TL;DR
- The database trap: most "independent verification" is actually vendor-dependent. You log into their system and trust their database.
- The ledger anchor: Klariqo anchors a cryptographic fingerprint (a SHA-256 hash) of each signed call record onto a public ledger we do not control. Anyone can re-compute that hash and check it against the public record in any browser, completely outside our system.
- The privacy rule: only the fingerprint is public. Sensitive data (transcripts, recordings, phone numbers, names) never goes on the ledger.
- The boundary: this proves the record has not been altered since its timestamp. It does not validate consent, and it does not make your call center compliant. You own your compliance program; we provide the evidence.
If a regulator or auditor asks you to prove a call recording was not altered, and your only proof is a file generated by your own software vendor, you do not have proof. You have an assertion.
True independent verification of a call record means any reviewer can confirm the file is unaltered and existed at a specific time, without relying on the system that generated it. In any dispute, an auditor or opposing counsel asks a simple question: who controls the database that produced this record? If it is run by you, or by a vendor who lets you delete records with a click, the evidence is weak. Real evidence has to be checkable against an outside source that neither party can alter.
Here is how that works, and how anyone can verify a Klariqo call record in a browser without logging into our system.
The vendor-dashboard illusion
Many providers claim their records are independently verifiable. What they usually mean is that you can log into their dashboard and their system will display a checkmark.
But that vendor operates the dashboard, maintains the database, and controls the clock. If the checkmark relies entirely on the vendor's own database, you are not verifying the evidence. You are trusting the vendor.
For a call center facing liability or a formal audit, that is a real weakness. The party with the most to lose in a dispute is relying on its own paid vendor to vouch for the evidence, and an auditor knows to discount that.
What real independent verification looks like
Real independent verification does not require trust. You check the record against an external, append-only notary book that sits entirely outside the vendor's control: a public ledger. By anchoring a fingerprint of the record to a public ledger, any third party can confirm two things without contacting Klariqo:
- Integrity: the record has not been modified by a single byte since it was created.
- Timing: the record existed at or before a specific consensus timestamp.
How Klariqo anchors a call record
When a call ends, Klariqo secures the record in three steps:
- Seal and sign. The call data (the recording, the transcript, and the QA scorecard) is compiled into a single file on the open vCon standard, then cryptographically signed with Klariqo's published key (RS256), so any later edit is immediately detectable. That signature is self-asserted: it shows the record came from Klariqo's key, not from a government certificate authority.
- Fingerprint. We compute a SHA-256 hash of the entire signed file. This hash is a unique fingerprint. Change a single letter of the transcript or one millisecond of the audio and the hash changes completely.
- Anchor. We stamp that fingerprint onto Hedera, a public, council-governed ledger. Hedera is run by an outside council whose members include companies like Google and IBM, so Klariqo has no special power to alter, delete, or backdate old entries. The ledger entry holds only the fingerprint and a little non-content metadata.
That is what keeps the public proof private: no transcripts, audio, names, or phone numbers are ever sent to the ledger. The fingerprint reveals nothing about the call on its own; it only serves as proof of existence and integrity when matched against the original file.
Step by step: how to verify a record
To verify a call, you hand an auditor, regulator, or client the signed vCon file and its ledger receipt. They verify it themselves in three steps:
1. Compute the fingerprint locally
The reviewer computes the SHA-256 hash of the vCon file on their own machine. In any terminal:
sha256sum record.vcon.json
This local calculation sends the call data to no one, which keeps it private.
2. Open the ledger entry
The receipt contains a public link to a Hedera mirror node, a public endpoint served by the ledger network, not by Klariqo. The reviewer opens it in any browser, no login or credentials required.
3. Compare the fingerprints
The reviewer compares the hash they computed with the hash recorded on the public ledger. If they match, they have confirmed that this exact file existed at the ledger's consensus timestamp and has not been altered since. The full walkthrough is in our technical docs.
Why a public ledger, specifically
A public ledger gives you two things a vendor's internal database cannot:
- No vendor trust required. The proof is retrieved from a network the vendor does not run, so the reviewer does not need to trust Klariqo's database or servers.
- No backdating. The consensus timestamps are set by network agreement, so we cannot generate a record today and pretend it existed three months ago. In an audit, being able to show a record was not retroactively fabricated is worth a lot.
Defining the evidence boundary
Precision is what makes evidence credible, so we are explicit about what this proves and what it does not.
- What it proves: this specific call record (audio, transcript, and scorecard) is genuine, unaltered, and existed no later than the ledger consensus timestamp.
- What it does not prove: that a conversation legally took place, that the consumer gave valid consent, or that the call was lawful. It does not make your call center compliant.
The vCon record is your evidence of what happened on the call. The public ledger is the proof that your evidence is real and untampered. Your scripts, your consent practices, and your legal review stay yours. A vendor claiming their software "makes you compliant" is overreaching, and a regulator will recognize the difference. We deliver the proof; you run your compliance program. More on the evidence boundary.
A real-world scenario
A mid-market call center runs 15,000 outbound dials a day. Three months after a campaign, a regulator requests the recording of a specific call to check a disclosure requirement.
Under the standard vendor-dashboard model, the manager logs into the dialer, downloads an audio file, and emails it. The regulator has to trust that the call center did not edit the recording, regenerate the file, or change the metadata.
Under the ledger-anchored model, the call center sends the signed vCon file and its Hedera receipt. The regulator runs a local SHA-256 hash, checks the public ledger, and sees the exact hash matches the record stamped three months ago. No trust in the call center's database or vendor is required. The proof is independent and checkable in minutes.
Comparison: standard vendor vs. ledger-anchored evidence
| Standard vendor-dashboard model | Ledger-anchored evidence model | |
|---|---|---|
| Proof source | Internal vendor database | External, council-governed public ledger |
| Verification method | Vendor-controlled portal | Any public mirror node |
| Login required | Yes, vendor credentials | No, open browser access |
| Tamper detection | Relies on trusting the vendor's database | Cryptographic, any change breaks the hash |
| Backdate protection | None, the vendor controls the clock | Fixed by external consensus |
| Ultimate trust anchor | The software vendor | Cryptography and an outside network |
Frequently asked questions
Does this put my private call recordings on a public network? No. Only the SHA-256 fingerprint of the record is anchored to the public ledger. Sensitive information (transcripts, recordings, phone numbers, and names) is never sent to the ledger. The fingerprint is a one-way hash; it cannot be reversed to reveal any call detail.
Do I need a wallet or cryptocurrency to verify a call? No. Verifying a record is computing a local hash and opening a public web link. No accounts, no wallets, no crypto.
What is Hedera? A public, council-governed ledger. Its governing council is made up of independent international companies, including Google and IBM. Klariqo anchors to it because it is a stable public notary that operates completely outside our control, which is what makes the proof independent.
Does ledger anchoring make my outbound campaign compliant? No. It proves your call evidence is genuine and unaltered. It does not validate consent or confirm a call was lawful. Managing consent, reviewing scripts, and legal procedures stay with your compliance officer and counsel.
Can third parties verify records without our cooperation? Yes. Given the signed vCon file and the receipt, they run the whole process on their own. They do not need a Klariqo account, our permission, or our cooperation to retrieve the proof from the public ledger.
See the verifier in action
Test the browser-based verifier yourself. Upload a sample record and watch verification happen entirely in your browser, with no data leaving your machine.