PriviNet Lumra. Landing Redesign Concept
PREVIEW · staging build of the new privinet.net · pricing shown is illustrative
Edge Proof Network

You can't prevent every incident.
You can prove exactly what happened.

Lumra signs every event the moment it happens, gate, camera, sensor, dashcam, and chains it into a record that courts, insurers, and auditors can verify without trusting you, or us. It's insurance for your operational truth, at pennies per device.

Start your free 60-day pilot

No new hardware, nothing replaced, plugs into the systems you already run. Signing real events the same afternoon.

Incident record № 004-1187ed25519 · sha-256
eventgate.breach_detected
devicecam-east-04 (key #A2F1)
time
location33.9425, -118.4081
digestcomputing…
chain← №004-1186 · 9c41…e07b
Why now

Do the math your insurer already does

$110M

2026 California verdict in a single elopement incident a facility couldn't defend. One undocumented event can outweigh decades of premiums.

1.6¢

per device per day at the illustrative rate. One denied claim costs more than a decade of it, the math on this page only needs this number to stay small.

FRE 902

US federal evidence rules (902(13)/(14)) let records self-authenticate in court when backed by cryptographic hashes. Lumra records are built to that standard.

Run it with your numbers

Legal defense, settlement pressure, denied claims, lost contract, pick your number.

Lumra, per month$125
Lumra, per device per day1.6¢
Years of Lumra one incident would buy166 yrs

One incident you can't prove costs more than 166 years of Lumra.

Illustrative rate of $0.50/device/mo, exact pricing quoted at pilot.

How it works

Sign. Chain. Verify. No new hardware.

01 · Sign

Signed at the source

Each device or system signs its own events with a key bound to it (Ed25519). The signature is born where the event is, not added later in someone's cloud.

02 · Chain

Chained, not stored

Compact signed digests are hash-chained into a tamper-evident ledger. We never need your raw video or audio, privacy is the architecture, not a setting.

03 · Verify

Verified by anyone

A standalone verifier re-checks any record with no PriviNet servers involved. The proof survives us. That's the point, go try to break one in the demo above.

Integration: point a webhook from your VMS, telematics, or IoT platform at Lumra. Typical pilot is signing real events the same afternoon.

Industries

The dispute you're one bad night away from

OperationThe incidentWhat the record settles
Senior & memory careA resident wanders; response timeline disputedSigned proof of when the alert fired and who was notified
Fleets & dashcamsCollision, "your driver ran the light"Impact event, time, and location, verifiable by the insurer, not just claimed
Ports & cargoContainer tampered somewhere along the chainWhich custody window it happened in
Airports & aviationPerimeter breach, ground-handling damageIndependently checkable sequence of events
Security & facilitiesGuard tour disputed, footage authenticity challengedEvent digests that survive vendor changes
Industrial & energyEquipment failure blame between operator and OEMSensor anomaly trail neither side can rewrite

→ Found your row? Run the 3-minute provability audit for your operation

Free mini audit

Which disputes can you prove today?

Pick your industry and the systems you run. In about two minutes you'll have a report of the events that decide disputes in your world, which ones you're capturing, which are provable, and where the gaps are. No email needed to see your results.

Which of these do you run? (tap all that apply)
Anything else worth knowing? (optional)
Has a dispute like these come up in the last 12 months?
~2 minutes · results shown right here, ungated
Proof stories

The day the record had to hold

Four ways this plays out. In every one, notice two things: the proof was created before anyone knew it would matter, and it's the other side who runs the verifier. Proof only exists where a signal was captured and signed, which is why every pilot starts by mapping your coverage.

An 80-bed facility, GPS wearables on wander-risk residents. Eight months after a 2 a.m. incident, a lawsuit claims staff ignored the alert for 40 minutes.

02:14:09 · signed at source · chainedgps.geofence_exit, resident crosses the boundary
02:14:11 · decision record + input digestsrisk: CRITICAL → escalate, with the explanation factors recorded
02:14:12 · signedstaff notification dispatched
02:19:47 · signed · chainedstaff acknowledgment
02:31:02 · signedresident located, safe
8 months laterThe dispute: "That acknowledgment was added to the log afterward."

The verification: plaintiff's own expert runs the free verifier. The 02:19 record's signature and chain links only compute if it existed at 02:19, inserting it later breaks every following link. The 40-minute theory dies in discovery; the case becomes about facts (17 minutes, protocol followed), not whose logs to believe.

Illustrative scenario, how the system is designed to work.

A 40-truck fleet with dashcams. Intersection collision; the other driver's insurer demands the footage, and hints it will challenge the video's authenticity.

14:47:04 · signed at sourcefleet.impact. G-force spike, GPS, speed
14:47:05 · signed window referenceevidence exists: 14:47:03–:23, four segments, hashes h1…h4, the video itself never leaves the recorder
+3 weeks · appended to same chainrecall request from the insurer → access decision → time-limited token → retrieval receipt
the dispute"Dashcam clips get edited all the time."

The verification: the opposing expert hashes the video file they received against h1…h4, hashes committed and signed the day of the crash, weeks before anyone knew there'd be a fight. They match; editing is provably impossible. The clip shows a green light. Claim denied on the other side, and the chained recall log shows exactly who ever viewed the footage.

Illustrative scenario, how the system is designed to work.

A container terminal. A pharmaceutical container reaches the consignee with a broken seal and product missing, and five custody parties blame each other.

06:02 · signed by gate sensorgate-in, seal intact
06:40–10:55 · signedyard position events
11:18 · signedgate-out to drayage, seal intact
the disputeThe adjuster trusts none of the five parties' logs. Ordinarily, whoever has the weakest paperwork eats the loss.

The verification: the adjuster, who trusts nobody, runs the verifier on each party's records. The terminal's verify cleanly and bracket the incident to a custody window after gate-out. The terminal didn't win by being more believable; it won by being checkable. Five suspects become one window; weeks instead of years.

Illustrative scenario, how the system is designed to work.

An energy facility with vibration and temperature sensors on critical pumps. A pump fails catastrophically, a week of downtime. The OEM denies warranty: "your operators ignored the early warnings."

30 days of telemetry · signedvibration / temperature events
day −14 · decision recordanomaly scored LOW risk, recorded with algorithm version and the digests of its exact inputs
day 0 · signedcatastrophic failure event
the disputeNegligence or defect? $2M rides on what the operators were actually told.

The verification: the OEM's engineers replay the decision, recorded inputs through the recorded algorithm version reproduce the recorded output, byte for byte. The "obvious early warning" was scored low-risk by analytics both sides can now inspect; the operators were never told to act. The negligence theory collapses; the warranty pays.

Illustrative scenario, how the system is designed to work.

Objections, answered

"But we already have logs."

Exactly, and anyone with admin access can edit them.

That's why adjusters and opposing counsel discount them. Lumra records are signed at the source and chained; altering one breaks verification, as you saw above.

Do you see our video or audio?

No. Lumra works from compact signed metadata. Raw media stays yours; it can only be recalled under an audited, logged process. We can't leak footage we never receive.

What if PriviNet disappears?

Your records outlive us. The verifier is a standalone open tool that never phones home, anyone can re-check any record, forever. Proof that requires trusting the vendor isn't proof.

Is this blockchain?

No tokens, no mining, no consensus fees. Just the boring, court-tested cryptography (Ed25519 signatures, SHA-256 hash chains) that evidence rules already recognize.

Who's behind this

Don't take our word for it. We insist.

PriviNet began as exactly what it sounds like: a private network, built to give IoT devices the security and privacy they shipped without. Then our engineers and AI scientists kept hitting the same wall. Privacy protects data; it doesn't prove anything. Safety, it turned out, lives in verification.

Our founder, a serial entrepreneur, spent years consulting on the sale of high-end encryption, the kind of work he still can't say much about. Lumra is that obsession rebuilt as software anyone can check. And through Decern, our sister project, we're already building the next generation: verification designed to hold up in a post-quantum world.

Which brings us to the trust question, the one this section is supposed to answer. Our honest answer: don't. Every record Lumra signs can be verified independently. No PriviNet login, no PriviNet goodwill required. Scroll up and try to forge one. That's the whole pitch.

Pricing

Priced like insurance. Budgeted like insurance.

Pilot
$0
60 days · up to 25 devices
  • Webhook integration, same-day
  • Full signing, chaining & verification
  • Your first real signed incident record
Start free pilot
Production
$0.50*
per device per month · volume rates beyond 1,000
  • Unlimited events & verification
  • Audited recall workflow for raw media
  • Evidence-export pack (FRE 902-style certification)
Start your free pilot

*Illustrative rate, exact pricing quoted at pilot.

Sixty days. Twenty-five devices. Zero dollars.

Day one: real signed records from your own gates, cameras, and sensors. Day sixty: you'll wonder how you ever walked into a dispute without them.

Not sure what you'd even need to capture? Run the 3-minute audit first →