A transparency page, not a marketing claim. It shows the live heartbeat of the deletion cron — the job that wipes every cluster dump, finding, and PDF within 24 hours of job completion — and publishes the ed25519 public key you use to verify your retention log. See the retention policy for the full model.
Only the last-run timestamp is published — enough to prove the cron is alive. Per-tenant deletion counts are private and live behind your authenticated dashboard under Trust → Retention log.
Every entry in the retention log is signed with the private half of this key, held only by the deletion cron. Use Download signed log (JSON) (Trust → Retention log in the dashboard) to export the whole signed entries, then verify each one offline against the public key below — if a single byte was altered, the hash chain breaks and the signature will not verify. The exact construction is on the Trust page.
eph-retention-pubkey-v1 (ed25519, hex) f6cb6f96e094f797ff10d59d315cff8069721ae8716afd54e1fbd83076f3ae64