Security

TattleHash is built for traders who take trust seriously. Our security architecture ensures your attestations are cryptographically sound, tamper-proof, and permanently verifiable.

Cryptographic Foundation

Every attestation is hashed using the Web Crypto API (SubtleCrypto), the same cryptographic primitives trusted by browsers and financial institutions worldwide. This ensures:

• Constant-time execution resistant to timing attacks
• Deterministic hashing via canonical JSON serialization
• No sensitive data processed in JavaScript userland

Your trade details are hashed locally before transmission. We store proofs, not secrets.

Infrastructure You Can Trust

TattleHash runs on Cloudflare's global edge network, inheriting enterprise-grade compliance:

Your attestation data is encrypted at rest. The service runs on Cloudflare's global edge network for fast, reliable access worldwide.

Immutable Proof

Once created, attestations cannot be altered. Every record is:

• Hash-chained to its predecessor, creating a tamper-evident ledger
• Merkle-batched for efficient verification
• Anchored on-chain to Polygon, Base, and Ethereum for permanent, public proof

Anyone can verify an attestation using its ShortCode. No account required. No trust required. Just math.

Access & Authentication

• Wallet-based authentication — your keys, your identity
• JWT session management with secure token handling
• Comprehensive rate limiting to prevent abuse
• Input validation on every request via strict schema enforcement