How does it work?

Every AI company asks for your trust. Trust that your data isn't mined. Trust that the model is what they claim. Trust that nothing is logged, filtered, or quietly swapped. Trust backed by nothing but a marketing page.

We take the opposite bet. Don't trust us — verify us.

We don't ask you to believe our claims. We give you the tools to check them. If we can't let you verify something, we don't claim it.

Verifiable inference

Every response carries a signed receipt: the model's identity, a hash of the software that produced it, and a digest of the output itself. That means:

• If someone tampered with a response, the signature won't match — detectable, not a matter of trust.
• If the model were quietly swapped for a weaker or more-censored one, the model hash would change — you'd know.

Receipts are locally signed by default and can be anchored on-chain for an independent, tamper-evident record.

Verifiable independence

We host our own uncensored model — Qwen3-32B (abliterated) — on our own hardware. No upstream provider's content policy, rate limit, or silent model substitution sits between you and the answer. The model you're told you're talking to is the model you're actually talking to, and the receipt proves it.

Verifiable privacy

Sensitive client-side data is encrypted in your browser, with open, auditable code. We can't read what we never receive in the clear. Privacy you can inspect beats privacy you're promised.

So — how do you trust us?

You don't have to. Look for the attestation badge on each response, check the signature, compare the model hash. The whole product is built so that the honest answer to "how do I trust you?" is: you don't — you verify.

That's the Ghostral promise: you can see through everything we do, and what you can't see, you can prove.