PRAMA is a cryptographic alibi engine that mathematically proves where you were, when you were there — producing court-admissible evidence that survives hostile legal scrutiny.
By 2026, synthetic media has become indistinguishable from reality. Traditional deepfake detectors operate on probabilistic AI — they can be fooled, they have error rates, and they collapse under cross-examination. PRAMA inverts the paradigm entirely.
AI-based deepfake detectors have non-zero error rates. Under the Daubert Standard, they can be disqualified as unreliable scientific evidence.
GPS spoofing apps, VPN fakery, and emulator farms can fabricate any digital trail. A simple screenshot of Google Maps is no longer evidence.
Existing "alibi" tools upload raw GPS coordinates to cloud servers — creating honeypots of sensitive location data vulnerable to breach and subpoena.
PRAMA generates a continuous, immutable chain of cryptographic proofs anchored to the Arbitrum blockchain — proving your physical presence without ever revealing your location to anyone.
User authenticates via Keycloak OAuth2. The Rust crypto core generates a localized AES-256 Master Key and outputs a 12-word seed phrase. Even if the device is destroyed, the user can recover their entire encrypted timeline.
Every 5 minutes (or on significant motion triggers), native hardware bridges scrape GPS, Wi-Fi BSSIDs, barometric pressure, cell tower IDs, and biometric state. Apple/Google attestation proves the device is physical silicon, not an emulator.
Each data point is individually SHA-256 hashed, then combined into a single Master Superhash. Raw JSON is encrypted with an AES key derived from the seed phrase via HKDF — the key never leaves the device. The encrypted blob is wrapped in a Curve25519/ECDH envelope for transport.
Payloads arrive via TLS 1.3 through AWS API Gateway (WAF + rate limiting). IP addresses are scrubbed post-validation. The ingestion API verifies hardware attestation and Ed25519 signatures, unlocks the outer envelope, and queues the AES blob to Redis. The server cannot read your data.
Every 2 hours, a background relayer collapses millions of Superhashes into a single Merkle Root and anchors it to Arbitrum L2. RPC fallback arrays (Alchemy → Infura → QuickNode) guarantee the anchor never misses a block. Each user receives an individual Merkle Proof for offline verification.
The Rust core generates a C2PA-compliant PDF with embedded cryptographic metadata. Third parties (judges, lawyers) visit verify.prama.id, input the Superhash, and the portal queries Arbitrum directly. If the hash aligns with the on-chain Merkle Root, the system outputs mathematical certainty.
Curve25519 can't encrypt large payloads. AES needs a secure key exchange. PRAMA's hybrid solution uses HKDF to derive an AES-256 key from your seed phrase locally, encrypts the heavy sensor JSON, then wraps only the hash + ciphertext in an ECDH envelope for transport.
AES key never leaves the device — server physically cannot read location data
Individual hash structure enables Selective Disclosure in court
Even a full database breach yields zero PII and zero readable locations
Each tier is independently scalable, deployable, and securable. A breach in one tier cannot cascade to another.
Client-side processing — all cryptography happens here.
Authentication, attestation, and key management.
Traffic handling, rate limiting, and attestation verification.
Encrypted storage with automated cold archiving.
Immutable blockchain notarization with fallback arrays.
Third-party verification portal for legal stakeholders.
Because each data point is individually hashed before being combined into the Superhash, the Merkle structure enables granular disclosure. Need to prove you were at a hotel? Reveal only the location hash. Your connected Wi-Fi networks, nearby Bluetooth devices, and biometric data remain permanently hidden.
This is cryptographic privacy by design — not a policy, not a promise, but a mathematical guarantee enforced by the hash structure itself.
PRAMA is architected for top-tier global jurisdictions. Every legal requirement maps directly to a technical implementation — not a policy document.
Electronic records require a specific certificate detailing device identifiers and hashing algorithms.
prama-legal-export auto-generates BSA §63 formatted PDFs with device IMEI, SHA-256 algorithm specification, and Arbitrum TxHash — elevating data from secondary evidence to irrefutable technical fact.
Absolute data minimization. No plaintext PII. No stored location data.
The ledger holds zero plaintext. Identity layer is physically isolated from data layer. Even a complete breach yields zero mappable information. C2PA-compliant exports.
Scientific evidence must be testable, have a known error rate, and be peer-reviewable.
PRAMA relies on open-source, mathematically proven primitives (SHA-256, Merkle Trees) — not proprietary AI. The known error rate is effectively zero. Fully peer-reviewable.
PRAMA uses an Event-Driven Hybrid Trigger model instead of relying on BGProcessingTask, which iOS silently throttles. Snapshots trigger on startMonitoringSignificantLocationChanges (cell tower changes), applicationProtectedDataDidBecomeAvailable (device unlock), and Apple Watch HealthKit background observers. Users can toggle "High-Security Mode" for continuous minute-by-minute tracking at the cost of battery and the OS background indicator.
Your historical data is permanently unrecoverable. This is a feature, not a bug. We strictly enforce Zero-Knowledge boundaries — there is no "Forgot Password" backdoor for the AES key, because such a backdoor would make the key subject to court subpoena. You can perform a "Hard Identity Reset" to register a new public key and start fresh.
Our strict KPI is less than 2% battery drain per 24 hours. The Rust crypto core has no garbage collector and completes SHA-256 hashing + AES encryption in approximately 3 milliseconds, instantly returning the background thread to sleep. Heavy computation never triggers OS background throttling limits.
This decision is driven by cryptography, not UI preferences. We need a unified Rust Core for all hashing to ensure cross-platform blockchain verification consistency. Flutter has a production-ready flutter_rust_bridge library with zero C++ boilerplate. React Native requires JSI C++ glue code which is prone to memory leaks in cryptographic operations.
Two layers: (1) API Gateway rate limits to 5 payloads per minute per user DID. (2) Every payload must include a live Apple App Attest or Google Play Integrity token. Without a valid hardware signature from Apple or Google, the Fastify server drops the request instantly. It is impossible to spoof data from a laptop or server farm.
PRAMA is positioned as a "Personal Security & Legal Vault," not a tracking app. Onboarding includes un-skippable data minimization prompts stating that location data never leaves the device unencrypted. The app includes a Privacy Dashboard showing local SQLite vault storage with a prominent "Delete All My Data" button. Android uses a Foreground Service with a persistent notification ("Prama: Reality Protection Active").
PRAMA is currently in closed development. Join the early access waitlist for priority onboarding when we launch.
NO SPAM. YOUR EMAIL IS NEVER SHARED. ZERO-KNOWLEDGE PRINCIPLES APPLY TO OUR MARKETING TOO.