Simple explanation of the cryptographic chain

Each confirmed transaction becomes part of a protected sequence.

Konfirmata is built so records are formed carefully, then kept permanently. The goal is not to overwhelm users with technical terms — the goal is to make trust understandable.

Step by step

What happens when a user records a transaction?

The user records a transaction

A business owner speaks or types something like "Sold rice for 15,000." Konfirmata supports voice-first recording with text fallback.

The user reviews and confirms

The app shows a plain-language summary before anything is written permanently. Without confirmation, there is no ledger entry.

The app appends and signs it

Konfirmata writes the entry into the local append-only ledger, links it to the previous entry with `prev_entry_hash`, and signs it with a device key after trust setup is complete.

Signed history syncs and can be attested

When the device comes online, signed entries sync to the server for signature verification and fork detection. The server can then issue an attestation with a `vt_id`, a `verify_url`, and QR verification.

Append-only logic

Why records cannot be silently changed.

After confirmation, the transaction is not editable. It is not deletable. If another event happens later, that event becomes a new record instead of rewriting the old one.

This matters because institutions need to know that historical records have structure and continuity, not just convenience.

Hash chaining

How the chain works in simple terms.

Every record contains a fingerprint of the previous record. That fingerprint is created using SHA-256. If someone tried to tamper with an older entry, the chain after it would no longer match properly.

After OTP verification, each entry is also signed with a device key, and the server checks both the signature and the chain when syncing queued history.

Verification surface

What can be checked today?

Phone + device trust

Users verify their phone by OTP, the device registers an identity with the server, and every signed entry carries that device context into sync.

Attestation + verification portal

`POST /attest` returns a `vt_id` and `verify_url`, and the portal shows attestation status, date window, entry count, key rotation events, and fork status.

Free export + paid verified reports

Users can generate a free plain-text export of confirmed history, then choose from 30-day, 90-day, or full history reports. Pricing shown in-app after sign-up.

Record, confirm, sign, sync, attest, verify.

That is the product flow live today: business activity is captured on-device, protected in an append-only ledger, synced when online, and surfaced through exports, verified reports, and the verification portal.

Open the app See the lender view