Etch provides the provenance primitive that every system of records needs but none actually have. AI agents are collapsing the SoR UI layer — what remains is authoritative data store + provenance + access control. Where Veeva has audit logs, Etch has math.
Key Features
- >Namespace Isolation: Per-tenant AuditChain instances — no cross-tenant visibility
- >API Key Auth: Stripe-style keys (`etch_live_sk_...`), SHA-256 hashed storage
- >Records API (v0.2.0): Full system-of-records — create, retrieve, list, proof, verify, chain/root
- >Legacy Proof API: Simple content timestamping — register, retrieve, lookup, verify
- >Merkle MMR Audit Chain: Every record is chained using a Merkle Mountain Range, making tampering cryptographically detectable
- >Privacy-Preserving: Raw content never stored — only SHA-256 hashes
- >Python SDK: `etch.records.create()`, `.verify()`, `.proof()`, `.list()`
How It Works
- 1.1. `POST /v1/records` with your data, type, and metadata`POST /v1/records` with your data, type, and metadata
- 2.2. Receive a receipt: record_id, namespace, content_hash, mmr_root, timestamp, chain_depthReceive a receipt: record_id, namespace, content_hash, mmr_root, timestamp, chain_depth
- 3.3. Later, `POST /v1/records/{id}/verify` to prove the record hasn't been tampered withLater, `POST /v1/records/{id}/verify` to prove the record hasn't been tampered with
- 4.4. `GET /v1/records/{id}/proof` returns the full Merkle inclusion proof — independently verifiable by any party`GET /v1/records/{id}/proof` returns the full Merkle inclusion proof — independently verifiable by any party
Use Cases
- >Clinical Trials: Tamper-evident audit trails from bench to FDA submission (21 CFR Part 11)
- >AI Agent Decisions: Every autonomous decision timestamped and cryptographically sealed
- >Content Provenance: Prove a story, image, or code existed before AI could replicate it
- >Patent Defense: Timestamp discoveries with mathematical proof of creation date
- >Compliance: EU AI Act Article 50 (deadline August 2026) requires provenance on AI-generated content
Revival Story
Poet (Po.et, YC W17) raised $11M to do this on Ethereum. It died under gas fees and blockchain overhead. Etch does the same thing with a simple REST API — no gas, no wallets, sub-100ms receipts — plus namespace isolation and API key auth that make it enterprise-ready.
Etch Assent
The first canonical application of Etch is **Assent** ([assent.to](https://assent.to)) — a client-side E2EE PDF signing app where every event is recorded to Etch's `/v1/records` API as a Merkle-chained receipt. Where DocuSeal and DocuSign hold the audit log themselves, Assent's audit trail is an independent Etch chain — verifiable without trusting the vendor. Passkey/WebAuthn signing, ESIGN/UETA + eIDAS Advanced compliant. The marketing line: *permanent proof of agreement, no vendor to trust*.
Traction
- >TrialSight integration: all 10 clinical data sources stamp to Etch
- >Assent live at assent.to as the verifiable e-signature alternative to DocuSeal
- >61 tests passing (22 for records API)
- >Production deployment with namespace isolation and API key auth
Tech Stack
FastAPI, Python, SQLAlchemy, PostgreSQL (Merkle chain persistence), SHA-256 cryptography. Stripe-style Python SDK.