Verification, not belief.
TrackJet is built so you do not have to take our word for anything: histories are sealed, seals are publicly anchored, analytics are cookieless, and our uptime is self-measured in the open.
Cryptographic transparency
Sealed timelines (tjvt1)
Each tracked chain's events are sealed into a SHA-256 hash chain at ingest — 312 seals live today. Editing, deleting or reordering any past event breaks verification, and the breakage is the proof.
Spec →Public Merkle log (tjmt1)
All sealed heads anchor into an append-only Merkle root history (3 roots published). Inclusion proofs verify OFFLINE with the open-source tjverify CLI.
Root history (live JSON) →Privacy engineering
Cookieless analytics
No cookies, no consent banner needed: sessions are an irreversible server-side hash with a daily-rotating salt that lives only in memory. Query strings are never stored.
Public stats →PII vault + crypto-shredding
Sensitive third-party fields are encrypted per-field (XSalsa20-Poly1305, keys outside the database). Deleting your account shreds keys — data becomes permanently unreadable, with a receipt.
Privacy center →Operations
Self-measured uptime
A canary exercises the real user paths around the clock. Last 30 days: 100.00%. The status page shows the same data we see.
Network status →Tamper-evident audit log
Admin actions are sealed into their own hash chain; a deleted or edited audit row is detected — and recoverable byte-exact from its seal. This has caught a real bug in production.
How sealing works →Restore drills, not hope
Backups are restored into a scratch database every week and verified against minimum row counts. A backup that has never been restored is a hope, not a backup.
This page →Read-only degradation
During maintenance the public site degrades to read-only: tracking keeps serving while writes get a friendly 503 with Retry-After — never a hard outage for readers.
Status →