Skip to main content

Receipt Explorer · Architecture

How a cryptographic compliance receipt works.

Per utterance: SHA-256. Per call: Merkle-aggregated. Per minute: RFC 3161 timestamp authority. You can prove what your AI said, why it said it, and which compliance rule it followed.

All sample values illustrative. Real receipts are anonymised per Customer DPA — final anonymisation policy under Bird & Bird review.

Sample Artifact Library

Download what we sign for every call.

Everything Audact emits is publicly inspectable. These are real sample artifacts, anonymised. You'll be able to verify the cryptographic chain at verify.audact.ai (launching soon).

All sample values illustrative. Real receipts are anonymised per Customer DPA — final anonymisation policy under external-counsel review.

Side by side

A call log vs. a cryptographic compliance receipt.

Same call. Two very different artefacts when a regulator asks “prove it.”

What a typical voice-AI call log looks like

Reference
call_id:    call_4f8a92b1
started:    2026-05-21T14:03:11Z
ended:      2026-05-21T14:05:47Z
duration:   00:02:36
from:       +49 30 ********
to:         +49 89 ********
agent:      agent_dental_de_v3
status:     completed

transcript:
[14:03:14] AI:    "Good afternoon, this is Lina."
[14:03:18] User:  "Hi, I need to reschedule my..."
[14:03:24] AI:    "Of course. Your next opening..."
[14:05:42] AI:    "Booked. Goodbye."

(no signature, no hash chain,
 no disclosure attestation,
 no timestamp authority)

A claim about what happened. The auditor has to trust the platform’s database wasn’t altered after the fact.

What an Audact compliance receipt looks like

Evidence
call_id: call_4f8a92b1
merkle_root: 0x7c3a…e91f
rfc3161_tsa: freeTSA.org · 14:05:48Z
signed_by: Audact KMS · key_2026Q2

article_50_block:
 disclosure_uttered: true
 utterance_hash: 0x9f4b…11c2
 position_in_call: frame 04 / 287
 sequence_proof: valid
 jurisdiction: DE-BY · Art. 50(1)+(2)

consent_capture:
 consent_timestamp: 2026-05-21T14:03:22Z
 consent_hash: 0x2d18…ba07
 withdrawn: false

per_frame_attestation:
 frames: 287 / 287 attested
 policy_violations: 0
 redactions: 1 (PHI scrub)

evidence_chain_hash: 0x1a44…cc8e
verifier_url: /verify/0x1a44...cc8e

Cryptographic evidence. Merkle root + RFC 3161 timestamp + per-frame attestation + disclosure-sequence proof. Once the public verifier launches, re-verifiable by any third party.

Sample values illustrative. Actual receipts are anonymised per Customer DPA — final anonymisation policy under external-counsel review.

Caller speech ──→ STT ──→ Utterance text ──→ SHA-256 hash ──┐
                                                             ▼
LLM proposed response ──→ Compliance check ──→ PASS/FAIL ──→ SHA-256 hash
                                                             │
                                        ┌────────────────────┘
                                        ▼
                                Merkle aggregation (per call)
                                        │
                                        ▼
                                RFC 3161 TSA signature (per minute)
                                        │
                                        ▼
                                Compliance Receipt (per call)
                                        │
                                        ▼
                                Auditor / regulator / DPA / internal audit

Architecture diagram — every Audact call follows this exact path.

Merkle Tree Aggregation

From 1000s of receipts to one signed root.

Signed Root0xa3f2…8b91h11h21h21h22h23h24R1receiptR2receiptR3receiptR4receiptR5receiptR6receiptR7receiptR8receipt

Daily Merkle aggregation reduces 1000s of receipts to one signed root. Public verifier validates any leaf in O(log n) proof steps.

WHAT

Each call gets a receipt. One Merkle root. One timestamp. One audit-ready record. The receipt chains every utterance, every compliance decision, every disclosure event into a tamper-evident structure.

WHY

Logs are claims; cryptographic receipts are evidence. Regulators, auditors, and DPAs treat them differently. A log says “we think this happened.” A receipt proves it — and proves it wasn’t altered after the fact.

HOW

  • • Per utterance: SHA-256 hash (Compliance Receipt)
  • • Per call: Merkle-tree aggregation
  • • Per minute: RFC 3161 TSA signature
  • • Per disclosure: Article 50 Attestation
  • • Per sequence: Disclosure Sequencing

Patent-backed components in this receipt

  • Compliance Receipt — per-utterance hash chain
  • Merkle Aggregation — per-call tamper-evident aggregation
  • Article 50 Attestation — per-disclosure cryptographic attestation
  • Disclosure Sequencing — proof of disclosure-event order

All UK IPO filed. Patent-pending until grant — defensive IP value, not enforcement rights yet.

Audio Demo · 60-sec sample

Listen to a governed call.

Two short reference calls — one in Dutch, one in German. Article 50 disclosure, scope enforcement, and graceful refusal in the wild.

Coming soon · Q3 2026

NL example call

Dental · NL-NL

Inbound rescheduling call. Article 50 disclosure at frame 04, scope-of-practice refusal at frame 142 when the caller asked for medical advice.

Live calls process daily since 23 March 2026 (lighthouse pilot). Public sample-audio ships Q3 2026 once consent reviews complete.

Subscribe to Pulse for the launch ping →

DE example call

Legal-tech · de-DE

Outbound qualification call. Pre-disclosure, consent capture, handover to a human paralegal at frame 217.

Live calls process daily since 23 March 2026 (lighthouse pilot). Our public sample voice agent ships Q3 2026 post-consent reviews. Want a live demo today? Apply for a white-glove scoping call.

Subscribe to Pulse for the launch ping →

Live demo phone number: +31 (...) · launching Q3 2026

Live calls process daily since 23 March 2026 (Tirza pilot). Our public sample voice agent ships Q3 2026 post-consent reviews. Want a live demo today? Apply for white-glove pilot scoping call.

Want this for your own agency?

Apply for the White-Glove Pilot Programme (€1,497 one-time + €499/mo recurring). Every call your end-clients run gets a receipt — show it to their regulator, embed it in your client reports, evidence the controls you ran.