Lumra signs every event the moment it happens: gate, camera, sensor, dashcam. It chains each one into a record that courts, insurers, and auditors can verify without trusting you, or us. It's insurance for your operational truth, at pennies per device.
No new hardware, nothing replaced, plugs into the systems you already run. Signing real events the same afternoon.
2026 California verdict in a single elopement incident a facility couldn't defend. One undocumented event can outweigh decades of premiums.
per device per day at the illustrative rate. One denied claim costs more than a decade of it. The math on this page only needs this number to stay small.
US federal evidence rules (902(13)/(14)) let hash-verified records self-authenticate through a written certification instead of live witness testimony. Lumra records and their export pack are built to support exactly that certification.
Legal defense, settlement pressure, denied claims, lost contract: pick your number.
One incident you can't prove costs more than 166 years of Lumra.
Illustrative rate of $0.50/device/mo, exact pricing quoted at pilot.
Each device or system signs its own events with a key bound to it (Ed25519). The signature is born where the event is, not added later in someone's cloud.
Compact signed digests are hash-chained into a tamper-evident ledger. We never need your raw video or audio. Privacy is the architecture, not a setting.
A standalone verifier re-checks any record with no PriviNet servers involved. The proof survives us. That's the point. Go try to break one in the demo above.
Integration: point a webhook from your VMS, telematics, or IoT platform at Lumra. Typical pilot is signing real events the same afternoon.
| Operation | The incident | What the record settles |
|---|---|---|
| Senior & memory care | A resident wanders; response timeline disputed | Signed proof of when the alert fired and who was notified |
| Fleets & dashcams | Collision, "your driver ran the light" | Impact event, time, and location, verifiable by the insurer, not just claimed |
| Ports & cargo | Container tampered somewhere along the chain | Which custody window it happened in |
| Airports & aviation | Perimeter breach, ground-handling damage | Independently checkable sequence of events |
| Security & facilities | Guard tour disputed, footage authenticity challenged | Event digests that survive vendor changes |
| Industrial & energy | Equipment failure blame between operator and OEM | Sensor anomaly trail neither side can rewrite |
→ Found your row? Run the 3-minute provability audit for your operation
Pick your industry and the systems you run. In about two minutes you'll have a report of the events that decide disputes in your world, which ones you're capturing, which are provable, and where the gaps are. No email needed to see your results.
Four ways this plays out. In every one, notice two things: the proof was created before anyone knew it would matter, and it's the other side who runs the verifier. Proof only exists where a signal was captured and signed, which is why every pilot starts by mapping your coverage.
An 80-bed facility, GPS wearables on wander-risk residents. Eight months after a 2 a.m. incident, a lawsuit claims staff ignored the alert for 40 minutes.
The verification: plaintiff's own expert runs the free verifier. The 02:19 record's signature and chain links only compute if it existed at 02:19, inserting it later breaks every following link. The 40-minute theory dies in discovery. With the timeline beyond dispute, the case resolves around what actually happened (17 minutes, protocol followed) instead of a jury guessing whose logs to believe.
Illustrative scenario, how the system is designed to work.
A 40-truck fleet with dashcams. Intersection collision; the other driver's insurer demands the footage, and hints it will challenge the video's authenticity.
The verification: the opposing expert hashes the video file they received against h1…h4, hashes committed and signed the day of the crash, weeks before anyone knew there'd be a fight. They match; editing is provably impossible. The clip shows a green light. Claim denied on the other side, and the chained recall log shows exactly who has ever viewed the footage.
Illustrative scenario, how the system is designed to work.
A container terminal. A pharmaceutical container reaches the consignee with a broken seal and product missing, and five custody parties blame each other.
The verification: the adjuster, who trusts nobody, runs the verifier on each party's records. The terminal's verify cleanly and bracket the incident to a custody window after gate-out. The terminal didn't win by being more believable; it won by being checkable. Five suspects become one window; weeks instead of years.
Illustrative scenario, how the system is designed to work.
An energy facility with vibration and temperature sensors on critical pumps. A pump fails catastrophically, a week of downtime. The OEM denies warranty: "your operators ignored the early warnings."
The verification: the OEM's engineers replay the decision, recorded inputs through the recorded algorithm version reproduce the recorded output, byte for byte. The "obvious early warning" was scored low-risk by analytics both sides can now inspect; the operators were never told to act. The negligence theory collapses; the warranty pays.
Illustrative scenario, how the system is designed to work.
Because anyone with admin access can edit them, and that's why adjusters and opposing counsel discount them. Lumra records are signed at the source and chained; altering one breaks verification, as you saw above.
No. Lumra works from compact signed metadata. Raw media stays yours; it can only be recalled under an audited, logged process. We can't leak footage we never receive.
Your records outlive us. The verifier is a standalone open tool that never phones home; anyone can re-check any record, forever. Proof that requires trusting the vendor isn't proof.
No tokens, no mining, no consensus fees. Just the boring, court-tested cryptography (Ed25519 signatures, SHA-256 hash chains) that federal evidence rules already recognize.
Dashcam footage holds up when you can prove nobody edited it after the fact. Lumra hashes each video segment at the moment of recording and signs the hashes into a tamper-evident chain. Under Federal Rules of Evidence 902(13) and 902(14), hash-verified records like these can self-authenticate through a qualified person's written certification rather than live testimony. Weeks later, anyone can hash the file they received and match it against the hashes committed on the day of the incident.
A tamper-evident audit log is a record of alerts, notifications, and responses that cannot be edited after the fact without detection. Lumra signs each event at the source, such as a geofence exit or a staff acknowledgment, and chains it to the previous record. If an entry is altered or inserted later, verification fails. Opposing experts can check the timeline themselves with a free standalone verifier.
Chain of custody is proven by signed records at each handoff. Lumra signs gate-in, yard moves, seal checks, and gate-out events on the devices that observe them, then chains the records so none can be rewritten. When a container arrives damaged, an adjuster who trusts no party can verify each record independently and narrow the loss to a specific custody window instead of relying on competing paperwork.
A cryptographically verifiable event record is an event that is digitally signed where it happens and linked by hash to the record before it. The signature proves which device or person created it, and the hash chain proves nothing was altered, inserted, or deleted afterward. Verification requires only the exported records and open cryptographic checks, not access to the vendor's systems.
Different job. Evidence-management platforms are vaults: you upload media and trust whoever runs the vault. Photo-verification apps authenticate media captured through their own camera flow, and nothing outside it. Free timestamping proves a hash existed by a certain time, with no event, no custody, no paperwork. Lumra signs the operational events themselves, from the systems you already run, never takes your media, and hands you records anyone can verify plus the certification template to use them. And unlike most of the category, the pricing is on this page.
Verifying your records is always free and needs no PriviNet servers. A ProofPack is the assembled, court-ready file for a single incident: the signed records, a verification transcript, standalone verifier instructions, and a pre-filled FRE 902(13)/(14) certification template for your qualified person to sign. It is a paid deliverable you request when a dispute lands, and every pilot includes one free.
PriviNet began as exactly what it sounds like: a private network, built to give IoT devices the security and privacy they shipped without. Then our engineers and AI scientists kept hitting the same wall. Privacy protects data; it doesn't prove anything. Safety, it turned out, lives in verification.
Our founder, a serial entrepreneur, spent years consulting on the sale of high-end encryption, the kind of work he still can't say much about. Lumra is that obsession rebuilt as software anyone can check. And through Decern, our sister project, we're already building the next generation: verification designed to hold up in a post-quantum world.
Which brings us to the trust question, the one this section is supposed to answer. Our honest answer: don't. Every record Lumra signs can be verified independently. No PriviNet login, no PriviNet goodwill required. Scroll up and try to forge one. That's the whole pitch.
Coverage keeps everything signed and chained in the background for pennies a day. ProofPack is what you request the day it matters: one incident, assembled into a single court-ready file your insurer, adjuster, or counsel can verify themselves.
It is not a database export. It is the finished artifact a records custodian signs and forwards, with the verification already done and the paperwork already drafted.
Every pilot includes one ProofPack, free, generated from your own incident. You see exactly what lands on your desk before you ever need it.
Download a real sample ProofPack →Generated by the live engine from a demonstration incident. Open it: every hash reproduces, the signature checks, and the declaration is inside.
The always-on layer: everything signs, chains, and verifies.
The court-ready file, assembled the day you need it.
For operators and underwriters standardizing on proof.
*Illustrative rates, exact pricing quoted at pilot. Verification of your records is always free; ProofPack is the assembled, certification-ready deliverable.
Day one: real signed records from your own gates, cameras, and sensors. Day sixty: you'll wonder how you ever walked into a dispute without them.
Not sure what you'd even need to capture? Run the 3-minute audit first →