Trust
Cryptographic transparency.
Every day, we hash a deterministic Merkle root over the audit chain that mattered — every AI call, every tenant-side action, every founder cross-tenant read, every messaging-consent record. The root is a fingerprint of what existed in our system on that UTC day. If we silently mutated an old row, the root would no longer match — and any auditor who saved yesterday's value would notice.
- Read the four audit tables for the UTC day you want to check:
ai_run,audit_log,cross_tenant_access_log,customer_messaging_consent. - For each row, build a canonical pipe-joined string
key="value"|key="value"...with keys sorted alphabetically. Prefix with the table name. SHA-256 → leaf. - Sort the combined leaf array lexicographically. Build a standard binary Merkle tree (duplicate the last leaf on odd-count layers; concatenate left + right hex bytes for the parent hash). The root is the final 64-character hex string.
- Compare to ours. If you have a tenant session at GladiusTurf, GET
/api/transparency/root/YYYY-MM-DDreturns your tenant-scoped root.
The implementation lives at lib/audit/merkle.ts in our public source. Roughly 100 lines. No exotic crypto — a well-understood Merkle construction over a deterministic row-canonicalization scheme.
Proves: a row that existed on day X cannot be silently changed on day X+1 without invalidating that day's published root.
Does not prove: that we published the root truthfully (we could compute and post a wrong hash). Daily public-notary timestamping ships next so the chain of roots itself is verifiable independently of us. v2.
Tenants can see their own daily roots inside the workspace at the Trust Console (Pulse → Trust Console). Each AI call additionally generates a public per-call receipt at /receipt/[id]. Drop a receipt URL into any AI-drafted message you send — recipients can verify what the AI was given.
| UTC date | Root (sha256) | AI runs | Audit | Cross-tenant | Consent |
|---|---|---|---|---|---|
| 2026-05-12 | 00000000000000000000000000000000… | 0 | 0 | 0 | 0 |
| 2026-05-11 | 00000000000000000000000000000000… | 0 | 0 | 0 | 0 |
| 2026-05-10 | 00000000000000000000000000000000… | 0 | 0 | 0 | 0 |
| 2026-05-09 | ef7f409a997e8f0fb970b14c716ec8b1… | 0 | 2 | 0 | 0 |
| 2026-05-08 | 1b83e3c5d2e34eeacd1a7a6538f46dba… | 0 | 5 | 0 | 0 |
| 2026-05-07 | 00000000000000000000000000000000… | 0 | 0 | 0 | 0 |
| 2026-05-06 | 00000000000000000000000000000000… | 0 | 0 | 0 | 0 |
| 2026-05-05 | 00000000000000000000000000000000… | 0 | 0 | 0 | 0 |
| 2026-05-04 | 00000000000000000000000000000000… | 0 | 0 | 0 | 0 |
Roots show the first 32 hex characters of each SHA-256 fingerprint. Hit /api/transparency/root/YYYY-MM-DD with your tenant session for the full root + tenant-scoped counts. The all-tenants root above is forensics-grade and not customer-visible per-row.
Questions: email legal@gladiusturf.com. Read the DPA for the full sub-processor list and privacy policy for retention.