Live on Bantu since 2026-05-09Bantu

Every Trusta receipt has a permanent home — on the blockchain.

When two people seal a deal on Trusta, the record goes somewhere that neither of them — and not even Trusta — can ever change.

Streaming live · Bantu mainnet

The last 20 anchors. Live.

Every batch on this list lives on the Bantu blockchain right now. Click a transaction or ledger to walk the proof yourself on Bantu Expansion.

$ curl https://api.mytrusta.com/api/v1/anchor/recent
Fetching the latest batches from Bantu…
Auto-refreshes every 15 s · 0 rows
BantuPowered by the Bantu Blockchain
Why this matters

Why Trusta records can never be denied.

Neither party can later deny what was agreed.

Every sealed agreement is cryptographically signed by Trusta's backend. Change even one character and the signature breaks — provably.

The record outlives the operator.

The Merkle root lives on the Bantu blockchain — not on Trusta's servers. Even if Trusta goes dark, the anchors remain.

Anyone can verify independently.

No trust in Trusta required. The maths stands on its own. Anyone with the agreement ID can walk the proof.

The 4-stage journey

From handshake to immutable record.

Every sealed Trusta agreement travels through four stages before it is permanently recorded.

01
Seal

Two people tap to confirm a deal. The record is created.

Trusta hashes the canonical bytes of the agreement and signs them with its ed25519 server key.

02
Batch

Newly-sealed deals are gathered — up to once per hour — and combined.

A Merkle tree is built from each deal's canonical hash. The 32-byte root uniquely represents every deal in the batch.

03
Broadcast

Trusta submits a transaction to the Bantu blockchain carrying the Merkle root.

The anchor wallet signs the transaction. The fee is a fraction of a cent in native Bantu asset.

04
Anchor

Once Bantu confirms the transaction (5–10 seconds), the record is permanent.

Every receipt in the batch now points to an on-chain transaction that no one can alter.

What goes on chain

Public data and private data are separated by design.

Published on-chain
  • 32-byte Merkle root — the batch fingerprint
  • One manage_data entry per batch
  • The anchor wallet's public address
  • Trusta's server signing public key
Stays private
  • Agreement contents and description
  • Party names and handles
  • Ratings and reflections
  • Chat and any attached context

Anyone can prove a Trusta agreement was signed at a specific time. Nobody can read what was inside without your permission.

The wallet model

Five roles. Zero overlap.

Every Bantu wallet in Trusta serves exactly one purpose. They never mix.

Master mnemonic
Root of trust

A 24-word BIP39 phrase that derives all other Trusta wallets. Never touches a server. Backed up with offline Shamir shares.

User-payout pool
20 wallets · receipt stamps

Each sealed agreement is stamped to one of these 20 wallets, assigned deterministically from the agreement UUID. Future payout source for XBN rewards.

Anchor wallet
1 wallet · chain commits

Signs and pays the fee for every Merkle-root anchor transaction. Separate from the pool so anchor failures never block user payouts.

Treasury wallet
1 wallet · operating reserve

Holds the XBN reserve that funds the pool and anchor wallet. Never signs user-facing transactions.

Server signing key
ed25519 key · not a Bantu wallet

Signs the canonical bytes of every agreement at seal time. Its public counterpart is published on-chain so anyone can verify it.

BantuVerify it yourself

Every artifact is public. Here they are.

These are the actual on-chain records from Trusta's production anchor wallet. Click any link to inspect them on the Bantu Expansion explorer.

Anchor wallet

GBRIJRBFBZRV…73EBG5ZXEVExpansion

Server signing pubkey (on-chain data entry)

data name: trusta:server_pubkey:v1

2c452b2d 3ac8f701 7347ac42 2a01c29f…
Expansion

Verify via curl:

curl -s 'https://expansion.stargate.is/accounts/GBRIJRBFBZRVC4EGR5BUKNHOZWAUSFFH5NFICEKMOYTZ7F73EBG5ZXEV/data/trusta:server_pubkey:v1' | jq -r .value | base64 -d | xxd

Pubkey publication transaction

edbfda1a…8308bac7
Tx Ledger 32648125

First-batch anchor transaction (13 agreements)

cb8f621a…719f71fb

Merkle root

5b3ed34d 9a978f90 c61afb5c cfe3c3e4…
Tx Ledger 32647941
6-step verification

If you don't trust Trusta, verify it yourself.

Here is how you can verify any one of our receipts without us:

  1. 01

    Get the receipt URL or QR from either party to the deal.

    This tells you which agreement to investigate.

  2. 02

    Fetch the agreement's canonical bytes + signature from the Trusta API.

    This gives you the raw data that was hashed and signed at seal time.

    GET api.mytrusta.com/api/v1/agreements/{id}
  3. 03

    Verify the signature against Trusta's published pubkey (the on-chain data entry above).

    This proves Trusta's backend authored the agreement — without trusting Trusta's word.

    trusta:server_pubkey:v1
  4. 04

    Compute SHA-256 of the canonical bytes — that is the agreement's leaf hash.

    This ties the agreement to its position in the Merkle tree.

  5. 05

    Walk the Merkle proof up to the batch root.

    This proves the agreement is included in a specific batch without revealing other agreements.

  6. 06

    Query the on-chain transaction and confirm the Merkle root matches.

    This is the final link: the record on the blockchain matches the record you computed locally.

    cb8f621a…719f71fb
Start sealing

Open a Trusta account.

Start sealing deals that can never be denied.

Open Trusta Read the terms