Dekimu · anchored receipts docs

Receipt families

All 14 anchored receipt families — one for each class of privacy-relevant or legally-significant event. Each family has a canonical wire-format discriminator, a per-family renderer on this verifier, and a discovery document at /.well-known/.

Provenance

Receipts that prove the origin of an artifact — who produced it, with which model, and what was captured in the daily audit root.

APRAnchored Provenance Receipts

Cryptographic proof of what an AI agent produced — who issued it, when, and what was anchored.

ar.provenance.v1

Privacy lifecycle

Receipts tied to GDPR and similar privacy-law obligations — consent, retention, lineage, notice, breach, subject rights, and impact assessments.

ACRAnchored Consent Receipts

Cryptographic proof of a consent decision — what was consented to, by whom, and against which policy.

ar.consent.v1ar.modification.v1ar.withdrawal.v1
ARRAnchored Retention Receipts

Cryptographic proof of a data-lifecycle event — erasure, expiry, hold, anonymisation, or archive.

ar.erasure.v1ar.expiry.v1ar.hold.v1ar.anonymization.v1ar.archive.v1ar.batch.v1
ALRAnchored Lineage Receipts

Cryptographic proof of data lineage — derivation, fork, supersession, or disclosure of an artifact.

ar.lineage.v1
ANRAnchored Notice Receipts

Cryptographic proof of a transparency notice — what was disclosed to a data subject, under which profile, and when.

ar.notice.v1
ABRAnchored Breach Receipts

Cryptographic proof of a personal-data breach lifecycle event — detection, assessment, notification, containment, or closure.

ar.breach.v1
ASRAnchored Subject-Rights Receipts

Cryptographic proof of a data-subject rights request lifecycle — from receipt through fulfilment, refusal, or escalation.

ar.subject_rights.v1
AIRAnchored Impact-Assessment Receipts

Cryptographic proof of a DPIA lifecycle event — threshold trigger, scope lock, DPO advice, completion, review, or prior consultation.

ar.impact.v1

Data operations

Receipts that document data-processing operations — tokenization, purpose binding, cross-border transfers, AI Act evaluations, qualified attestations, and agent delegation.

ATokRAnchored Tokenization Receipts

Cryptographic proof of a data-tokenization lifecycle event — issuance, redemption, revocation, or rotation of a pseudonymous token.

ar.tokenization.v1
APuRAnchored Purpose Receipts

Cryptographic proof of a purpose-binding event — what data was bound to which purpose, under which lawful basis, and when.

ar.purpose.v1
ATRAnchored Transfer Receipts

Cryptographic proof of a cross-border data transfer — arrangement, per-transfer record, impact assessment, or suspension.

ar.transfer.v1
AERAnchored Evaluation Receipts

Cryptographic proof of an AI Act evaluation event — conformity assessment or transparency disclosure.

ar.evaluation.v1
AARAnchored Attestation Receipts

Cryptographic proof of a qualified trust service event — eIDAS issuance or revocation of a qualified artefact.

ar.attestation.v1
ADRAnchored Delegation Receipts

Cryptographic proof of a delegation lifecycle event — grant, revoke, narrow, renew, suspend, or resume of agent authority.

ar.delegation.v1

Wire format

Every receipt carries a claim_type field following the canonical ar.<noun>.v<N> pattern. Families with multiple event types use a single claim_type and disambiguate via a body.event_type discriminator. Legacy member-prefixed kinds (e.g. apr.v1) remain accepted indefinitely.

Anchored Receipts are cryptographic provenance and privacy-lifecycle protocols; verify.dekimu.com is a reference implementation, not a qualified trust service under Regulation (EU) No 910/2014 (eIDAS) or successor.