FAQ - ROOTKey

General
Security
Integration
Pricing

What does ROOTKey do?

ROOTKey is a cyber resilience platform that anchors data to the Polygon blockchain, creating tamper-evident, independently verifiable records.It operates as infrastructure: you send data through the ROOTKey API, and we produce a cryptographic proof that the data existed in a specific state at a specific time - without any party, including ROOTKey, being able to alter that proof after the fact.This is useful for any scenario where you need to prove data integrity to a third party - regulators, auditors, counterparties, or courts - without relying on a trusted intermediary.

Who uses ROOTKey?

ROOTKey is used by enterprise teams, system integrators, and platform builders across regulated industries including financial services, healthcare, legal, energy, manufacturing, and public sector.Common profiles include:

CISOs and security architects designing data integrity controls for critical systems
DevOps and platform engineers embedding integrity anchoring into existing pipelines
Compliance and legal teams requiring defensible audit trails for regulatory reporting
Integration partners building ROOTKey capabilities into client-facing platforms

How is ROOTKey different from a traditional audit log?

Traditional audit logs are mutable - they can be altered by anyone with database access, including the system operator. If the operator is compromised, or if the log is in scope for a breach, the audit trail cannot be trusted.ROOTKey writes integrity proofs to a public blockchain. Once written, the proof cannot be altered, deleted, or suppressed - by ROOTKey, by you, or by any third party. Verification does not require trust in any party: any auditor can independently confirm a record using only the original data and a standard blockchain explorer.

Do I need blockchain expertise to use ROOTKey?

No. ROOTKey’s API abstracts all blockchain complexity. You interact with standard REST endpoints using JSON - vault creation, file upload, validation. ROOTKey handles wallet management, gas fees, transaction signing, and blockchain interaction.You only interact with the blockchain directly if you choose to - for example, to independently verify a record using Polygonscan without going through ROOTKey at all.

How do I get started?

Create a free account at app.rootkey.ai
Generate a sandbox API key
Follow the Quickstart guide - you’ll have your first vault and anchored record in under 5 minutes

If you prefer a guided introduction, request a demo and our team will walk through a use case tailored to your architecture.

How is data protected in transit?

All API communication is encrypted using TLS 1.2 or higher. Plain HTTP connections are rejected. See Security & Trust for full details.

Who can see my data?

ROOTKey’s staff do not access client data as part of normal operations. Data access is governed by the Privacy Policy.For RKP-1 (Full On-Chain), the cryptographic hash of your data is written to a public blockchain - the hash is not reversible to the original content, but it is publicly visible. The original data itself is not published.For RKP-2 and RKP-3, data is stored off-chain within ROOTKey’s encrypted infrastructure.

What happens if ROOTKey goes offline?

Previously anchored records remain valid and independently verifiable on the Polygon blockchain regardless of ROOTKey’s availability. No ROOTKey infrastructure is required to verify a record - only the original data and a blockchain explorer (e.g. Polygonscan).This is by design: ROOTKey is not a trusted intermediary. It is a blockchain anchoring service. The trust is in the blockchain, not in ROOTKey.

Is ROOTKey GDPR compliant?

Are you ISO 27001 certified?

ROOTKey is currently pursuing ISO 27001 certification. We are also working toward NIS2 alignment.Enterprise clients can request security documentation - architecture diagrams, security questionnaire responses, data flow maps - by contacting contact@rootkey.ai.

How do I report a security vulnerability?

Report vulnerabilities responsibly to security@rootkey.ai. We acknowledge reports within 5 business days. See Security & Trust for the full responsible disclosure process.

What deployment models are available?

ROOTKey supports multiple integration and deployment models:

REST API - standard HTTPS integration, fastest path to production
On-premise - ROOTKey deployed within your infrastructure
Container - Docker and Kubernetes-native deployment
MQTT - event-driven integration for IoT and industrial systems
Native integrations - CRM, ERP, and platform integrations built to specification

All models expose the same API contract and support the same data processing protocols.

What are the available data processing protocols?

ROOTKey defines three protocols - RKP-1, RKP-2, and RKP-3 - each with a different balance of throughput, latency, and on-chain auditability.

RKP-1 - Full On-Chain: maximum auditability, every operation on the blockchain
RKP-2 - Off-Chain: high throughput, cryptographic proof on-chain
RKP-3 - Hybrid: enterprise balance, on-chain for critical events

See the Protocols overview for a decision guide.

How do development and production environments work?

ROOTKey provides two separate API endpoints:

Development: https://dev-api.rootkey.ai - for testing and integration development, no costs, no real blockchain transactions
Production: https://api.rootkey.ai - live operations on Polygon Mainnet, credits consumed per plan

Switching to production requires updating your base URL and API key in your environment configuration.See Environments for details.

Does ROOTKey provide client SDKs?

The ROOTKey API is a standard REST API accessible from any language or HTTP client. A dedicated SDK and libraries page lists available client libraries and community resources.If you need an SDK for a specific language not currently covered, contact support@rootkey.ai.

How are asynchronous operations handled?

Operations that involve blockchain anchoring in RKP-2 and RKP-3 are processed asynchronously. The API returns immediately after off-chain processing; blockchain anchoring completes within a defined window.ROOTKey sends a webhook event to your configured endpoint when anchoring completes. See Webhooks for event schemas and configuration.

Where can I find the full API reference?

The complete endpoint documentation - request schemas, response formats, and examples - is available in the API Reference.

Didn’t find what you were looking for? Contact our team at support@rootkey.ai - support is available Monday to Friday, 9:00 AM – 6:00 PM (GMT).