Continuity & durability

What happens to your proofs if we disappear?

Nothing. That is the design constraint everything else follows from — and the question every serious buyer should ask any evidence vendor.

The one-sentence answer: every receipt you hold verifies against public data alone — the Merkle path in your receipt and the anchor on a public ledger. Verification never requires our servers, our company, or our permission. Delete LedgerProof tomorrow; your evidence still holds.

Why that's true, mechanically

What would actually stop

If LedgerProof (the company) ceased operating, issuance of new receipts and the managed services would stop — new anchoring, monitoring, the Vault, support — while every receipt already issued keeps verifying. Old proofs don't need us; only new ones do.

Key custody

Signing keys are held in isolated, encrypted infrastructure secrets — never in code, never in the browser, never in backups of user data. Key rotation and revocation are signed, chained events: a compromised key can be publicly superseded without invalidating the history it signed before compromise. A formal ceremony (multi-party, HSM-backed) is on the roadmap as enterprise custody demands it; we will state plainly which stage we are at when asked.

Data durability

Assurance roadmap

We are candid about maturity: LedgerProof is an early-stage system with an open protocol at its core. A SOC 2 program and a formal multi-party key ceremony are roadmap items we sequence against enterprise demand. What is not roadmap — what is true today — is the property that matters most: your evidence does not depend on our existence.

Questions a procurement or security review should ask us — and our standing answers — are available on request: veronica@ledgerproofhq.io. See also protocol stewardship & longevity.