Receipts are portable (JSON/PDF), verifiable offline, and can be pushed to your bucket (BYOB). Your audit evidence is not locked into Tranzia.
What happens if Tranzia shuts down?
Your stored receipts remain usable: the schema is published, receipts include hashes, and the verifier is open-source. You can continue verifying integrity without Tranzia.
Do you store employee PII?
PII is not required. We recommend tags instead of identities. Retention is configurable by plan, and BYOB enables customer-controlled long-term storage.
Are you SOC 2 / ISO certified?
If a certification is required, we’ll be transparent about current status. We reduce scope by minimizing data, supporting BYOB, publishing documentation, and providing verifiable receipts.
Can we control retention?
Yes. Receipts can be retained per plan and exported to customer storage. You can also use BYOB for your own long-term retention.
How does offline verification work?
Export the receipt JSON and run the verifier. It recomputes the canonical hash and compares it to the receipt hash (or the X-Receipt-Hash/ETag from export). Any tampering is detected by mismatch.
Can Tranzia edit receipts after the fact?
If data is modified, integrity verification fails. Best practice is to treat receipts as immutable audit artifacts; store annotations separately linked by receipt_id.
What security controls exist for BYOB push?
BYOB uses customer-provided presigned URLs and enforces HTTPS, timeouts, and size limits. This reduces credential handling and limits SSRF risk.