Reclaim Protocol - Trust Package

Our guarantee

Your users can prove facts from any third-party account to your application. Our servers never see the credentials, the verified data, or anything else on their account. The verified data is delivered straight from the user's device to your application's callbacks, only for the facts they chose to share. This isn't a policy promise — it's enforced by cryptography and hardware.

What is Reclaim Protocol

Reclaim Protocol turns any logged-in account into a source of cryptographically verifiable facts. The user signs into the source site (a bank, an exchange, a ride-share app, a social network, a KYC provider) on their own device. A proof of one specific fact about that account (an exact balance, a credit score, a transaction history, a verified identity, a follower count) is generated locally, then delivered to your application. Your application verifies the proof itself, without ever calling the source site. You can read the whitepaper here.

Our commitment

The promise above breaks down into three specific guarantees. Each one is enforced by a different mechanism, and you can verify each one on this page.

Credentials never reach us. The user signs in on their own device, or inside a TEE-hosted client where even our own team can't see the session. Either way, the credentials never touch our servers. How →
Verifications can't be tampered with by anyone. Not by the user. Not by us. Not by any man-in-the-middle. Each verification is cryptographically bound to its data by a zero-knowledge proof. Change the value, and the proof falls apart. How →
The code is the truth. Every verification service is open-source. TEE attestations prove cryptographically that the exact code you can read on GitHub is what generated your verification. You don't have to take our word for any of it. How →

Compliance

SOC 2 Type II

AICPA

Active

GDPR

European Union

Active

ISO/IEC 27001

ISO

Active

Controls

6 checks monitored

Data Privacy

Data privacy checks performed
Session logs analyzed weekly
No PII detected in latest run

View details

Tamper-Proof Verifications

Vulnerability scanning automated
Code review conducted weekly
Severity categorization enforced

View details

TEE Check

TEE attestation verified
Service endpoints monitored
Database retention checked

View details

Supply Chain

Dependency vulnerabilities monitored
Dependabot alerts tracked
Open alerts reviewed

View details

Whitepaper Adherence

Claims verification automated
Implementation consistency checked

View details

Uptime & Service Health

Core service endpoints monitored
Health checks run hourly
24h pass ratio tracked

View details

Automated verification runs

Every check on this page runs automatically on a schedule: hourly (uptime), daily (supply-chain, license, TEE), weekly (PII, security, compliance), monthly (whitepaper).

Duration: 1sSections verified: 1

What this run covers

Every hour·Sections: uptime

See also: Daily Run (Every day · 10:00 IST)·Weekly Run (Every Friday · 10:00 IST)·Monthly Run (1st of month · 10:00 IST)

Uptime & Service Health100%

4/4 services healthy

View section →

Duration: 1sSections verified: 1

What this run covers

Every hour·Sections: uptime

See also: Daily Run (Every day · 10:00 IST)·Weekly Run (Every Friday · 10:00 IST)·Monthly Run (1st of month · 10:00 IST)

Uptime & Service Health100%

4/4 services healthy

View section →

Duration: 1sSections verified: 1

What this run covers

Every hour·Sections: uptime

See also: Daily Run (Every day · 10:00 IST)·Weekly Run (Every Friday · 10:00 IST)·Monthly Run (1st of month · 10:00 IST)

Uptime & Service Health100%

4/4 services healthy

View section →

Duration: 1sSections verified: 1

What this run covers

Every hour·Sections: uptime

See also: Daily Run (Every day · 10:00 IST)·Weekly Run (Every Friday · 10:00 IST)·Monthly Run (1st of month · 10:00 IST)

Uptime & Service Health100%

4/4 services healthy

View section →

Duration: 1sSections verified: 1

What this run covers

Every hour·Sections: uptime

See also: Daily Run (Every day · 10:00 IST)·Weekly Run (Every Friday · 10:00 IST)·Monthly Run (1st of month · 10:00 IST)

Uptime & Service Health100%

4/4 services healthy

View section →

Duration: 29m 40sSections verified: 1

Tamper-Proof Verifications100%

Security review of 8 repositories identified 7 critical issues requiring immediate attention, primarily involving credential exposure and verification gaps in authentication flows. 13 warnings and 7 minor issues also noted. Triage and remed

View section →

Duration: 1m 41sSections verified: 2

What this run covers

Every Friday · 10:00 IST·Sections: pii, compliance, security

See also: Daily Run (Every day · 10:00 IST)·Monthly Run (1st of month · 10:00 IST)

Data Privacy90%

90% PII-free (9/10 clean, 1 with PII)

View section →

Compliance—

Sprinto framework snapshot refreshed

View section →

Tamper-Proof VerificationsRunning…

View section →

Duration: 6sSections verified: 2

What this run covers

Every day · 10:00 IST·Sections: supply-chain, tee

See also: Weekly Run (Every Friday · 10:00 IST)·Monthly Run (1st of month · 10:00 IST)

Supply Chain94%

Our supply chain scan of 10 repositories found no critical vulnerabilities. We identified 49 high-severity issues and 78 lower-severity findings, primarily in framework dependencies. Patches are in progress.

View section →

TEE Check100%

5/5 TEE session attestations match published image history

View section →

Showing last 8 runsResults are written directly to this page — no manual review

Subprocessors

View all

aws

Amazon Web Services·Cloud infrastructure (compute, storage, databases)

IN (ap-south-1), EU (eu-north-1)

Google Cloud Platform·TEE confidential compute. Both TEE_K and TEE_A run as attested Docker images.

Prod cluster: IN (asia-south1) + US (us-central1). EU cluster: both in EU (europe-west).

Firebase (Google)·Admin authentication (Google OAuth)

Anthropic·AI analysis for PII, security, and whitepaper checks