Trust Center
Vraimony is built to be integrity-only, privacy-first, and server-light. This page states what we do, what we do not claim, and how we defend costs and abuse.
Integrity-only (what it can prove)
- Receipt structure + signature validity (tamper-evident).
- That a specific hash value was recorded in a receipt.
- Optional local hash match (if you provide the file locally).
Integrity-only (what it does NOT prove)
- Truth, authorship, identity, or intent.
- Delivery, condition, or who received/opened a package.
- Legal admissibility / court acceptance (varies by jurisdiction).
- A guaranteed dispute outcome (no “win guarantee”).
No tracking posture
- No analytics cookies, no fingerprinting, no session replay.
- No per-user identifiers. Only aggregated daily counters (anti-abuse sizing).
- Referrer minimized (no-referrer) on key pages.
Domain separation (why two domains)
We separate issuance and verification to reduce risk and simplify trust assumptions:
- getevidex.net — product site and issuance flows.
- verify.getevidex.net — verification-only, read-only surfaces (no login, no issuance).
This limits attack surface and helps platform reviewers validate “verify stays free” and “no tracking” claims.
Transparency snapshot (CT‑lite Merkle root)
We publish a daily signed Merkle tree head over published receipts (a “CT‑lite” transparency snapshot). This helps detect silent deletion/backdating patterns and supports independent auditing.
- Daily snapshot: Merkle root + tree size + timestamp + signature.
- Published on the verify domain (read-only).
- Designed for auditability; not a legal guarantee.
We avoid regulated trust-service claims (eIDAS “qualified”, notarization, or court acceptance guarantees).
Security posture & policies
For merchants: start with Transaction Proof Pack and Downloads Standard Registries Interop.
Reality Audit
—