Hannu is in private pilot with design partners. Read our approach to trust →

Proof you can recompute.

Every submission is screened by AI, confirmed by people where it matters, and sealed into a signed Verified report — the checklist, the sources matched, the signature. Not a screenshot. Not a promise.

AI screens · People confirm · HMAC-signed reports · AI never in the money path

IMG_0231 · 14:02 WATgeofence30m insidefreshnesscaptured nowduplicatefirst usecontentmatches briefhuman reviewwhere unsuresigned reporthmac:a17f…c4every check named · AI screens · people confirm

Every check, named.

No black box: these are the checks every submission faces. Rejections state which one failed — to you and to the Operator.

From where the task is — when it says it was.

GPS is geofenced against the task location, capture time is server-bounded, and the metadata must agree. A photo from last week, or from across town, fails before a human ever sees it.

See the Task API
the task location · geofence radiusserver timenot device timeinside 30m14:02:31 WAT

What the brief asked is what the proof must show.

Every submission is scored against its own task requirements, and media is checked for reuse platform-wide — the same photo cannot prove two tasks, for anyone, ever.

The full trust posture
THE BRIEFstorefront + signagematches brief ✓same media, second task — blockedchecked platform-wide, not per client

Measured by known answers. Decided by people.

Hidden gold tasks with known answers run indistinguishably inside real work, so quality is measured continuously. Wherever the AI is unsure, a person decides — the AI never releases money on its own.

How Operators earn trust
task · livetask · livetask · gold (answer known)task · liveindistinguishable in the queuehumanrevieweruncertain → methe AI never releases money alone

A record you can verify without trusting us.

The checks that ran, the sources matched, the confidence and an HMAC signature — sealed into a Verified report your systems, your auditor or your agent can recompute independently.

Verify one in your pipeline
VERIFIED REPORT · task_8f21checksgps · exif · registry · humanconfidence0.97sources2 matchedcaptured2026-07-16 14:02 WATsignaturehmac-sha256:a17f…c4recompute it in your own pipeline

From capture to signed record.

01

Proof is captured in-app

Photos, data and location captured through the app with server-bounded time — not uploaded from a gallery.

02

AI screens every submission

Geofence, freshness, duplicates and content match produce a score against the task’s own requirements.

03

People confirm where it matters

Uncertain or high-stakes submissions route to human review. The AI never releases money on its own.

04

Sealed and settled

A signed Verified report is issued and escrow releases to the Operator — or refunds you in full.

Asked before the first task.

Can an Operator fake the GPS or reuse an old photo?

That is exactly what the pipeline is built against: geofencing against the task location, server-bounded capture time, EXIF consistency and platform-wide duplicate detection — plus hidden gold tasks that measure each Operator against known answers.

What happens when the AI is unsure?

The submission routes to human review — a person decides, and their verdict also trains the quality bar. Auto-approval only happens above a governed confidence threshold, and rejections always come with a stated reason and a dispute path.

What exactly is in a Verified report?

The proof checklist that ran, the sources matched, the confidence, timestamps, and an HMAC signature — enough for your systems (or your auditor) to recompute the verdict without trusting us.

What if I disagree with an outcome?

Reject with a structured reason and the task enters a dispute — escrow freezes, a human adjudicates, and the money follows the ruling. No unilateral clawbacks in either direction.

Order an outcome. Keep the proof.

Fund a task from the console or the API — the report that comes back is yours to verify, forever.