What’s included
- Isolated Branch (Wing), branded
- Residency/keys posture
- Allowlisted egress
- Monthly Receipts Core
Private branches for your subscribers
We build, manage, and upgrade a private branch under your brand. You bring the audience and first-line support; we provide a lawful, audit-ready environment—without employee surveillance.
Receipts are pilot-ready: Inter-Wing map • WORM snapshot • ops-only SIEM, wired during pilot and exported within 10 business days..
Why teams choose this
- Private by design: your own Branch (one Wing), scoped by Zones (Z1/Z2).
- Receipts, not surveillance—pilot-ready: WORM snapshots and ops-only SIEM exports prove control without watching people.
- Operated for you: we handle build, operations, upgrades, evidence; you focus on subscribers.
- Upgrade path: when you need partner enclaves or sovereign regions, we migrate you to Enterprise.
Your role
- Sell and onboard subscribers
- First-line support
- Provide branding + SSO (optional)
Our role
- Architecture & build
- Operations, backups, upgrades
- Change management & evidence
Receipts you can show
Each month we deliver a Receipts Core snapshot: (a) Inter-Branch sharing map, (b) a WORM snapshot of policies/config, and (c) ops-only SIEM exports. It’s proof without people surveillance.
Verify a receipt
1) Check the Inter-Wing sharing map
Open inter_wing_map.pdf (or PNG). Confirm Wing↔Wing flows and allowlisted egress match expectations for this period.
2) Inspect the WORM manifest
Open worm_manifest.json. Confirm created_at, zone, egress, and that a signature is present. The manifest lists file digests you can check locally.
3) Spot-check the SIEM export
Open siem_YYYY-MM.ndjson. Look for APPLY, ALLOW, and BLOCK lines that align with the map and policy. (No employee events—ops-only.)
4) Verify file hashes (quick tools)
macOS/Linux (Terminal)
# shasum (macOS) or sha256sum (Linux) shasum -a 256 inter_wing_map.pdf shasum -a 256 siem_2025-09.ndjson # compare output to the digest in worm_manifest.json
Windows PowerShell
Get-FileHash -Path .\inter_wing_map.pdf -Algorithm SHA256 Get-FileHash -Path .\siem_2025-09.ndjson -Algorithm SHA256
Signatures: production manifests are signed. We can provide the public key and a one-liner for verification on request.
Signature check (optional)
GPG / PGP
# import our public key (first time only) gpg --import /media/por_receipts_public.asc # verify the manifest against its detached signature gpg --verify /media/worm_manifest_sample.json.sig /media/worm_manifest_sample.json
Minisign
# verify with minisign minisign -V -p /media/por_receipts_pubkey.minisign \ -m /media/worm_manifest_sample.json \ -x /media/worm_manifest_sample.json.minisig
Result should read “Good signature” or “Signature verified.” If you see a mismatch, the file or key is not correct.