmInput = document.getElementById("checkoutEmailConfirm"); if (emailInput) emailInput.value = ""; if (confirmInput) confirmInput.value = ""; window.scrollTo({ top: 0, behavior: "smooth" }); const modal = document.getElementById("emailModal"); if (modal) modal.style.display = "flex"; document.body.style.overflow = "hidden"; setTimeout(() => { const card = document.getElementById("emailModalCard"); if (card) card.scrollIntoView({ block: "start", behavior: "smooth" }); if (emailInput) emailInput.focus(); }, 50); }; globalThis.startCheckout = async function () { const emailEl = document.getElementById("checkoutEmail"); const confirmEl = document.getElementById("checkoutEmailConfirm"); const email = emailEl ? emailEl.value.trim() : ""; const confirmEmail = confirmEl ? confirmEl.value.trim() : ""; if (!email) { alert("Please enter your email."); return; } if (!confirmEmail) { alert("Please confirm your email."); return; } if (email !== confirmEmail) { alert("Email addresses do not match. Please check and try again."); return; } try { const res = await fetch("https://api.getintegrityapi.com/billing/create-checkout-session", { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ plan: selectedPlan, email: email, currency: selectedCurrency }) }); const data = await res.json(); if (data.checkout_url) { closeCheckoutModal(); window.location.href = data.checkout_url; } else { alert(data.message || data.error || "Unable to start checkout."); console.error(data); } } catch (err) { console.error(err); alert("Checkout failed."); } }; globalThis.closeCheckoutModal = closeCheckoutModal; window.onclick = function (e) { const modal = document.getElementById("emailModal"); if (e.target === modal) { closeCheckoutModal(); } }; function initPricingDetails() { const root = document.getElementById("pricing-details"); if (!root) return; applyPricingCurrency(getInitialCurrency()); const usdBtn = document.getElementById("currency-toggle-usd"); const audBtn = document.getElementById("currency-toggle-aud"); if (usdBtn && !usdBtn.dataset.boundCurrency) { usdBtn.dataset.boundCurrency = "1"; usdBtn.addEventListener("click", function (e) { e.preventDefault(); applyPricingCurrency("usd"); }); } if (audBtn && !audBtn.dataset.boundCurrency) { audBtn.dataset.boundCurrency = "1"; audBtn.addEventListener("click", function (e) { e.preventDefault(); applyPricingCurrency("aud"); }); } const isMobile = () => window.matchMedia("(max-width:767px)").matches; function getPadTop() { return isMobile() ? 18 : 20; } function getPadBottom() { return isMobile() ? 24 : 28; } function getOpenHeight(panel) { const inner = panel.querySelector(".acc-inner"); if (!inner) return 0; const innerHeight = Math.ceil(inner.getBoundingClientRect().height); return innerHeight + getPadTop() + getPadBottom() + 2; } function openPanel(panel) { if (!panel) return; panel.classList.add("open"); panel.style.maxHeight = "none"; requestAnimationFrame(() => { const h = getOpenHeight(panel); panel.style.maxHeight = h + "px"; }); } function closePanel(panel) { if (!panel) return; const h = getOpenHeight(panel); panel.style.maxHeight = h + "px"; requestAnimationFrame(() => { panel.classList.remove("open"); panel.style.maxHeight = "0px"; }); } function syncItem(item) { const checkbox = item.querySelector('input[type="checkbox"]'); const panel = item.querySelector(".acc-content"); if (!checkbox || !panel) return; if (checkbox.checked) { openPanel(panel); } else { closePanel(panel); } } function syncAll() { root.querySelectorAll(".acc-item").forEach(syncItem); } root.querySelectorAll('.acc-item input[type="checkbox"]').forEach((checkbox) => { if (!checkbox.dataset.boundAccordion) { checkbox.dataset.boundAccordion = "1"; checkbox.addEventListener("change", function () { const item = this.closest(".acc-item"); if (item) syncItem(item); }); } }); if (window.ResizeObserver && !root.__pricingResizeObserverAttached) { root.__pricingResizeObserverAttached = true; const ro = new ResizeObserver(() => { syncAll(); }); root.querySelectorAll(".acc-inner").forEach((el) => ro.observe(el)); } window.addEventListener("resize", () => { clearTimeout(window.__pricingAccordionResize__); window.__pricingAccordionResize__ = setTimeout(syncAll, 120); }); if (document.fonts && document.fonts.ready) { document.fonts.ready.then(() => { setTimeout(syncAll, 0); setTimeout(syncAll, 120); }); } setTimeout(syncAll, 50); setTimeout(syncAll, 250); setTimeout(syncAll, 700); setTimeout(syncAll, 1400); } if (document.readyState === "loading") { document.addEventListener("DOMContentLoaded", initPricingDetails); } else { initPricingDetails(); } })();
What it is: A participation model for approved validator units contributing distributed cryptographic capacity to the network. This operational model — referred to as Proof Farming — routes proof metadata and verification workloads to validated units based on performance, uptime, and availability.
Participation is approval-based and designed for qualified operators contributing reliable verification capacity.
Engagement model: Approval-based participation for qualified operators, households, fleets, and approved infrastructure units. Output depends on uptime, availability, routing demand, and approved contribution profile.
Onboarding:
1. Submit a validator participation request
2. Complete review and approval
3. Activate unit or fleet configuration
4. Enable routing, metering, and validation participation
5. Monitor approved capacity and output through dashboards and operational reporting
Designed for approved capacity contributors • Participation is metered and performance-based • Not a public self-serve API product
What it is: Controlled synthetic validation exercises designed to test routing stability, uptime behaviour, and infrastructure capacity readiness before launch, milestone events, scaling, or controlled deployment windows. Readiness Drills generate verifiable test proofs and readiness outputs without requiring live customer payloads.
Engagement model: Readiness Drills are guided validation exercises rather than automated self-serve services. Each drill is scoped around expected traffic patterns, routing behaviour, validator posture, and infrastructure scale.
Typical outcomes:
• Launch-readiness validation
• Stress-aligned or synthetic verification runs
• Assurance evidence for internal stakeholders
• Scoped support for milestone or audit preparation
Best framed as a pilot assurance capability rather than a standard beta connector product • No live customer payloads required
What it is: A cryptographic verification layer for CI/CD pipelines that generates tamper-evident proof-of-publish receipts for tagged releases and deployment events. Designed for DevOps, DevSecOps, and security teams that need independently verifiable release integrity without operating validator infrastructure or extra security tooling.
Pricing:Starter — USD $99/month including up to 500 release proofs per month • Growth — USD $249/month including up to 2,000 release proofs per month
Hash-only processing. No source code or content stored. Verification remains free and publicly accessible.
What you unlock:
• GitHub Action-based proof-of-publish workflows for CI/CD releases
• Public proof receipt URL for each qualifying run
Built for release integrity, proof-of-publish, and software supply-chain transparency • Hash-only processing • Verification remains free and publicly accessible
What it is: Low-code automation workflows that allow business processes to generate verifiable proofs when events occur. Using Zapier or Make, teams can trigger cryptographic proof generation from actions such as document uploads, database updates, approvals, or system events.
Works with existing automation ecosystems — proofs remain portable and independently verifiable.
Provisioning model: Beta access is request-based. Approved requests are provisioned with scoped access and guided onboarding. Proofs generated through automation count against the active API plan quota once enabled.
Recommended fit: Best aligned to Pro API and Compliance API workflows, with guided onboarding during beta rollout.
Onboarding:
1. Submit a beta request
2. We review the intended workflow and access scope
3. Approved access is provisioned with setup guidance
Low-code proof automation for operational workflows • Guided beta provisioning • Proofs remain portable and independently verifiable
What it is: Verifiable PDF stamping with an optional Energy Badge for ESG disclosures, reports, and published documents. Each stamped document embeds a QR verification link and cryptographic proof connecting the file to its issuance event — without exposing document content. Only hashed fingerprints and metadata are processed.
Provisioning model: Beta access is request-based and guided. Supporting materials and onboarding steps are shared during approved provisioning rather than through a public self-serve download flow.
Onboarding:
1. Submit a beta request
2. We review the intended document workflow
3. Approved access is provisioned with setup guidance
Enter your email and confirm it to continue to secure checkout.
🔒 Secure Stripe checkout • Instant API key after payment • No sales emails
Powered by GetIntegrityAPI
Developer Guide
Design verifiable systems by default. Learn how the Integrity Layer works, why it is trusted, and how to architect systems around proof generation, verification, and reporting.
Understand environment boundaries, why demo mode is constrained, and when systems are ready for production guarantees.
Demo mode enables safe exploration, workflow design, and proof evaluation — without cost, risk, or production obligations.
Demo behavior is intentionally limited and should not be interpreted as production performance, feature access, or guarantees.
Key differences:
API keys:gi_demo_... vs gi_live_... Purpose: Evaluation & testing vs live production use Verification: Public verification available in both environments Limits & features: Reduced / constrained vs plan- and entitlement-based SLA & support: None vs plan-based and contractual where applicable
Demo requests may return warnings, operate with reduced limits, or stop with 403 demo_key_expired when the evaluation period ends.
Stress-test integrity systems before production launches, audit review, or scoped sovereign deployment.
Readiness Drills are guided synthetic validation exercises designed to test routing stability, uptime behaviour, proof reliability, and infrastructure capacity readiness.
No live customer payloads are required. Outputs are verifiable and can include signed readiness reports, diagnostics, and machine-verifiable drill artifacts.
Use the JavaScript SDK, direct API integrations, verification tooling, and CI/CD patterns to generate and validate tamper-evident integrity proofs across backend services, automation workflows, and release pipelines.
Install the JavaScript SDK
npm install @getintegrityapi/sdk
Official◦
Node.js SDK
Use the JavaScript client for server apps, backend services, event pipelines, and platform integrations.
import { Integrity } from "@getintegrityapi/sdk"
const integrity = new Integrity({
apiKey: process.env.GETINTEGRITY_API_KEY
})
HTTP◦
Python Integration
Integrate directly with the authenticated API from Python workflows, internal tooling, and automation jobs.
Verification is always free and publicly accessible. Use the JavaScript SDK where convenient, and use direct HTTP integrations or CLI verification where that better fits your workflow.
The API returns a signed proof capsule matching the stored developer-tier proof example.
The REST API allows developers to generate tamper-evident proof capsules directly from backend services, automation workflows, or custom infrastructure.
Verify a Proof
Every proof capsule generated by the platform can be independently verified.
This visible result is shortened for readability, while the copied example preserves the full stored verification response.
Verification confirms the stored capsule, digest integrity, Ed25519 signature, and the original metadata-only payload for 703185ca-8334-40cb-add0-561e85704264.
Verification can be performed by anyone — without authentication — ensuring proofs remain independently verifiable and cryptographically trusted.
(function(){ function fallbackCopy(text){ var textarea = document.createElement("textarea"); textarea.value = text; textarea.setAttribute("readonly",""); textarea.style.position = "fixed"; textarea.style.top = "-9999px"; document.body.appendChild(textarea); textarea.select(); document.execCommand("copy"); textarea.remove(); } function getCardCopyText(button){ var card = button.closest(".gi-card"); if(!card) return ""; var source = card.querySelector(".gi-copy-source"); if(source){ return (source.textContent || source.innerText || "").replace(/\s+$/, ""); } var code = card.querySelector(".gi-code"); if(code){ return (code.textContent || code.innerText || "").replace(/\s+$/, ""); } return ""; } function copyFromButton(button){ var text = getCardCopyText(button); if(!text) return; var original = button.textContent; if(navigator.clipboard && window.isSecureContext){ navigator.clipboard.writeText(text).catch(function(){ fallbackCopy(text); }); } else { fallbackCopy(text); } button.textContent = "Copied ✓"; setTimeout(function(){ button.textContent = original; }, 1500); } var buttons = document.querySelectorAll("#gi-developer-guide .gi-copy-btn"); for(var i = 0; i < buttons.length; i++){ buttons[i].addEventListener("click", function(){ copyFromButton(this); }); } })();
If you have a question, need support, or would like to discuss a partnership, please get in touch.
Whether your enquiry relates to billing, API operations, compliance, enterprise discussions, or commercial matters, every submission is reviewed by our team and routed to the appropriate internal workflow — with AI assisting to help deliver faster, more consistent, and high-quality responses.
How GetIntegrityAPI supports audit-grade integrity, lineage, and independent verification.
This section explains the guarantees, evidence models, and audit semantics of GetIntegrityAPI — how proofs are retained, ordered, attested, exported, and independently verified.
It is designed for auditors, regulators, compliance teams, and mission-critical operators who need to understand what the evidence means, what can be relied upon, and how verification holds up under review.
How compliance is enforced is the role of Compliance Hooks
Compliance Hooks evaluate policies against proofs at the moment actions occur.Compliance & Auditexplains how the resulting evidence is preserved, interpreted, and validated over time.
Think of Compliance Hooks as the enforcement engine —and Compliance & Audit as the evidence framework.For how compliance is enforced automatically, → see Compliance Hooks
A structured breakdown of compliance guarantees, lineage semantics, attestation letters, VAR reports, and audit workflows — built for regulators, auditors, and risk teams.
What “Compliance Mode” changes
When Compliance Mode is enabled, the system applies additional guarantees and constraints to proof generation and retention:
Extended retention (default 365-day rolling window, configurable per plan)
Mandatory lineage tracking for selected endpoints
Eligibility for signed attestation letters
Eligibility for VAR exports
Audit-aligned metadata normalization
Compliance Mode does not change how proofs are generated. Proof generation remains deterministic; Compliance Mode governs retention scope, lineage enforcement, and attestation eligibility.
What guarantees are enabled
Strong ordering guarantees (within defined scopes)
Immutable lineage references
Time-bounded attestation validity
Exportable, audit-ready evidence artifacts
What is not retroactive (important)
Proofs created before Compliance Mode do not gain compliance guarantees
Retention policies apply only from activation forward
Attestations only cover explicitly configured periods
This prevents post-hoc reclassification and preserves audit integrity.
Lineage provides a verifiable chain of ordering and relationship between proofs.
Ordering guarantees
Proofs are ordered by verified timestamp and sequence
Ordering is guaranteed within a lineage scope
No reordering after proof finalization
Immutability scope
Individual proofs are immutable once created
Lineage references are append-only
No mutation, deletion, or re-sequencing within retention
Fork and merge semantics
Forks represent parallel proof streams
Merges represent explicit, verifiable joins
All forks and merges are recorded and auditable
How lineage stands up in audits
Creation time
Ordering
Parent / child relationships
Completeness within scope
No trust in internal dashboards is required.
What attestation letters attest to
Attestation letters are signed summaries stating that:
Proofs were generated as claimed
Lineage ordering and integrity were preserved
Retention and compliance policies were applied during the stated period
They do not attest to business correctness or content validity.
Who signs them
System-signed by GetIntegrityAPI
Bound to a specific organisation, project, and time window
Time-bound validity
Valid only for the stated period
Expire naturally as retention windows roll forward
New attestations must be generated for new periods
How auditors should interpret them
Attestations are evidence of integrity controls — not assertions of truth or outcome.
“Was this integrity system operating correctly during this period?”
Cryptographic hashing and signature validation make unauthorized modification detectable
Deletion occurs only via policy expiry
Exportability
JSON and CSV exports supported
Compatible with external audit systems
No proprietary tooling required
Deletion and expiry semantics
Expiry is automatic and policy-driven
No selective deletion
Expired data cannot be recovered
What a VAR is (plain English)
A VAR (Verifier Attestation Report) is a single-event, signed receipt proving:
“This specific event occurred, was recorded, and can be independently verified.”
What’s inside a VAR
Event summary
Proof identifier and hash
Verification method
Timestamp and ordering reference
Optional lineage reference
Compliance markers (where applicable)
How auditors verify VARs independently
Public key registry and deterministic verification process — no authentication required
No login or dashboard required
Verification remains possible even if customer accounts are unavailable, via portable verification artefacts or public verification endpoints
Artifact differences
Proof: Atomic integrity record
Lineage: Ordered relationships
Attestation: Period-based summary
VAR: Single-event audit receipt
VAR bundles (100- and 500-event packs for Pro and Compliance plans) support structured reporting cycles, audit checkpoints, and recurring evidence generation.
SOC 2
Proofs capture control-relevant events
Lineage establishes sequencing
Attestation letters summarize audit periods
VARs attached to evidence packets
ISO / ISMS
Continuous integrity logging
Exportable lineage for reviews
Attestation letters for audit cycles
Internal controls
Proofs for system changes
Lineage for change management
VARs for critical approvals
Insurance / claims
Event-specific VARs
Timestamped, signed evidence
Independent insurer verification
Verification is stateless for verifiers and does not depend on data retention for portable proof artifacts.Retention applies only to platform-hosted evidence records such as proofs, lineage, attestations, and VAR reports.The platform exposes a cryptographic manifest and public key registry to allow independent validation of signatures, audit exports, and control coverage artifacts.
For enterprise due diligence packages (control mapping, cryptographic policy, incident response policy), contact the Compliance Team at [email protected]
Audit-ready by design —aligned with SOC 2 · ISO · GDPR · HIPAA
Endpoints, schemas, authentication, errors, and implementation patterns. Generate and verify tamper-evident proof for events, hashed artifacts, and transactions. Verification is free, portable, and supports offline validation using proof artifacts. Verification does not store or persist submitted data.
Examples below use gi_demo_... API keys. Demo requests may return warnings, operate with reduced limits, or stop with 403 demo_key_expired when the evaluation period ends.
Use idempotency_key + safe retries. Treat timeouts as unknown; re-check proof existence.
Rate Limits
Enforced per key/project. For high volume, use batch workflows where enabled and monitor usage via /v1/usage.
Batching
Use batch proof generation where your plan supports it to reduce overhead and improve throughput.
Examples
CI → Proof → Verify → VAR
Deploy (CI) → POST /proof (type=event, system=ci, version=…) → POST /verify → POST /var (proof_id=selected proof) → Attach JSON or PDF VAR to the audit packet
Hash → Proof → Receipt → Archive
Hash locally → POST /proof (type=file, hash=sha256:…) → GET /verify/{proof_id} → Store proof_id alongside the archive or business record
Need architecture guidance (not endpoint syntax)?
Use the Developer Guide for lifecycle, trust, outputs, and scaling models.
Runs entirely client-side. No file data is transmitted.
Design principle: Hashing is intentionally performed outside the API boundary to preserve zero-custody guarantees. Raw business payload custody and document upload are not part of the public API contract.
Proof Farming onboarding is pilot-based and approval-driven
Capacity is limited and routed globally to meet enterprise verification demand.Submitting this form registers your application for review — no hardware commitment required.
Approval-based onboarding • Limited slots • No speculation
This visible result is shortened for readability, while the copied example preserves the full stored verification response.
Verification confirms the stored capsule, digest integrity, Ed25519 signature, and the original metadata-only payload for 703185ca-8334-40cb-add0-561e85704264.
Verification can be performed by anyone — without authentication — ensuring proofs remain independently verifiable and cryptographically trusted.
(function(){ if(window.__giDeveloperGuideCopyInit__) return; window.__giDeveloperGuideCopyInit__ = true; function fallbackCopy(text){ var textarea = document.createElement("textarea"); textarea.value = text; textarea.setAttribute("readonly",""); textarea.style.position = "fixed"; textarea.style.top = "-9999px"; document.body.appendChild(textarea); textarea.select(); document.execCommand("copy"); textarea.remove(); } function getCardCopyText(button){ var card = button.closest(".gi-card"); if(!card) return ""; var source = card.querySelector(".gi-copy-source"); if(source){ return (source.textContent || source.innerText || "").replace(/\s+$/, ""); } var code = card.querySelector(".gi-code"); if(code){ return (code.textContent || code.innerText || "").replace(/\s+$/, ""); } return ""; } function copyFromButton(button){ var text = getCardCopyText(button); if(!text) return; var original = button.textContent; if(navigator.clipboard && window.isSecureContext){ navigator.clipboard.writeText(text).catch(function(){ fallbackCopy(text); }); } else { fallbackCopy(text); } button.textContent = "Copied ✓"; setTimeout(function(){ button.textContent = original; }, 1500); } document.addEventListener("click", function(e){ var button = e.target.closest(".gi-developer-guide .gi-copy-btn"); if(!button) return; copyFromButton(button); }); })();
