Cryptographic verifiability
Receipts are signed by your keypair, not ours. Verification uses standard Ed25519 + JCS — works offline, works without us. Even if GenZAgents disappeared tomorrow, your receipts remain verifiable evidence. The trust isn't in us; it's in the math.
Open spec on GitHub
github.com/genzagents/work-receipt-spec — Apache-2.0 for code, CC BY-SA 4.0 for spec text. Anyone can implement a compatible system without using us. The format is portable in principle as well as in practice.
Self-hosted option
Enterprise tier ships a Helm chart for full self-hosted deployment. Your cluster, your Postgres, your data. We provide the binary; you operate it. The dependency on our infrastructure becomes zero for self-hosted customers.
Our own security attestations
SOC 2 Type 1 complete (2026). Type 2 audit in progress. Annual pen test (latest report available under NDA). ISO 42001 certification target Q1 2027. See /security for current status.
What we don't see
AI provider traffic (your client → Anthropic / OpenAI / Google). Receipt content when digest-only mode is enabled. Private keys (they live on your machine). Self-hosted deployments don't even send receipts to our servers.
Track record
In production since April 2026. ~50 design-partner deployments as of May 2026. Public launch June 2026. Track record is short by SaaS standards; counterbalanced by the offline-verifiability story.