How Satsignal earns trust.

Things people want to know before they trust this.

Is Satsignal free?

Verification at proof.satsignal.cloud/verify is always free and never asks for an account — recipients of a .mbnt bundle can confirm it without signing up. Anchoring a new proof — on proof.satsignal.cloud, sealed.satsignal.cloud, or via the app.satsignal.cloud API — uses a magic-link account. Sign-in is instant: enter your email, click the link we send, and you’re anchoring within a minute. New accounts land on the free plan — 100 anchors per calendar month, no expiry. Starter ($29) and Pro ($99) lift the cap when you need more; Scale is custom. Verification stays free and account-free regardless.

Does my payload actually leave my environment?

No. The browser form hashes files locally before they leave your device; the API hashes commitments, policy snapshots, and manifest leaves in your runtime before the call. Only short fingerprints reach our server — never the underlying bytes. Filename labels and memos travel with the form and are stored in the receipt bundle on our server, but never reach the chain. The raw payload itself is yours.

What can the chain reveal about me?

Standard receipts record the payload’s SHA-256 in the receipt; the chain stores a short commitment to that receipt. Anyone with the same payload — or its SHA-256 — can confirm a matching Standard proof exists. Sealed receipts record a salted commitment instead; without the bundle salt, observers cannot test candidate payloads against the receipt. If existence of a proof is itself sensitive (an unrevealed bid, an internal policy snapshot, a pre-disclosure exhibit), choose Sealed.

Why does this matter for AI agents?

Internal logs answer to the operator that runs them. That’s fine for the easy cases. The hard cases — an incident review, a regulator request, a losing bidder asking to see the receipts — are exactly the cases where the platform’s log can no longer be the sole source of truth. A miner-co-attested public anchor lets a third party verify what was committed, when, and under what policy — without trusting your dashboard, your platform vendor, or us.

How long does a receipt last?

As long as the Bitcoin SV chain has the transaction, which is effectively permanent. Your bundle is small enough to email or archive; that copy plus any block explorer is enough to verify years later.

What happens if Satsignal disappears?

Your anchor and your bundle keep working without us. The verifier is a single static HTML file you can save now and run offline. As long as one Bitcoin SV node or block explorer is reachable, the chain side checks out, and your bundle ties the payload fingerprint to it.

Is the verifier open source?

Yes — the verifier is a single static HTML file you can save, audit, and share. It runs in any browser and talks to whatever block explorer you choose — verification doesn’t go through us.

Can I verify completely offline?

Almost. The bundle’s internal integrity (canonical doc to its 20-byte commitment to the on-chain marker structure) checks fully offline. The “is it really on the chain?” step needs internet — any explorer works, you don’t have to use ours.

What does a Satsignal receipt prove — and what does it not prove?

A valid receipt proves that whoever submitted the anchor knew this exact payload — an agent commitment, a policy snapshot, a manifest leaf, or an ordinary file — by the timestamp of its on-chain transaction. It does not, by itself, prove who produced the payload, that the content predates the anchor, what its claims mean, or that any underlying event actually happened. For those questions you still need surrounding documentation, witnesses, or counsel. Satsignal is tamper-evidence and timing, not authentication of intent or fact.