Private branches for your subscribers

We build, manage, and upgrade a private branch under your brand. You bring the audience and first-line support; we provide a lawful, audit-ready environment—without employee surveillance.

Receipts are pilot-ready: Inter-Wing map • WORM snapshot • ops-only SIEM, wired during pilot and exported within 10 business days..

Why teams choose this

What’s included

  • Isolated Branch (Wing), branded
  • Residency/keys posture
  • Allowlisted egress
  • Monthly Receipts Core

Your role

  • Sell and onboard subscribers
  • First-line support
  • Provide branding + SSO (optional)

Our role

  • Architecture & build
  • Operations, backups, upgrades
  • Change management & evidence

Receipts you can show

Each month we deliver a Receipts Core snapshot: (a) Inter-Branch sharing map, (b) a WORM snapshot of policies/config, and (c) ops-only SIEM exports. It’s proof without people surveillance.

Verify a receipt

1) Check the Inter-Wing sharing map

Open inter_wing_map.pdf (or PNG). Confirm Wing↔Wing flows and allowlisted egress match expectations for this period.

2) Inspect the WORM manifest

Open worm_manifest.json. Confirm created_at, zone, egress, and that a signature is present. The manifest lists file digests you can check locally.

3) Spot-check the SIEM export

Open siem_YYYY-MM.ndjson. Look for APPLY, ALLOW, and BLOCK lines that align with the map and policy. (No employee events—ops-only.)

4) Verify file hashes (quick tools)

macOS/Linux (Terminal)

# shasum (macOS) or sha256sum (Linux)
shasum -a 256 inter_wing_map.pdf
shasum -a 256 siem_2025-09.ndjson
# compare output to the digest in worm_manifest.json

Windows PowerShell

Get-FileHash -Path .\inter_wing_map.pdf -Algorithm SHA256
Get-FileHash -Path .\siem_2025-09.ndjson -Algorithm SHA256

Signatures: production manifests are signed. We can provide the public key and a one-liner for verification on request.

Signature check (optional)

GPG / PGP

# import our public key (first time only)
gpg --import /media/por_receipts_public.asc

# verify the manifest against its detached signature
gpg --verify /media/worm_manifest_sample.json.sig /media/worm_manifest_sample.json

Minisign

# verify with minisign
minisign -V -p /media/por_receipts_pubkey.minisign \
  -m /media/worm_manifest_sample.json \
  -x /media/worm_manifest_sample.json.minisig

Result should read “Good signature” or “Signature verified.” If you see a mismatch, the file or key is not correct.