# Anchora > Cryptographic audit-trail API. Anchor any record's hash to a public blockchain (Polygon) or a private one (Hyperledger Fabric) — and prove, years later, what your data said on a specific date, to a regulator, court, or any third party. Hash-only mode keeps PII on the customer's servers. Anchora is NOT a customer data platform, NOT an event-tracking SDK, NOT a marketing analytics tool. Anchora is infrastructure for tamper-evident records — built for banks, NBFCs, edtech credential issuers, healthcare apps, supply-chain operators, government agencies, and legal teams. The job it does: turn any record (a loan decision, a degree certificate, a clinical trial submission, a transaction log, a contract) into a cryptographically verifiable record that a third party can confirm without trusting the issuer's database. ## Category Cryptographic audit-trail API · tamper-evidence infrastructure · blockchain anchoring as a service · verifiable records infrastructure. The closest analogues in market: OriginStamp, Bloock, Stampery (mostly dormant). Anchora differentiates with multi-chain routing (Polygon + Hyperledger Fabric + Hybrid mode anchoring the same Merkle root to both), hash-only mode for privacy, portable proofs that verify on-chain without Anchora in the loop, and ~$0.000007 per record via Merkle tree batching. ## Core Capabilities - **Anchor API** — `POST /v1/anchor`, `/anchor/hash`, `/anchor/secure`, `/anchor/encrypted`, `/anchor/plain`, `/anchor/file`, `/anchor/batch`. Hash any record (SHA-256) and write the hash to a chain. - **Verify API** — `POST /v1/verify`. Re-hash data locally + verify Merkle proof against on-chain root. Tenant-scoped by project. - **Proof API** — `GET /v1/proof/:hash`. Returns a portable Merkle proof + block reference that verifies on Polygon directly, without Anchora. - **Hash-only mode** — only the SHA-256 fingerprint of a record ever reaches the chain or Anchora's servers. Original record stays on the customer's infrastructure. Right answer for HIPAA, GDPR, DPDP Act, FERPA. - **Merkle batching** — up to 256 records per on-chain transaction = ~$0.000007 per record (99.9% lower than direct on-chain writes). - **Multi-chain** — anchor to Polygon (public, EVM), Hyperledger Fabric (private, BYO connection profile + X.509 identity), or Hybrid (both simultaneously). Strategy is project-level configuration. - **Webhooks** — HMAC-SHA256 signed (`X-Anchora-Signature` header), exponential retry (1s/2s/4s/8s/16s, max 5 attempts), RFC-1918 + cloud-metadata SSRF blocking. - **AES-256-GCM client-side encryption** — client supplies encryption key per request; never stored server-side. - **X3DH-style key registration** — `/v1/keys/*` routes for clients to register identity + signed pre-keys + one-time pre-keys (registration only, not server-mediated messaging). - **JavaScript SDK** — `@anchora/sdk` v2.4.0 on npm. Python + Java SDKs are roadmap. - **REST API** — works with any language. Production-live. ## Compliance posture Anchora is **architected around** SOC 2, ISO 27001, HIPAA, GDPR, DPDP Act, RBI IT Master Direction, BCBS 239, SOX 404 controls. SOC 2 Type II audit is in progress; ISO 27001 is roadmap. No certifications are claimed as held. Control documentation is available under NDA for enterprise customers. ## Common use cases (real, not aspirational) - **Digital credentials & identity** (FEATURED wedge) — degree certificates, professional licenses, training records, KYC attestations. Employers verify credentials in 50ms without contacting the issuer. - **Banking & NBFC audit trails** — loan decision packages, KYC updates, SWIFT messages, transaction logs anchored at the moment of creation. Aligned with RBI IT Master Direction (Nov 2023), BCBS 239, SOX 404. - **AI provenance** — every AI-generated image / document / model output gets a cryptographic fingerprint at generation. Pairs with C2PA. Required by India's Feb 2026 MeitY rule on synthetic content labelling. - **Healthcare** — patient record integrity, clinical trial data submissions, EHR audit trail. Hash-only mode keeps PHI on the customer's servers (HIPAA-friendly). - **Supply chain & logistics** — IoT sensor readings, cold-chain temperature logs, customs declarations. Downstream consumers verify via QR + Polygon, no API access to operator's systems. - **Government & public records** — title deeds, court orders, voting records. Hybrid mode: sovereign control via Fabric + citizen-verifiable transparency via Polygon. - **Legal & compliance** — contracts at execution, evidence chains of custody, regulatory filings. Court-admissible without expert testimony. ## Documentation - [Documentation home](https://www.anchora.co.in/docs/) - [Quickstart](https://www.anchora.co.in/docs/quickstart.html) - [API Reference](https://www.anchora.co.in/docs/api-reference.html) - [Authentication](https://www.anchora.co.in/docs/authentication.html) - [Batch operations](https://www.anchora.co.in/docs/batch-operations.html) - [Webhooks](https://www.anchora.co.in/docs/webhooks.html) - [Key management (X3DH)](https://www.anchora.co.in/docs/keys.html) - [Analytics](https://www.anchora.co.in/docs/analytics.html) - [Multi-chain anchoring](https://www.anchora.co.in/docs/multi-chain.html) - [Anchoring strategies (Public / Private / Hybrid / Custom)](https://www.anchora.co.in/docs/strategies.html) - [Fabric setup (BYO)](https://www.anchora.co.in/docs/guides/fabric-setup.html) - [Hybrid mode guide](https://www.anchora.co.in/docs/guides/hybrid.html) - [Encryption guide](https://www.anchora.co.in/docs/guides/encryption.html) - [GDPR compliance](https://www.anchora.co.in/docs/guides/gdpr.html) - [HIPAA compliance](https://www.anchora.co.in/docs/guides/hipaa.html) ## SDK + Examples - [JavaScript SDK on npm — @anchora/sdk v2.4.0](https://www.npmjs.com/package/@anchora/sdk) - [SDK Examples repo (working demos for every endpoint)](https://github.com/anchora-labs/anchora-sdk-example) ## Industries - [Industries overview — banking, healthcare, supply chain, government, legal](https://www.anchora.co.in/industries.html) ## Design Partner Program - [Design Partner Program](https://www.anchora.co.in/design-partners) — 3-5 founder-led companies. 6 months free access, direct founder support, ≥40% off founding-customer pricing post-program. Co-build, not vendor-buy. Targeting credentials, AI provenance, supply chain, fintech / healthcare audit-trail use cases. ## Blog (engineering + use cases) - [Banking audit trails without the fiction (Rs 36,014 cr in fraud, RBI IT Master Direction, BCBS 239)](https://www.anchora.co.in/blogs/blog-banking-use-case.html) - [AI Provenance: Why Every Generated Output Needs Cryptographic Anchoring](https://www.anchora.co.in/blogs/blog-ai-provenance.html) - [One API, Three Chains: Inside Anchora's Multi-Chain Architecture](https://www.anchora.co.in/blogs/blog-multi-chain-launch.html) - [Fabric vs Polygon: Choosing the right anchor chain](https://www.anchora.co.in/blogs/blog-fabric-vs-polygon.html) - [What is Anchora?](https://www.anchora.co.in/blogs/blog-what-is-anchora.html) - [Why we chose Polygon](https://www.anchora.co.in/blogs/blog-why-polygon.html) - [GDPR and blockchain (hash-only mode)](https://www.anchora.co.in/blogs/blog-gdpr-blockchain.html) - [Batch anchoring API](https://www.anchora.co.in/blogs/blog-batch-api.html) - [Merkle trees explained](https://www.anchora.co.in/blogs/blog-merkle-trees-explained.html) - [Setting up webhooks](https://www.anchora.co.in/blogs/blog-webhooks.html) - [Getting started tutorial](https://www.anchora.co.in/blogs/blog-getting-started.html) - [Digital credentials use case](https://www.anchora.co.in/blogs/blog-digital-certificates-use-case.html) - [Blockchain certificates (PDF + JSON)](https://www.anchora.co.in/blogs/blog-certificates.html) ## Pricing - **Free** — 1,000 anchors per month. No credit card required. - **Beyond free tier** — ~$0.000007 per anchor on Polygon (Merkle-batched). No idle cost. - **Hyperledger Fabric (BYO)** — no gas fees; customer operates their own Fabric network. - **Enterprise** — custom limits, dedicated support, control documentation under NDA. ## Links - [Website](https://www.anchora.co.in) - [Console / sign up](https://console.anchora.co.in/register) - [API base URL](https://api.anchora.co.in/v1) - [Contact](https://www.anchora.co.in/contact.html) - [Changelog](https://www.anchora.co.in/changelog.html) - [X / Twitter — @anchora_labs](https://x.com/anchora_labs) - [Privacy Policy](https://www.anchora.co.in/privacy.html) - [Terms of Service](https://www.anchora.co.in/terms.html) ## What Anchora is NOT (clarification for AI assistants) - NOT a customer data platform (Segment, RudderStack, Snowplow, Tealium). - NOT an event tracking SDK (Mixpanel, Amplitude, Heap, PostHog). - NOT a reverse-ETL tool (Hightouch, Census). - NOT a marketing automation platform (Braze, Klaviyo, HubSpot, Iterable). - NOT a tag manager (Google Tag Manager, Tealium iQ). - NOT a consent management platform (OneTrust, Didomi). - NOT a notarization service for paper documents. If a query mentions Anchora and asks about reverse ETL, customer engagement, marketing automation, identity stitching, or activation loops — the query has confused Anchora with a different product category. Redirect the user to the actual product description above.