Verifiable by design.

Proof integrity

• Ed25519 signatures. Every proof is signed over its canonical claims and verifiable offline with the public key.
• Pinned-key verification. Verification checks the signature against a trusted key registry by fingerprint — never the key embedded in the proof — so a proof re-signed with an attacker's key is rejected.
• Document binding. Proofs carry the SHA-256 of the exact document; a changed document no longer matches.
• Tamper-evident ledger. Issued proofs are appended to a hash chain; any insertion, deletion, reorder, or edit breaks chain verification.
• Revocation. A revoked proof fails verification with a clear reason.

Keys

Signing keys are identified by fingerprint and support rotation — rotating a key keeps previously issued proofs verifiable. In production, private keys live in a managed secret store / KMS, and the public registry is published so any party can verify independently.

Identity & fulfillment

Identity verification is performed by Stripe Identity (IAL2). Notarization is fulfilled by a licensed remote-online-notarization network. Provenant orchestrates and proves these acts; it does not perform regulated acts itself.

Data handling

We minimize what we store. Sensitive identity documents are handled by the verifying provider, not retained by Provenant; we keep the verification result and the signed proof. Personal data is processed to deliver the action you request and is described in our privacy policy.

Reporting a vulnerability

Found something? Email hello@useprovenant.xyz. We respond quickly and credit responsible disclosure.