VERITAR
● Runs in your browser · nothing uploaded

Prove how you used AI.

Veritar turns "I used AI responsibly" from a claim into a receipt — tamper-evident, tied to your verified identity, and checkable by anyone, on any piece of work you produce.

Download Veritar macOS · DMG Verify a sample receipt ↓

Open the disk image, drag Veritar.app to Applications, then right-click → Open on first launch. Veritar isn't yet Apple-notarised (so Gatekeeper warns once); the binary is ad-hoc signed and source-available — audit before you run.

Everyone uses AI now — but when your work is questioned, "I checked it myself" is just your word. A consultant defending a deliverable, an analyst behind a model, a contractor billing for output, a researcher citing sources, a lawyer filing a brief: the moment trust matters, you need evidence, not assurances. Veritar produces that evidence as you work.

How it works

  1. 1

    Install Veritar

    A small macOS menubar app. It quietly observes the metadata of your work — which AI tool you copied from, which file the paste landed in, which citations you looked up. Content stays on your machine.

  2. 2

    Issue a receipt

    One click in the menubar produces a cryptographically signed PDF of your AI use for that specific deliverable — which tool, how much, into which file. Anchored in a public, append-only transparency log.

  3. 3

    Anyone verifies it

    A client, employer, auditor, or reviewer drops the PDF into this page. Their browser cryptographically re-checks every event. No data leaves their device — and no Veritar server sits in the trust chain.

What Veritar never sees

Content blind

The agent records that you copied from claude.ai and how long the paste was — never the text itself. File hashes are computed locally; document content never leaves your machine.

Local-first signing

The signing key lives in your Mac's secure storage. Receipts are signed before they exist anywhere off-device. We can't forge a receipt in your name, and we don't store the events that produced it.

Open verification

The verifier on this page is the same Rust crypto that issued the receipt, compiled to WebAssembly and shipped to the browser. A verifier doesn't need to trust us — only the math.

Verify a receipt

Drop a Veritar-issued receipt below. Your browser re-checks the cryptographic signature and event proofs using the same code that issued it. The file never leaves your device.

Drop a receipt PDF here

or

Accepts the .pdf receipt or the machine-readable .json.

Don't have one?

Look up a fingerprint code

The short code printed on a receipt (e.g. 6C2D-A832-10CF) is an index into the public transparency log. Enter it to confirm a receipt with that fingerprint is anchored in the public record. Your browser downloads the log and re-verifies the entire chain itself — it doesn't take our word for it. To see a receipt's full contents, drop the receipt above.

What this check proves

✓ Established here

  • The receipt is signed by the embedded public key.
  • Every listed event is committed under the signed Merkle root — nothing was added, removed, or altered after signing.
  • The root is anchored in the public, append-only log — your browser downloads the log and re-verifies the whole hash chain and every signature itself, rather than trusting our server.
  • When an identity certificate is attached, the signing key is bound to a named, verified person by a trusted issuer — and the certificate is checked against the exact key that signed this receipt, so it can't be lifted onto someone else's work.
  • The agent observes content copied from AI tools (claude.ai, ChatGPT, etc.) to the pasteboard, recording the length only — never the content. This is the headline signal for how much AI-originating text entered the work session.
  • When a paste (⌘V) lands in a document, the agent reads the focused window title via macOS Accessibility and binds the paste to the destination deliverable — so the receipt says which file the AI content went into, not just that it left an AI tab.

Judge for yourself

  • How rigorously the person's identity was checked at enrollment — a self-asserted email vs verified organisational SSO. The receipt states the enrollment method; weigh it accordingly.
  • That everyone is shown the same log: ruling out a server presenting different logs to different people needs signed tree heads + gossip (the production transparency layer).

We never assert these silently — the verdict above shows exactly what was and wasn't checked.