P1 · Verifiable Origin

Tamper-Proof Incident & Complaint Records

Hide customer data and response details
Prove handled with proper procedure and authority, at that time

For complaints and incidents (food safety, injury), prove "when and how it was handled" later — without exposing customer data or details. Records are tamper-proof and independently verifiable.

Hospitality & food service · Retail & services · Commercial facilities 4 min read
live in production since 2025 · Public-infrastructure PoC in production · ETHGlobal AI Agents 2026 Finalist
01 · WHO IT'S FOR

Who this is for.

For sites that may later be asked "how did you handle it then?" — food safety, injury, complaints. Records survive, but is there a guarantee they weren't rewritten? Can you show the response was legitimate without exposing the customer's data or details?

  • Quality, safety, and customer-care leads in hospitality, food service, retail, facilities

  • Teams required to evidence response records for PL, litigation, or regulators

  • Teams troubled by "we have records but can't prove they're untampered"

02 · THE SHIFT

Hand over the source, or just the facts?

Change what reaches the AI, and the leakage risk goes with it.

Without Lemma
Hand over the original
incident_id:
IC-2024-08-001
customer:
C-9847 (Yamada)
issue:
product-damage claim
response:
refund + apology
handler:
Suzuki (CS)
timestamp:
2024-08-15 14:30
↓ all of it goes to the AI / outside
With Lemma
Hand over just the facts
subject:
did:lemma:incident-IC2024-08-001
issuer:
did:lemma:org-acme-cs
sourceHash:
0x7a2c…8b9a
lineageChain:
[report, investigate, resolve, close]
recordedAt:
2024-08-15T14:30:00Z
integrity:
poseidon-merkle
ZK verified:
✓ VALID
↓ only the necessary facts to the AI

We anchor the moment a response occurs. The record's contents (customer data, details) aren't disclosed; "when, by what procedure, and who handled it" is fixed tamper-free. Years later, against litigation or a regulator, "we handled it legitimately" can be shown without disclosing customer data, opening the basis only as needed.

(Lawful handling of personal data and retention are assumed.)

See the technical details ↗
03 · HOW TO CHOOSE

Choose on three criteria.

Only work that needs all three at once — pass without exposing, independent verification, tamper-proof — is Lemma's domain.

Method Pass without exposing Independent verification Tamper-proof
Access control only
Masking / anonymization
Encryption only
Incident monitoring only
Lemma (ZK proof)the only one with all 3
04 · HOW IT WORKS

What's next

We enter through AI-adoption and data-governance support and a PoC, and stay alongside you through to operations.

  1. A 30-minute review — identify records where litigation/tampering risk concentrates.
  2. Narrow to 1–2 decisions to prove — e.g. "handled by a legitimate procedure at this point." Not customer data/details.
  3. Design disclosure scope and retention — site/legal/audit disclosure levels, personal-data handling and retention (with legal).
  4. Prove one path via a (quote-based) PoC.
  5. Hands-on support from rollout through operations — existing plan tiers (Civic / Critical / Compliance) serve only as a cost reference; setup and pricing are designed together.

Tell us the one flow with the heaviest litigation risk on response records, in the first 30 minutes. No disclosure of sensitive data required.

05 · RELATED

Related

Still have questions? See the FAQ →

The bigger picture

The bigger picture this use case belongs to.

We map use scenarios across industries and workflows by the four axes.

See use scenarios for Verifiable Origin in Solutions →

TRY LEMMA

Run it yourself.

No sales call needed — start hands-on with Lemma's products.

Try Seal → Trust402 reference implementation →