Epheia

Privacy Receipts for Any AI Runtime

Per-session, machine-checkable proofs that your models handled sensitive data correctly.

Read the Whitepaper Join the Waitlist

Powered by the EPR‑1.1 Open Standard

  • The Epheia Privacy Receipt (EPR‑1.1) is an open, vendor‑neutral receipt standard for runtime privacy across any AI stack. The specification defines a 16‑step verification protocol with hardware‑rooted attestation, monotonic freshness counters, proof‑of‑zero termination, and (when learning is enabled) DP‑bounded update artifacts.
  • Epheia converts privacy policies into machine‑checkable receipts for sensitive data (PII/PHI/IP).
  • Every session produces a signed receipt; our open Verifier can gate egress until checks pass and write to a transparency log.
  • Try it now: The Quick Verify widget runs core receipt checks client‑side: ECDSA signatures, X.509 chain validation, DP parameter checks, and egress policy all in your browser. The full EPR‑1.1 verification protocol is defined in the white paper.

EPR‑1.1 Receipt | Public Reference

Quick Verify runs the core cryptographic checks. The full 16-step protocol is defined in the EPR-1.1 specification.

Download 
  {
  "version": "EPR-1.1",
  "receipt_profile": "EPR-1.1-full",
  "receipt_id": "rec_XXXXXXXX",
  "issued_at": "2026-01-01T00:00:00.000Z",
  "session_id": "sess_XXXXXXXX",
  "action": "chat",
  "freshness": {
    "nonce": "<base64url-≥16-bytes>"
  },
  "receipt_digest": "sha256:<64-hex>",
  "receipt_signature": "ecdsa-p384-sha384:<base64url-der-sig>",
  "decision": "RELEASE",
  "response_ciphertext_digest": "sha256:<64-hex>",
  "signature_policy": "dual",
  "attestation_mode": "periodic",
  "attestation_policy": {
    "tau_ms": 500
  },
  "attestation_chain_root": "sha256:<64-hex>",
  "attestations": [
    {
      "kind": "start",
      "ts": "2026-01-01T00:00:00.000Z",
      "freshness_counter": 0,
      "component": "leaf",
      "platform": "AMD-SEV-SNP",
      "state_digest": "sha256:<64-hex>",
      "evidence_format": "amd-sev-snp-report",
      "evidence_digest": "sha256:<64-hex>",
      "signatures": [
        {
          "role": "enclave",
          "sig": "ecdsa-p384-sha384:<base64url-der-sig>"
        },
        {
          "role": "hypervisor",
          "sig": "ecdsa-p384-sha384:<base64url-der-sig>"
        }
      ]
    },
    {
      "kind": "heartbeat",
      "ts": "2026-01-01T00:00:00.500Z",
      "freshness_counter": 1,
      "component": "leaf",
      "platform": "AMD-SEV-SNP",
      "state_digest": "sha256:<64-hex>",
      "evidence_format": "amd-sev-snp-report",
      "evidence_digest": "sha256:<64-hex>",
      "signatures": [
        {
          "role": "enclave",
          "sig": "ecdsa-p384-sha384:<base64url-der-sig>"
        },
        {
          "role": "hypervisor",
          "sig": "ecdsa-p384-sha384:<base64url-der-sig>"
        }
      ]
    },
    {
      "kind": "stop",
      "ts": "2026-01-01T00:00:01.000Z",
      "freshness_counter": 2,
      "component": "leaf",
      "platform": "AMD-SEV-SNP",
      "state_digest": "sha256:<64-hex>",
      "evidence_format": "amd-sev-snp-report",
      "evidence_digest": "sha256:<64-hex>",
      "signatures": [
        {
          "role": "enclave",
          "sig": "ecdsa-p384-sha384:<base64url-der-sig>"
        },
        {
          "role": "hypervisor",
          "sig": "ecdsa-p384-sha384:<base64url-der-sig>"
        }
      ]
    }
  ],
  "certs": [
    "<leaf-cert-pem>",
    "<root-cert-pem>"
  ],
  "key_material_by_kid": {
    "<kid>": "sha256:<cert-fingerprint>"
  },
  "platform_report": {
    "platform": "AMD-SEV-SNP",
    "image_digest": "sha256:<64-hex>",
    "cadence_ms": 500
  },
  "network_policy": [
    "self-origin"
  ],
  "policy_state_digest": "sha256:<64-hex>",
  "dp_tuple": {
    "enabled": true,
    "mech": "gaussian",
    "adjacency": "add_remove",
    "clip": {
      "norm": "l2",
      "bound": "1"
    },
    "sensitivity": {
      "norm": "l2",
      "bound": "1",
      "source": "derived_from_clip"
    },
    "guarantee": {
      "type": "approx_dp",
      "epsilon": "0.3",
      "delta": "0.00001"
    },
    "calibration": {
      "rule": "dwork_roth_1p25"
    },
    "params": {
      "sigma": "4"
    },
    "tuple_digest": "sha256:<64-hex>"
  },
  "update_digest": "sha256:<64-hex>",
  "zeroization_report_digest": "sha256:<64-hex>",
  "teardown_digest": "sha256:<64-hex>",
  "transcript_commitment": {
    "scheme": "hmac-sha256",
    "value": "<64-hex>",
    "key_id": "tls-exporter:<b64url>"
  },
  "connector_selection": [
    {
      "name": "file.pdf",
      "sha256": "<64-hex>"
    }
  ],
  "transparency_merkle_root": null,
  "verifier_url": "https://epheia.ai/api/receipt/sess_XXXXXXXX"
}
Quick verification is client-side only; no backend calls.

Run full verification

Founder's note

Epheia was founded to make AI privacy verifiable, not just promised. Every session produces a signed privacy receipt, and the system blocks egress unless verification passes; no transcripts or PHI are stored. I designed the receipt specification and verification protocol, and implemented the verifier you can try on this page.

Vincent Giacomo, Founder of Epheia, Inc. Connect on LinkedIn →

How Epheia Works

Epheia's patent-pending architecture is a runtime privacy control plane for any AI stack: Issue receipts, verify them, gate egress, and keep audit-grade evidence.

1. Issue

Each session produces a signed EPR-1.1 privacy receipt: a cryptographic artifact containing the attestation chain root, policy configuration, zeroization proof, and (when learning is enabled) the DP parameters bound to the update hash.

2. Verify

The open verifier executes a 16-step verification protocol: signatures, monotonic freshness counter continuity, platform evidence binding, DP calibration, proof-of-zero, and returns a pass/fail result anyone can re-run.

3. Gate

The Egress Gate blocks model output by default. Verification must pass before any data leaves the trust boundary, ensuring policy-driven, fail-closed enforcement.

4. Log

Receipts-only retention: no transcripts, no raw prompts, and no update payloads stored. Optionally anchor receipts in a transparency log for inclusion proofs and external audit.

Benefits for Regulated Teams

Provable Privacy for Every AI Runtime

Provable Privacy

Per-session, machine-checkable receipts replace PDF assurances. Backed by a hardware-rooted attestation chain, not just a policy document.

Fail-Closed Enforcement

The Egress Gate blocks outputs by default. Verification must pass before any data leaves the boundary. Policy you can prove.

Shorter Security Reviews

A normative 16-step verification protocol, signed configuration, and pinned roots designed to accelerate audits.

No Transcripts or Identifiers in Logs

Receipts-only retention: the receipt proves compliance without storing the data that was protected.

Model & Vendor Agnostic

Designed for use with OpenAI, Anthropic, Google Gemini (Vertex), AWS Bedrock, Azure OpenAI, xAI Grok, and local LLMs. Designed for boundary-edge deployment; extend the trust boundary end-to-end as providers adopt TEE-hosted inference.

Because Patient Trust Matters

Healthcare-specific safeguards: show what PHI is in scope, prove only what's needed was used, and link actions to a patient's consent. Optional fields align with HIPAA workflows to protect patients.

Let's Prove Privacy Together

Epheia is building the infrastructure to make AI privacy cryptographically verifiable, not just promised. We'd love for you to be part of what comes next.

Contact Us