Security

Built for operations teams

Every architectural decision is made to verify data integrity. Signed at source. Verified on receipt. Tamper-evident from that point on.

Security pillars

01

Hardware Attestation

Every file is signed by the device's secure hardware — Secure Enclave on iOS, Keystore on Android. Each device must be enrolled before it can sign data.

02

Cryptographic Sealing

At the moment of capture, a SHA-256 hash is computed and signed inside the device hardware. Any modification to the file causes the signature check to fail.

03

Public Verification

Anyone can verify integrity through our API. The response shows hash, timestamp, location, and device ID — the original file remains private.

04

Data Isolation

Files are stored in tenant-isolated environments using Supabase Row Level Security. Each company's data is logically separated at the database level.

05

Audit Log

Every capture, retrieval, and verification is logged to an append-only audit trail. Know what your team verified and when.

06

Encrypted Storage

Files are stored with server-side encryption at rest. TLS 1.3 in transit. Access is controlled via API keys in your dashboard.

Verification chain

01

Capture

Device records photo, GPS, and timestamp

02

Hash

SHA-256 hash computed on the device

03

Sign

Hash signed by device hardware key

04

Verify

Signature checked against public key on our servers

Compliance

GDPR
Aligned
CCPA
Aligned
C2PA
Aligned

Security questions?

Our team is available to answer technical questions from developers and platform teams.

Talk to our team