Here's what GeoClear just notarized while you opened this post — request hash, response hash, endpoint, timestamp, all signed by an HSM-bound key. Verify it yourself in 30 seconds.

{
  "iss": "https://geoclear.io",
  "iat": 1777612849,
  "endpoint": "/api/health",
  "req_hash": "sha256:6e849e1d1d0fd7a01ce7258340d6fdbf60ba68db987ba000f1fb87d2ed2f64f2",
  "resp_hash": "sha256:e2f20304ea4586a988d287a9b914b77be7d9425044a4299a9675ace73bb413bc",
  "status": 200,
  "kid": "geoclear-response-signing-2026"
}

Two posts ago, we asked whether machines that move money should be allowed to operate without explaining themselves.

Last post, we ran the same coding task across 8 leading AI models — three times — and watched the same prompt produce visibly different answers, run after run. Probability is not a substitute for proof.

If you read those two posts and felt the discomfort, this post is the answer.

The Notary, not the Log.

A Transaction Notary is not a logger. A logger captures what happened. A notary captures that it happened correctly — and produces evidence that survives without the notary.

Every machine decision GeoClear makes now carries a cryptographic receipt that you can verify, archive, and present as evidence — without trusting our database, our uptime, or our future continued existence.

What's actually shipping right now.

Every JSON response on geoclear.io — every API endpoint, every demo lookup, every MCP tool call — now carries two new HTTP headers:

• X-GeoClear-Receipt — a JWS (JSON Web Signature) over the response body, in ES384 format.

• X-GeoClear-Receipt-Kid — the public key ID, so verifiers know which key signed it.

The signing key is an HSM-bound ECDSA P-384 key in AWS KMS, on the FIPS 140-2 Level 3 validated path. The key cannot be exported. The HSM does the math; the host machine never sees the private bits.

Every emitted receipt is also written to an append-only audit table inside our database. UPDATE and DELETE privileges on that table are revoked at the database layer — even we cannot rewrite history.

The public verifier — npm install @geoclear/verify-receipt — is open source (MIT) and validates anything we've ever signed. The public key lives at https://geoclear.io/.well-known/jwks.json. You can verify a response offline, six months from now, with no network call to us.

Verification over Information.

Information without a verifiable signature is a claim. A signed receipt is evidence.

When you decide using a GeoClear response, you're not deciding on our word. You're deciding on a cryptographic artifact you can verify offline, replay six months from now, and present in court if you have to.

That's the difference between trusting an API and using a Notary.

What's next.

Today: Location Notarization. We started with location because it's the hardest decision tier to prove — and if a rooftop, an address, a flood polygon can be notarized, anything can.

We are currently opening early-access tiers for high-precision notarization: from Climate Risk and Flood Determination to Drone Deliverability and Sovereign Underwriting. If your machine needs to prove its work, we are building the envelope.

The roadmap is verifiable infrastructure for the machine economy. Not Trust Me. Verify Me.

Try it.

• Live demo: https://geoclear.io/security#receipt-demo

• Verifier package: npm install @geoclear/verify-receipt

• See a live receipt header in your terminal: curl -sI https://geoclear.io/api/health | grep -i x-geoclear

Stop trusting black-box logs. Start holding the proof.