🔍 Cryptographic Audit Trail

Audit Engine

Every HumanAttest verification creates an immutable, cryptographically signed audit record. Recipients can verify any email's authenticity at any time — without ever exposing email content.

What Gets Logged

Each verification event writes exactly one record to our PostgreSQL database. The record contains only these four fields — nothing more:

// Audit record schema
content_hashstring// SHA-256 of the send-action event. Cannot be reversed.
verified_attimestamp// UTC timestamp of the verification.
sender_namestring// Your registered full name (not email address).
resultenum// "pass" or "fail". No biometric data stored.

How Verification Works for Recipients

When you send a verified email, a SHA-256 hash is embedded in the email header asX-HumanAttest-Hash. Recipients can copy this hash and paste it into the Verify page to confirm the email was sent by a verified human.

→

Sender clicks Send: Extension intercepts and requests verification.

→

Verification passes: SHA-256 hash is generated and logged to the audit database.

→

Hash injected: The hash is added to the outgoing email header automatically.

→

Recipient verifies: Recipient pastes the hash on the Verify page and sees sender name + timestamp.

Data Retention & Deletion

📅

Retention Period

Audit records are retained for 2 years by default, then automatically purged.

🗑️

Right to Deletion

Request deletion of all your records at any time from your account dashboard.

🔐

Encryption at Rest

All records are encrypted with AES-256. Database access is restricted to verified engineers.

📤

Data Export

Export your full audit log as CSV or JSON from the dashboard at any time.

Try the Audit Engine

Paste any HumanAttest hash to verify a sender's identity.

Open Verify Page →