Trust policy

Verbitas produces tamper-evident provenance records. We explicitly do not:

Claim content is “real”, “fake”, “authentic”, or “genuine”
Assert semantic truth about content
Promise legal compliance with any regulation
Guarantee that provenance records cannot be fabricated by a determined adversary with sufficient resources

Verification states

Our verifier always returns one of the states in the closed enum. Every result always displays:

What this proves — the specific cryptographic claim
What this does not prove — semantic truth, content accuracy, legal compliance

No verification result is emitted without both proves and does_not_prove fields. This is enforced at the API level and in all SDK response types.

Watermark robustness claims are documented in Watermarking. Robustness benchmarks are run in CI and regressions past threshold fail the build.

The threat model is maintained in docs/THREAT-MODEL.md. Every threat has at least one corresponding negative test.