"We have it on video" isn't enough when a dispute becomes a deposition. Sitinel makes every frame of jobsite footage cryptographically provable — the day it's captured, and years after. Here's exactly how it works, in four steps.
Each step is independently verifiable. No Sitinel employee, no cloud vendor, and no attacker who compromises one layer can silently modify the chain.
As each frame is written to the local encrypted disk, a SHA-256 hash is computed over its raw pixel data and timestamp. The hash is stored alongside the frame in an append-only index.
A single changed pixel — a splice, a crop, a re-encode — breaks the hash. Anyone can re-hash the frame later and compare against the recorded value. Tampering is detectable in the first second after export.
Every 60 minutes, the hashes from that hour are combined into a Merkle tree. The resulting root — one 32-byte value — summarizes every frame captured in the window. Change any single frame and the root changes.
The root is signed with a hardware-bound device key provisioned at the factory. The private key never leaves the secure element on the Sitinel unit. Even Sitinel can't forge a signature for your device.
Every signed root is published to a public transparency log modeled after Certificate Transparency. The log is append-only, cryptographically accountable, and mirrored across independent witnesses.
No rewind. No silent edit. No "oh we lost that hour." If Sitinel ever tried to rewrite history, the witnesses would catch it — and so could you.
When you hand a 40-second clip to your insurer, broker, or attorney, it ships with an inclusion proof: a short path through the Merkle tree that anchors the clip to the published root.
They confirm the clip was captured exactly as shown — by your device, in that window, unedited — without ever seeing a second of your other footage. No data dump, no "trust us." Just math and a public log.
A clip that can't be authenticated by a third party is just content. Sitinel evidence carries four properties that turn it into proof.
If you underwrite Florida roofing, or adjust claims against roofing contractors, these are the questions that come up every time. Answers here are plain English. For the spec, email security@sitinel.ai.
That's a judge's call in any given jurisdiction, but Sitinel gives you the foundation every court looks for: chain of custody, authentication of the recording device, and demonstrable non-alteration since capture. The inclusion proof is a compact exhibit a technical witness can walk through in minutes.
No. The signing key is bound to a secure element on the device and cannot be exported. Even a Sitinel engineer with root access to the unit cannot extract it. And because the previous hour's root is already published to the public log with external witnesses, rewriting history would require colluding with every witness — and it would still be detectable by anyone who had already downloaded the earlier STH.
Frames keep being captured and hashed locally. Roots keep being signed on schedule. When connectivity returns, the backlog is published to the log in order. Continuity of the chain is preserved; the only thing that slips is the time to public anchor.
Sitinel operates the primary log. Two independent witnesses — run by third parties — co-sign each tree head. The list of current witnesses is published on our security page and rotates on a documented schedule. The log's specification is public.
No. The inclusion proof is ~576 bytes of hashes. It proves the clip was captured at that time by that device without revealing any other frame, hash, or metadata from surrounding footage. Your insurer sees the 40 seconds you chose to hand over — nothing else.
Forever. The log is append-only and designed to outlive any single claim cycle. Individual footage retention follows your storage tier and Sitinel's 24-month training-data retention (see the data-use policy), but the cryptographic anchor to your clip persists after the video itself has aged out.
Request a demo and we'll walk you through a verified clip, end-to-end, on a real field unit.