Edge Proof Network

You can't prevent every incident.
You can prove exactly what happened.

Lumra signs every event the moment it happens: gate, camera, sensor, dashcam. It chains each one into a record that courts, insurers, and auditors can verify without trusting you, or us. It's insurance for your operational truth, at pennies per device.

Start your free 60-day pilot

No new hardware, nothing replaced, plugs into the systems you already run. Signing real events the same afternoon.

Incident record № 004-1187ed25519 · sha-256
eventgate.breach_detected
devicecam-east-04 (key #A2F1)
time
location33.9425, -118.4081
digestcomputing…
chain← №004-1186 · 9c41…e07b
Why now

Do the math your insurer already does

$110M

2026 California verdict in a single elopement incident a facility couldn't defend. One undocumented event can outweigh decades of premiums.

1.6¢

per device per day at the illustrative rate. One denied claim costs more than a decade of it. The math on this page only needs this number to stay small.

FRE 902

US federal evidence rules (902(13)/(14)) let hash-verified records self-authenticate through a written certification instead of live witness testimony. Lumra records and their export pack are built to support exactly that certification.

Run it with your numbers

Legal defense, settlement pressure, denied claims, lost contract: pick your number.

Lumra, per month$125
Lumra, per device per day1.6¢
Years of Lumra one incident would buy166 yrs

One incident you can't prove costs more than 166 years of Lumra.

Illustrative rate of $0.50/device/mo, exact pricing quoted at pilot.

How it works

Sign. Chain. Verify. No new hardware.

01 · Sign

Signed at the source

Each device or system signs its own events with a key bound to it (Ed25519). The signature is born where the event is, not added later in someone's cloud.

02 · Chain

Chained, not stored

Compact signed digests are hash-chained into a tamper-evident ledger. We never need your raw video or audio. Privacy is the architecture, not a setting.

03 · Verify

Verified by anyone

A standalone verifier re-checks any record with no PriviNet servers involved. The proof survives us. That's the point. Go try to break one in the demo above.

Integration: point a webhook from your VMS, telematics, or IoT platform at Lumra. Typical pilot is signing real events the same afternoon.

Industries

The dispute you're one bad night away from

OperationThe incidentWhat the record settles
Senior & memory careA resident wanders; response timeline disputedSigned proof of when the alert fired and who was notified
Fleets & dashcamsCollision, "your driver ran the light"Impact event, time, and location, verifiable by the insurer, not just claimed
Ports & cargoContainer tampered somewhere along the chainWhich custody window it happened in
Airports & aviationPerimeter breach, ground-handling damageIndependently checkable sequence of events
Security & facilitiesGuard tour disputed, footage authenticity challengedEvent digests that survive vendor changes
Industrial & energyEquipment failure blame between operator and OEMSensor anomaly trail neither side can rewrite

→ Found your row? Run the 3-minute provability audit for your operation

Free mini audit

Which disputes can you prove today?

Pick your industry and the systems you run. In about two minutes you'll have a report of the events that decide disputes in your world, which ones you're capturing, which are provable, and where the gaps are. No email needed to see your results.

Which of these do you run? (tap all that apply)
Anything else worth knowing? (optional)
Has a dispute like these come up in the last 12 months?
~2 minutes · results shown right here, ungated
Proof stories

The day the record had to hold

Four ways this plays out. In every one, notice two things: the proof was created before anyone knew it would matter, and it's the other side who runs the verifier. Proof only exists where a signal was captured and signed, which is why every pilot starts by mapping your coverage.

An 80-bed facility, GPS wearables on wander-risk residents. Eight months after a 2 a.m. incident, a lawsuit claims staff ignored the alert for 40 minutes.

02:14:09 · signed at source · chainedgps.geofence_exit, resident crosses the boundary
02:14:11 · decision record + input digestsrisk: CRITICAL → escalate, with the explanation factors recorded
02:14:12 · signedstaff notification dispatched
02:19:47 · signed · chainedstaff acknowledgment
02:31:02 · signedresident located, safe
8 months laterThe dispute: "That acknowledgment was added to the log afterward."

The verification: plaintiff's own expert runs the free verifier. The 02:19 record's signature and chain links only compute if it existed at 02:19, inserting it later breaks every following link. The 40-minute theory dies in discovery. With the timeline beyond dispute, the case resolves around what actually happened (17 minutes, protocol followed) instead of a jury guessing whose logs to believe.

Illustrative scenario, how the system is designed to work.

A 40-truck fleet with dashcams. Intersection collision; the other driver's insurer demands the footage, and hints it will challenge the video's authenticity.

14:47:04 · signed at sourcefleet.impact. G-force spike, GPS, speed
14:47:05 · signed window referenceevidence exists: 14:47:03–:23, four segments, hashes h1…h4, the video itself never leaves the recorder
+3 weeks · appended to same chainrecall request from the insurer → access decision → time-limited token → retrieval receipt
the dispute"Dashcam clips get edited all the time."

The verification: the opposing expert hashes the video file they received against h1…h4, hashes committed and signed the day of the crash, weeks before anyone knew there'd be a fight. They match; editing is provably impossible. The clip shows a green light. Claim denied on the other side, and the chained recall log shows exactly who has ever viewed the footage.

Illustrative scenario, how the system is designed to work.

A container terminal. A pharmaceutical container reaches the consignee with a broken seal and product missing, and five custody parties blame each other.

06:02 · signed by gate sensorgate-in, seal intact
06:40–10:55 · signedyard position events
11:18 · signedgate-out to drayage, seal intact
the disputeThe adjuster trusts none of the five parties' logs. Ordinarily, whoever has the weakest paperwork eats the loss.

The verification: the adjuster, who trusts nobody, runs the verifier on each party's records. The terminal's verify cleanly and bracket the incident to a custody window after gate-out. The terminal didn't win by being more believable; it won by being checkable. Five suspects become one window; weeks instead of years.

Illustrative scenario, how the system is designed to work.

An energy facility with vibration and temperature sensors on critical pumps. A pump fails catastrophically, a week of downtime. The OEM denies warranty: "your operators ignored the early warnings."

30 days of telemetry · signedvibration / temperature events
day −14 · decision recordanomaly scored LOW risk, recorded with algorithm version and the digests of its exact inputs
day 0 · signedcatastrophic failure event
the disputeNegligence or defect? $2M rides on what the operators were actually told.

The verification: the OEM's engineers replay the decision, recorded inputs through the recorded algorithm version reproduce the recorded output, byte for byte. The "obvious early warning" was scored low-risk by analytics both sides can now inspect; the operators were never told to act. The negligence theory collapses; the warranty pays.

Illustrative scenario, how the system is designed to work.

Objections, answered

Questions buyers ask. Straight answers.

We already have logs. Why isn't that enough?

Because anyone with admin access can edit them, and that's why adjusters and opposing counsel discount them. Lumra records are signed at the source and chained; altering one breaks verification, as you saw above.

Do you see our video or audio?

No. Lumra works from compact signed metadata. Raw media stays yours; it can only be recalled under an audited, logged process. We can't leak footage we never receive.

What if PriviNet disappears?

Your records outlive us. The verifier is a standalone open tool that never phones home; anyone can re-check any record, forever. Proof that requires trusting the vendor isn't proof.

Is this blockchain?

No tokens, no mining, no consensus fees. Just the boring, court-tested cryptography (Ed25519 signatures, SHA-256 hash chains) that federal evidence rules already recognize.

How do dashcam videos hold up as evidence?

Dashcam footage holds up when you can prove nobody edited it after the fact. Lumra hashes each video segment at the moment of recording and signs the hashes into a tamper-evident chain. Under Federal Rules of Evidence 902(13) and 902(14), hash-verified records like these can self-authenticate through a qualified person's written certification rather than live testimony. Weeks later, anyone can hash the file they received and match it against the hashes committed on the day of the incident.

What is a tamper-evident audit log?

A tamper-evident audit log is a record of alerts, notifications, and responses that cannot be edited after the fact without detection. Lumra signs each event at the source, such as a geofence exit or a staff acknowledgment, and chains it to the previous record. If an entry is altered or inserted later, verification fails. Opposing experts can check the timeline themselves with a free standalone verifier.

How do you prove chain of custody for cargo?

Chain of custody is proven by signed records at each handoff. Lumra signs gate-in, yard moves, seal checks, and gate-out events on the devices that observe them, then chains the records so none can be rewritten. When a container arrives damaged, an adjuster who trusts no party can verify each record independently and narrow the loss to a specific custody window instead of relying on competing paperwork.

What is a cryptographically verifiable event record?

A cryptographically verifiable event record is an event that is digitally signed where it happens and linked by hash to the record before it. The signature proves which device or person created it, and the hash chain proves nothing was altered, inserted, or deleted afterward. Verification requires only the exported records and open cryptographic checks, not access to the vendor's systems.

How is this different from evidence vaults, photo apps, or free timestamping?

Different job. Evidence-management platforms are vaults: you upload media and trust whoever runs the vault. Photo-verification apps authenticate media captured through their own camera flow, and nothing outside it. Free timestamping proves a hash existed by a certain time, with no event, no custody, no paperwork. Lumra signs the operational events themselves, from the systems you already run, never takes your media, and hands you records anyone can verify plus the certification template to use them. And unlike most of the category, the pricing is on this page.

What is a ProofPack, and is verification free?

Verifying your records is always free and needs no PriviNet servers. A ProofPack is the assembled, court-ready file for a single incident: the signed records, a verification transcript, standalone verifier instructions, and a pre-filled FRE 902(13)/(14) certification template for your qualified person to sign. It is a paid deliverable you request when a dispute lands, and every pilot includes one free.

Who's behind this

Don't take our word for it. We insist.

PriviNet began as exactly what it sounds like: a private network, built to give IoT devices the security and privacy they shipped without. Then our engineers and AI scientists kept hitting the same wall. Privacy protects data; it doesn't prove anything. Safety, it turned out, lives in verification.

Our founder, a serial entrepreneur, spent years consulting on the sale of high-end encryption, the kind of work he still can't say much about. Lumra is that obsession rebuilt as software anyone can check. And through Decern, our sister project, we're already building the next generation: verification designed to hold up in a post-quantum world.

Which brings us to the trust question, the one this section is supposed to answer. Our honest answer: don't. Every record Lumra signs can be verified independently. No PriviNet login, no PriviNet goodwill required. Scroll up and try to forge one. That's the whole pitch.

ProofPack

When the dispute lands, this is what you hand over.

Coverage keeps everything signed and chained in the background for pennies a day. ProofPack is what you request the day it matters: one incident, assembled into a single court-ready file your insurer, adjuster, or counsel can verify themselves.

It is not a database export. It is the finished artifact a records custodian signs and forwards, with the verification already done and the paperwork already drafted.

  • The signed event, analysis, and evidence-window records for that incident
  • A verification transcript: every hash recomputed, the signature checked, at export time
  • Standalone verifier instructions, so the other side confirms it with open tools and no PriviNet servers
  • A pre-filled FRE 902(13)/(14) certification template, ready for your qualified person (typically an IT director, records custodian, or forensics expert) to review and sign

Every pilot includes one ProofPack, free, generated from your own incident. You see exactly what lands on your desk before you ever need it.

ProofPack · incident 004-11877 sections · v1.1
01Incident record, signed at sourceEd25519 signature · key sw-1af02408 · 02:14:09Z
02Analysis recordrisk score, escalation decision, explanation factors, ruleset version
03Evidence-window referencessegment digests h1…h4 · media never leaves your systems
04Canonical inputsevery byte needed to reproduce every hash, independently
05Verification transcript4 digests recomputed · all match · signature valid
06Standalone verifier instructionsopen tools only · no PriviNet servers involved
07FRE 902(13)/(14) certificationpre-filled declaration · awaiting your qualified person's signature
Summary view. The full pack is a complete, machine-verifiable file. Verification is always free.

Download a real sample ProofPack →Generated by the live engine from a demonstration incident. Open it: every hash reproduces, the signature checks, and the declaration is inside.

Pricing

Priced like insurance. Budgeted like insurance.

Coverage
$0.50*
per device per month · volume rates beyond 1,000

The always-on layer: everything signs, chains, and verifies.

  • Unlimited events & signing
  • Hash-chained records, kept for the life of the account
  • Free standalone verification, forever
  • Audited recall workflow for raw media
Start free pilot
ProofPack
$2,500*
per incident · quoted up front, never a surprise

The court-ready file, assembled the day you need it.

✓ Includes 1 free ProofPack in your pilot
  • Full evidence bundle for one incident
  • Verification transcript & verifier instructions
  • Pre-filled FRE 902(13)/(14) certification template
Start your free pilot
Enterprise legal
Custom
annual · for multi-facility & insurer programs

For operators and underwriters standardizing on proof.

  • ProofPacks included at volume
  • Priority handling & custodian support
  • Portfolio onboarding for insured fleets
Talk to us

*Illustrative rates, exact pricing quoted at pilot. Verification of your records is always free; ProofPack is the assembled, certification-ready deliverable.

Sixty days. Twenty-five devices. Zero dollars.

Day one: real signed records from your own gates, cameras, and sensors. Day sixty: you'll wonder how you ever walked into a dispute without them.

Not sure what you'd even need to capture? Run the 3-minute audit first →