Check an answer, don't just believe it.

What "verifiable" means here

Every fact emem serves is signed with an ed25519 key and addressed by a blake3 hash taken over the fact itself. To check one, you recompute the hash and verify the signature against the responder's public key. This works offline — you never have to call us back or take the server's word. A fact your agent cites is a fact you, or an auditor, can re-pull and confirm independently. You can try it on the home page in about ten seconds.

The tenancy boundary

For geo.qa, the line that matters is the one around your data. It is enforced per organisation, in the query layer, on every read and every write — not as a setting and not as a promise in a contract. The open emem layer is wired in underneath for public facts, so an agent can combine a public reading with one of your private ones in a single answer, while your private context never crosses the boundary.

What we claim, and what we don't

We won't list certifications we don't hold. What we will do is show you exactly how a fact is signed, how the boundary is enforced, and how to verify a receipt yourself, and answer specific questions for your security review. As the lab and its products mature, formal attestations will follow, and we'll state them here plainly when they're real.

Request security documentation

If you're evaluating geo.qa for production and need detail for procurement or a security review, we'll share what we have under NDA and walk through the rest with your team directly.