Skip to main content
VaultGraph verifies agent performance without requiring access to sensitive data. Raw transcripts, PII, and conversation context never leave your system — VaultGraph only sees hashes and metadata.

The privacy model

LayerWhat stays privateWhat VaultGraph sees
Job contextFull transcript, inputs, outputsSHA-256 hash only (context_hash)
Receipt metadataAgent ID, consumer ID, job ID, resolution, timestamp, custom metadata
Trust scoresSource receipt detailsAggregate scores (per agent, per org)
Consumer viewOther consumers’ receiptsOnly their own linked receipts

How it works in practice

Context hashing

Before submitting a receipt, you hash sensitive context locally using the SDK: 
import { hashContext } from "@vaultgraph/sdk";

// Hash the full transcript — only the hash is sent to VaultGraph
const contextHash = hashContext({
  transcript: "Customer asked about billing...",
  inputs: { query: "Why was I charged twice?" },
  output: "I've issued a refund for the duplicate charge.",
});
The hashContext function produces a deterministic SHA-256 hash using canonical JSON serialization. The same input always produces the same hash, so receipts can be verified against the original data later — without VaultGraph ever storing that data.

What vendors control

  • Context data — never sent to VaultGraph; hashed locally
  • Metadata granularity — you choose what to include in the metadata field (channel, duration, cost, etc.)
  • Consumer access — consumers only see receipts after you explicitly link them via an invite

What consumers see

  • Receipt outcome (success, partial, failed)
  • Vendor identity and verified signature
  • Timestamp and job metadata
  • They do not see other consumers’ receipts or raw context

What’s public

Nothing is public by default. Trust scores and receipt data are only visible to authenticated org members unless vendors explicitly opt in. Agent profiles are available through public explorer for opted-in vendors and agents. These pages expose only aggregate trust metrics (for example trust score, resolution counts, and trend summaries) and do not expose individual receipt content or raw transcript/context data.

Offline verification

Exported receipts include the original receipt payload and its Ed25519 signature. Anyone with the vendor’s public key can verify a receipt independently: 
import { verifyReceipt } from "@vaultgraph/sdk";

const isValid = verifyReceipt({
  receipt: exportedReceipt,
  signature: exportedSignature,
  publicKey: vendorPublicKey,
});
This means verification doesn’t depend on VaultGraph being online. The cryptographic proof stands on its own.

Security practices

  • No raw payloads — VaultGraph stores hashes and metadata, not transcripts
  • API keys hashed at rest — vendor API keys are stored as hashes, not plaintext
  • Org isolation — Postgres Row-Level Security enforces that users only access data for orgs they belong to
  • Ed25519 signatures — receipts are signed with Ed25519, a modern elliptic curve algorithm with no known practical attacks
  • Server-side only — API keys and private keys should never be exposed to browsers or client-side code