> ## Documentation Index
> Fetch the complete documentation index at: https://docs.rootkey.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# FAQ

> Answers to common questions about ROOTKey's architecture, security, integration, and pricing.

<Tabs>
  <Tab title="General">
    <AccordionGroup>
      <Accordion title="What does ROOTKey do?">
        ROOTKey is a cyber resilience platform that anchors data to the Polygon blockchain, creating tamper-evident, independently verifiable records.

        It operates as infrastructure: you send data through the ROOTKey API, and we produce a cryptographic proof that the data existed in a specific state at a specific time - without any party, including ROOTKey, being able to alter that proof after the fact.

        This is useful for any scenario where you need to prove data integrity to a third party - regulators, auditors, counterparties, or courts - without relying on a trusted intermediary.
      </Accordion>

      <Accordion title="Who uses ROOTKey?">
        ROOTKey is used by enterprise teams, system integrators, and platform builders across regulated industries including financial services, healthcare, legal, energy, manufacturing, and public sector.

        Common profiles include:

        * **CISOs and security architects** designing data integrity controls for critical systems
        * **DevOps and platform engineers** embedding integrity anchoring into existing pipelines
        * **Compliance and legal teams** requiring defensible audit trails for regulatory reporting
        * **Integration partners** building ROOTKey capabilities into client-facing platforms
      </Accordion>

      <Accordion title="How is ROOTKey different from a traditional audit log?">
        Traditional audit logs are mutable - they can be altered by anyone with database access, including the system operator. If the operator is compromised, or if the log is in scope for a breach, the audit trail cannot be trusted.

        ROOTKey writes integrity proofs to a public blockchain. Once written, the proof cannot be altered, deleted, or suppressed - by ROOTKey, by you, or by any third party. Verification does not require trust in any party: any auditor can independently confirm a record using only the original data and a standard blockchain explorer.
      </Accordion>

      <Accordion title="Do I need blockchain expertise to use ROOTKey?">
        No. ROOTKey's API abstracts all blockchain complexity. You interact with standard REST endpoints using JSON - vault creation, file upload, validation. ROOTKey handles wallet management, gas fees, transaction signing, and blockchain interaction.

        You only interact with the blockchain directly if you choose to - for example, to independently verify a record using Polygonscan without going through ROOTKey at all.
      </Accordion>

      <Accordion title="How do I get started?">
        1. Create a free account at [app.rootkey.ai](https://app.rootkey.ai?utm_source=api_docs\&utm_medium=faq\&utm_content=signup)
        2. Generate a sandbox API key
        3. Follow the [Quickstart guide](/pages/overview) - you'll have your first vault and anchored record in under 5 minutes

        If you prefer a guided introduction, [request a demo](https://rootkey.ai/contact?utm_source=api_docs\&utm_medium=faq\&utm_content=demo) and our team will walk through a use case tailored to your architecture.
      </Accordion>
    </AccordionGroup>
  </Tab>

  <Tab title="Security">
    <AccordionGroup>
      <Accordion title="How is data protected in transit?">
        All API communication is encrypted using TLS 1.2 or higher. Plain HTTP connections are rejected. See [Security & Trust](/pages/security-and-compliance) for full details.
      </Accordion>

      <Accordion title="Who can see my data?">
        ROOTKey's staff do not access client data as part of normal operations. Data access is governed by the [Privacy Policy](https://rootkey.ai/legal?tab=privacy\&utm_source=api_docs\&utm_medium=faq\&utm_content=privacy).

        For [RKP-1 (Full On-Chain)](/pages/protocols/rkp-1-on-chain), the cryptographic hash of your data is written to a public blockchain - the hash is not reversible to the original content, but it is publicly visible. The original data itself is not published.

        For [RKP-2](/pages/protocols/rkp-2-off-chain) and [RKP-3](/pages/protocols/rkp-3-hybrid), data is stored off-chain within ROOTKey's encrypted infrastructure.
      </Accordion>

      <Accordion title="What happens if ROOTKey goes offline?">
        Previously anchored records remain valid and independently verifiable on the Polygon blockchain regardless of ROOTKey's availability. No ROOTKey infrastructure is required to verify a record - only the original data and a blockchain explorer (e.g. Polygonscan).

        This is by design: ROOTKey is not a trusted intermediary. It is a blockchain anchoring service. The trust is in the blockchain, not in ROOTKey.
      </Accordion>

      <Accordion title="Is ROOTKey GDPR compliant?">
        Yes. ROOTKey's off-chain storage (used in RKP-2 and RKP-3) supports GDPR right-to-erasure - off-chain data can be deleted while the on-chain proof remains.

        For RKP-1 (Full On-Chain), personal data should not be written directly to the blockchain, as on-chain records are permanent. Use hash-only patterns: compute a hash of the personal data client-side and anchor only the hash. See [Security & Trust](/pages/security-and-compliance) for more detail.
      </Accordion>

      <Accordion title="Are you ISO 27001 certified?">
        ROOTKey is currently pursuing ISO 27001 certification. We are also working toward NIS2 alignment.

        Enterprise clients can request security documentation - architecture diagrams, security questionnaire responses, data flow maps - by contacting [contact@rootkey.ai](mailto:contact@rootkey.ai).
      </Accordion>

      <Accordion title="How do I report a security vulnerability?">
        Report vulnerabilities responsibly to [security@rootkey.ai](mailto:security@rootkey.ai). We acknowledge reports within 5 business days. See [Security & Trust](/pages/security-and-compliance) for the full responsible disclosure process.
      </Accordion>
    </AccordionGroup>
  </Tab>

  <Tab title="Integration">
    <AccordionGroup>
      <Accordion title="What deployment models are available?">
        ROOTKey supports multiple integration and deployment models:

        * **[REST API](/pages/deployment/api-integration)** - standard HTTPS integration, fastest path to production
        * **[On-premise](/pages/deployment/on-premise)** - ROOTKey deployed within your infrastructure
        * **[Container](/pages/deployment/container)** - Docker and Kubernetes-native deployment
        * **[MQTT](/pages/deployment/mqtt)** - event-driven integration for IoT and industrial systems
        * **[Native integrations](/pages/deployment/native)** - CRM, ERP, and platform integrations built to specification

        All models expose the same API contract and support the same data processing protocols.
      </Accordion>

      <Accordion title="What are the available data processing protocols?">
        ROOTKey defines three protocols - RKP-1, RKP-2, and RKP-3 - each with a different balance of throughput, latency, and on-chain auditability.

        * **[RKP-1](/pages/protocols/rkp-1-on-chain)** - Full On-Chain: maximum auditability, every operation on the blockchain
        * **[RKP-2](/pages/protocols/rkp-2-off-chain)** - Off-Chain: high throughput, cryptographic proof on-chain
        * **[RKP-3](/pages/protocols/rkp-3-hybrid)** - Hybrid: enterprise balance, on-chain for critical events

        See the [Protocols overview](/pages/protocols/overview) for a decision guide.
      </Accordion>

      <Accordion title="How do development and production environments work?">
        ROOTKey provides two separate API endpoints:

        * **Development**: `https://dev-api.rootkey.ai` - for testing and integration development, no costs, no real blockchain transactions
        * **Production**: `https://api.rootkey.ai` - live operations on Polygon Mainnet, credits consumed per plan

        Switching to production requires updating your base URL and API key in your environment configuration.

        See [Environments](/pages/environments) for details.
      </Accordion>

      <Accordion title="Does ROOTKey provide client SDKs?">
        The ROOTKey API is a standard REST API accessible from any language or HTTP client. A dedicated [SDK and libraries page](/pages/sdks) lists available client libraries and community resources.

        If you need an SDK for a specific language not currently covered, contact [support@rootkey.ai](mailto:support@rootkey.ai).
      </Accordion>

      <Accordion title="How are asynchronous operations handled?">
        Operations that involve blockchain anchoring in RKP-2 and RKP-3 are processed asynchronously. The API returns immediately after off-chain processing; blockchain anchoring completes within a defined window.

        ROOTKey sends a **webhook event** to your configured endpoint when anchoring completes. See [Webhooks](/pages/webhooks) for event schemas and configuration.
      </Accordion>

      <Accordion title="Where can I find the full API reference?">
        The complete endpoint documentation - request schemas, response formats, and examples - is available in the [API Reference](/api-reference/overview).
      </Accordion>
    </AccordionGroup>
  </Tab>

  <Tab title="Pricing">
    <AccordionGroup>
      <Accordion title="How does ROOTKey's pricing work?">
        ROOTKey uses a credit-based model. Each API operation consumes a defined number of credits depending on the operation type and the active data processing protocol. Credits are included in subscription plans or available as top-up packages.

        See [Pricing](/pages/pricing) for plan details, or visit [rootkey.ai/platform/pricing](https://www.rootkey.ai/platform/pricing?utm_source=api_docs\&utm_medium=faq\&utm_content=pricing) for the full plan comparison.
      </Accordion>

      <Accordion title="Is there a free tier or trial?">
        Yes. Create a free account at [app.rootkey.ai](https://app.rootkey.ai?utm_source=api_docs\&utm_medium=faq\&utm_content=signup) to access the sandbox environment at no cost. Sandbox usage does not consume credits or incur charges.
      </Accordion>

      <Accordion title="What options are available for enterprise teams?">
        Enterprise clients can access custom plans with higher throughput limits, dedicated support, SLA guarantees, and on-premise or private cloud deployment options.

        Contact [contact@rootkey.ai](mailto:contact@rootkey.ai) to discuss enterprise pricing and deployment requirements.
      </Accordion>

      <Accordion title="Are credits refundable?">
        Credits are non-refundable once consumed. See [Pricing](/pages/pricing) for the full credit policy.
      </Accordion>
    </AccordionGroup>
  </Tab>
</Tabs>

***

Didn't find what you were looking for? Contact our team at [support@rootkey.ai](mailto:support@rootkey.ai) - support is available Monday to Friday, 9:00 AM – 6:00 PM (GMT).