StatVault
← Trust Center

We prove our logins like we prove our answers

StatVault is a relying party of the Obelisk identity plane. Accounts, passkeys, and sessions live at the identity provider — StatVault itself stores no passwords and no credential secrets. Every meaningful auth event (sign-up, sign-in, sign-out, privilege change) is designed to land in an append-only, hash-chained receipt ledger, the same discipline we apply to Knox's answers.

Sign-in model
Staged

Passkey-first login is built and env-gated; activation is one founder action.

Auth receipts

Ledger storage not connected in this environment.

Chain head

Appears with the first receipt.

How it works

No credentials held. Sign-in happens at the Obelisk Gate identity provider with WebAuthn passkeys; StatVault only ever receives a short-lived session token, which it verifies server-to-server.

Append-only ledger.Auth receipts are hash-chained: each one commits to the previous receipt's hash, so history can't be silently rewritten. The database table rejects updates and deletes outright.

Redaction by construction. Receipts carry only a whitelist of non-secret fields — never emails, tokens, passwords, or IPs. A secret-shaped payload throws before any write.

Related: Merkle history · Trust pulse · Security