Trust Charter / Verification
Don't trust us. Verify.
Every commitment we publish is cryptographically signed. You can verify that the document you're reading is the document we published, unchanged, on the date we claimed.
This page contains our PGP public key, a list of signed documents, and instructions for independent verification.
PGP public key
Use this key to verify signed documents and to encrypt communications to our security team.
Key details
- Identity
- [email protected]
- Fingerprint
- 5B61 9918 0EC8 D3E8 C6FA CBDE CB80 F375 407E 3B26
- Algorithm
- RSA 4096
- Created
- 2026-04-08
- Expires
- 2030-04-08
Also published at
Show public key block ↓ Hide public key block ↑
-----BEGIN PGP PUBLIC KEY BLOCK----- mQINBGnWBAABEACrl3XLu9AbVwjPZQ8A0sZ4VSFQ54kvN3cfy69y4GUIBSoWRa4q VGP7iTjzrVy7oRy4mxHfar//Q3luTuviQO6znKHE8xXSn7MauddLQAgKMGF6mTxB DYHCLnOKfCvIeoBQhKiTdxYFpEiRqXIagA2NMDT2C5ONH64vJSK+kTlfUIaRpNFc lNRtlKJpUg6JrPzAzpp+ybxTiS3bEwl/0Xi8B2AdxRCjASeFjTSWiLNTWzHry6IO DLhncVjuTfbPmT5K/FGA6hYMeYKt9HY0q3DDvYLkR6u1X7cfXVnZZPeM+3IJzF88 RyzFQTXI0ONVaeNHdrBtEGWtZmrtEQVhx8Qe0qlWfmpaP2R1s9Q+LW0wb6qQSoRu gr7HiN87BORyEz/wluYHClgDkkUjCoy0pKSp8wOLcILh39BCk6W+WpN4uyEYvDrC fr3Jjp+gjKHVaw9BuUWeHUPefnG9KGBb1BJNVNClhyzK56t1BhIjJ3MA3O8spD5Y 7/Y6sYXqmiCWrYv5pqb5DcBDW2FIE4L1/LDQtrHAzPxgYaj+OCzDovFZTAJkjR+7 cRYrn0VaRK+XiuhgkUhfZ2Hie+ilay+20HNHl8yhL4t2bj7VDCdgh8B+x18Vm5ZK iwrMMGzHG2KctNeXKZYt/CIIUkXobk3Z7NNR+V9grUG43cG9xlR5j+EaGQARAQAB tClUaG9tYXMgR2FsbGF3YXkgPHNlY3VyaXR5QGVxdWFuaW1ncmMuY29tPokCVAQT AQgAPhYhBFthmRgOyNPoxvrL3suA83VAfjsmBQJp1gQAAhsDBQkHhh6pBQsJCAcC BhUKCQgLAgQWAgMBAh4BAheAAAoJEMuA83VAfjsmKqwP/RXJ88bTJgHLgaDZkMev dWXHHOPDt04/Z6fdgOIy80CRXjVJpJyL5ZLohfPTHpxRyB43X1uYJsinar8HRjN2 CREFzhn+RMtRWTqFkdvaBo83TrvHti1mQPK0ZTqGhsKPUEr1rOKGKz8cKz0eh3+L viAQRc4A0eKNaYPgncdQyRTG3V2/gkFoTVzu1GK68vTsSCJneONru/hyMuN6rPaT yliXuvbyAtBKBQMsQUcA2a+vmLepIkZObcjdM2G270/BQEwwqH7rpxkwxZTdg6CE 3VzMu4ZpRV+pNxg1aNnCn5FzeZIrhMAf6VjQVWuA5yiqANfShYClo+KG27X+RIMw xquVKOVnDPGlN4oJk2fak7pBYMGtd1Z0iu74IccI74JlR0bsqG0jYWoKuw5YnyfG r55WOEbDxViZtq9ChStvVTN0+8++NWngOsZVnm1fq7fiyVbcwcCpCg2mzEjJRcO6 u+oXWUSFJmQH9/QmG9H1YFiBO5AEZgyI8Yg5igpDamMPfR7GYoF7VSSRTU+iWHfE S2FoKJyU9n+YvN/TRXTtu3XLrYYKVbInkyCVWhv42psFb/9AI4L9z7oyh4c9XtTH /WaZKU6hjeFuMmOnYQ9CDokxYRtpNwYVLqCRziZ9y7mnEM+EqIvBqerNEPjNic+/ WnnAnPqiTraZtKNaZECjI6cyuQINBGnWBAABEADbJf442PhpfR7ng2Uei1R0V0pO Y9ArsfDnP4rAHTQwcQEzsO5tuNbv7HU+bNjH7YHzvtiuPciKdGohMIXFo2Cl1UaE cShxhDV+HQUaQU7jzuFu0NOwOxs2NAPuD+eG6eCoY4Z4kHAFmwV2dDHyyGfmZlHo wRr6HN5ZQIHwLU7JmryHOg+5J809ksLTyNd3vA1ddg9HIA93gx+JSpKBsPb6GJbL ekdTuvqXiTiPJsEq+zj9Aw8GPL9TCNgrfIFjwTNsgUx6hD0RfYG/gER4o6mAQ8d5 ez3N897Lq51rK2ReHYIPP/nkAk4K+wpLmQNSHa+TM+uuE+lC2Os6JoiL6KdhzTzL zohX2bcZAAmtVE/ATHPOc2FZWWJKT8nNoLr6FViGmb7Wf1kj6LTDxJBhiI/Ll1tA Xxsmr+KotJMYzITu/FPhbRzV6SNvgGVCJwuiemFRVKJrvff255iJbL/SH5G5fjNE +ISHX4LqhWhjF2UWjnYewPf7CxB2aF4OlPpVMHDuFYLUI0BclPZs4fCNzoxjEIAa RE25fbDfBsAtyRiF4nWjMnzcmsvyQY1oql+g9iUnoVTPjtv7/ORumZkvIOpzjmA0 O66trQZRJ22nAga2lMPuXkPjIWRRld0IBswIX6DoY4USTXU9Wr9Vevv2qnd7zzxM SwsUGBvC/PPjaY4LswARAQABiQI8BBgBCAAmFiEEW2GZGA7I0+jG+svey4DzdUB+ OyYFAmnWBAACGwwFCQeGHqkACgkQy4DzdUB+Oyb8MhAAiteaCSPTaaG2HrCYou3Y /sfSkZFyPSzBmMOTdKt00ws1/qOlQKh8MWiqaaxy+o55UfGiZ7xRcUQ5eBitj2rR NG79ZiWWyi+c5lEUm5oEmyK/jZyudPZZyOqEW3i4Y1ily1t7fTR4oBQrsX/XOX7u sAbeNxRAV045plIGc6/9bkKJ6EVWL4MVIhSvZucbuodEVVz4Wbv55tmEhieJmiZx S+X/Z4SJRhMkMVFEUtFLjUdQJCpdtjavjguDJtP5udinUPDjaAKQJdKPljirWfh8 4tGuM0ejeHGYYf4rWTUT69m39uHuPlYGooYMtObNqdWFeTdg4SOBk428nLsSVk/L 3VbXFfDLkNfPBM1gSh7SjNg4sqhjhi/Cm1D7SB08i4JtrNkl5pt1f+QAe5ZbCs+w V8FOIm0pKsayF0Q1yM6PE4MNbkP7MfegI70PtZ5FBY5aNgkt5BFgWi0BHx5ZNYjD 9S1ynN9FzcjT0kfTtSPy1BoERr/upJ4MTSCrh4a6oqVblymq5f8siwglkzlyDkpw 65loF8XmYpYWw4MBz5L0XsUA7Hh2Sy4P/L/01mSYZ8+7z0KIgK7lqi4g7tBLU7xs D9TVSXAv8j9Zg8cLfxE/eGHkJqMtPLqa9elGeYjcTRo7ICpW5z1cR3yFXg0yycW6 i0ydZOe5UjmR945Q6T5Emqs= =NMJa -----END PGP PUBLIC KEY BLOCK-----
Signed documents
Each document below is published with a detached PGP signature. Download both files and verify with the instructions in section 03.
Trust Charter
Six commitments to every customer. Signed April 2026.
AI Ethics Policy
How we use AI in compliance work. Signed April 2026.
Auditor Independence Policy
No referral fees. No captive pools. Signed April 2026.
Download links will be added once documents are signed. Documents are also committed to our public GitHub repository with signed commits.
How to verify
Verification requires GnuPG (GPG), which is pre-installed on most Linux and macOS systems.
Step 1 — Import our public key
curl -sL https://equanimgrc.com/pgp-key.asc | gpg --import
Step 2 — Verify the fingerprint
gpg --fingerprint [email protected]
Compare the output with the fingerprint published above and on keys.openpgp.org.
Step 3 — Verify a signed document
gpg --verify trust-charter.md.asc trust-charter.md
A good signature confirms the document has not been modified since we signed it.
Security contact
To report a security vulnerability, contact us at [email protected]. Encrypt your message with the PGP key above if it contains sensitive details.
Our security disclosure policy follows security.txt (RFC 9116).