NotaryOS

Cryptographic Verification

VerifyDocsPricingAboutTrustExplorerPanopticonV2OSINT
Enterprise-Grade Security

Cryptographic Trust, Verified

Every AI agent action sealed with Ed25519 signatures and hash-chain integrity. Verify any receipt, anytime, anywhere.

Verify a ReceiptCompliance Frameworks

Signing Architecture

Three cryptographic primitives work together to make every receipt tamper-evident and independently verifiable.

Ed25519 Digital Signatures

Every receipt signed with Ed25519 -- the same elliptic curve used by SSH, Signal, and TLS 1.3.

  • 256-bit keys, 64-byte signatures
  • Deterministic signing (no random nonce needed)
  • Fastest elliptic curve verification available
  • Immune to timing side-channel attacks

JWKS Key Management

Public keys published via RFC 7517 JWKS endpoint. Any client can verify signatures independently.

  • Key rotation support with overlap windows
  • Key ID (kid) tracking per receipt
  • Automatic key retirement scheduling
  • Standard JWKS discovery endpoint

Hash Chain Integrity

Every receipt links to the previous via SHA-256 hash chain. Tampering with one receipt breaks the entire chain.

  • Genesis hash initialization per agent
  • Chain sequence numbering
  • Provenance reference linking
  • Verifiable from any point in the chain

Compliance Frameworks

NotaryOS is designed to meet the requirements of major regulatory and industry compliance frameworks.

SOC 2 Type II

In Progress

Audit controls aligned with SOC 2 Trust Service Criteria. Formal certification in progress.

GDPR

Compliant

Consent-gated analytics, data deletion API, and EU-compliant data handling throughout.

ISO 27001

Aligned

Information security management practices aligned with ISO 27001 control framework.

HIPAA

Available

Business Associate Agreement available for Enterprise tier. PHI is never stored in receipts.

Defense in Depth

Seven independent security layers. A request must pass every layer before it can read or write a single receipt.

1

CORS Origin Validation

Cross-origin requests restricted to explicitly allowed domains.

2

Security Headers

Content-Security-Policy, X-Frame-Options, Strict-Transport-Security enforced.

3

Authentication

JWT session tokens and scoped API keys validated on every request.

4

Rate Limiting

Per-endpoint, per-tier throttling to prevent abuse and ensure fair usage.

5

Agent Trust Management

Behavioral scoring tracks agent reliability over time.

6

Certificate Validation

Mutual TLS-ready certificate verification for agent-to-agent communication.

7

Circuit Breaker

Fault isolation prevents cascading failures across the system.

Verify Any Receipt

Paste a receipt hash below to verify its signature, structure, and chain integrity in real time. No account required.

Receipt hashes are public identifiers. Verification requires no authentication.

API Security

Tiered rate limiting and scoped API keys ensure fair usage and protect against abuse at every level.

Rate Limiting Tiers

TierRequests/minReceipts/mo
Starter60100
Explorer30010,000
Pro1,000100,000
EnterpriseCustomUnlimited

Security Features

  • API key scoping (read / write permissions)
  • SHA-256 key hashing -- plain keys never stored
  • Automatic key rotation support
  • IP allowlisting (Enterprise tier)
  • CORS origin validation on every request
Full API documentation

Ready to secure your AI operations?

Get the full security whitepaper or speak with our team about Enterprise-grade compliance requirements.

Request Security WhitepaperTalk to Sales
NotaryOS - Cryptographic Receipt Verification
DocsAPISecurityPrivacyTerms
© 2026 NotaryOS. All rights reserved.
NotaryOS protocol and counterfactual receipt system created by Harris Abbaali.