Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.rootkey.ai/llms.txt

Use this file to discover all available pages before exploring further.

Overview

RKP-1 (Full On-Chain) is ROOTKey’s highest-integrity data processing protocol. Every data operation - creation, validation, versioning, or transfer - is recorded directly to the Polygon blockchain via a smart contract transaction. The result is a permanent, tamper-evident, publicly verifiable audit trail that requires no trust in any third party, including ROOTKey. Any entity with blockchain access can independently verify the integrity and existence of a record without contacting ROOTKey or relying on ROOTKey infrastructure. This protocol is designed for scenarios where the integrity of data is itself a compliance requirement, and where the provenance of records must withstand adversarial scrutiny - legal proceedings, regulatory audits, or multi-party disputes.

Architecture Overview

Client Application

        ▼ HTTPS / JSON
  ROOTKey REST API


  Smart Contract Layer


  Polygon Blockchain  (Mainnet)


  Publicly Queryable via Polygonscan
Each API operation triggers a smart contract execution that writes a cryptographic record to the Polygon blockchain. The on-chain record includes:
  • SHA-256 hash of the data payload
  • Timestamp of the operation (block timestamp)
  • Vault and asset identifiers
  • Originating wallet address
On-chain records are immutable - they cannot be altered, deleted, or invalidated after submission. They are publicly queryable via Polygonscan, independently of any ROOTKey service or API.

Request Limits and Throughput

ParameterValue
Maximum requests per second10
Maximum concurrent operations5-10
Maximum payload size per request35
Burst allowance2x/10seconds
For plan-specific throughput limits, visit Pricing.

Performance Indicators

MetricValue
Average end-to-end latency3500 ms
P95 end-to-end latency5000 ms
Polygon block confirmation time2-5 s
Recovery time objective (RTO)10 minutes
Recovery point objective (RPO)3.5s
Performance is subject to Polygon network conditions. ROOTKey applies optimised gas pricing strategies to maintain predictable confirmation windows under variable network load.

Validation Capabilities

RKP-1 validation is fully decentralised:
Validation TypeSupported
Independent third-party verification (no ROOTKey required)Yes
On-chain proof of existenceYes
On-chain proof of integrity (hash match)Yes
Smart contract auditabilityYes
Historical record traversalYes
Deletion or amendment post-submissionNo (by design)
Any auditor, regulator, or counterparty can verify a record by querying the Polygon blockchain directly using a standard block explorer. No API key, no ROOTKey account, no trust assumption required.

Strengths

  • Maximum auditability - full chain-of-custody on a public, permissionless blockchain
  • Decentralised trust model - no single party controls verification, including ROOTKey
  • Immutability by design - cryptographic guarantees, not policy-based controls
  • Independently verifiable - auditors and regulators can verify without vendor cooperation
  • Zero-trust compatible - aligns with zero-trust architecture principles at the data layer
  • Permanent record - no dependency on storage availability or vendor continuity

Weaknesses

  • Higher latency - each operation waits for blockchain block confirmation
  • Higher cost per operation - each write incurs a gas fee on the Polygon network
  • Throughput constraints - bounded by block time; not suitable for high-frequency write workloads
  • No data deletion - records are permanent; requires careful data classification to avoid writing personal data on-chain (GDPR implications)

Typical Use Cases

Legal and Regulatory Documents

Contracts, compliance filings, and regulatory submissions requiring cryptographic proof of existence, integrity, and timestamp.

Financial Records and Audit Trails

Transaction logs, financial statements, and audit trails where tamper-evidence is a regulatory requirement under frameworks such as MiFID II or SOX.

Supply Chain Provenance

Product authenticity certificates, quality records, and multi-party custody chains anchored immutably for each transfer event.

Critical Infrastructure Logs

Operational logs for critical systems - energy, healthcare, public services - where regulatory bodies require tamper-evident records.

Intellectual Property Registration

Proof-of-existence for IP assets, design files, or proprietary content prior to formal registration processes.

Multi-party Agreement Evidence

Binding records of agreements, SLAs, or operational decisions involving multiple organisations that each require independent verification rights.

Compliance Alignment

FrameworkAlignment
NIS2 DirectiveSupports Article 21 obligations - integrity, availability, and auditability of critical information assets
ISO 27001 (in progress)Aligns with Annex A controls: A.8.15 (logging and monitoring), A.5.33 (protection of records), A.5.36 (compliance with policies)
eIDASOn-chain timestamps provide electronic evidence suitable for qualified trust service workflows
GDPRRequires architectural consideration - personal data must not be written on-chain; hash-only patterns are GDPR-compatible
DORASupports digital operational resilience requirements for financial entities through immutable audit trails
ROOTKey is actively pursuing NIS2 alignment and ISO 27001 certification. Contact us at contact@rootkey.ai for the current compliance posture, available security documentation, and pending certifications.

Get started with a free account

Access sandbox and live environments immediately. No commitment required.

Request a technical briefing

Discuss your architecture, compliance requirements, and protocol fit with our engineering team.