Every document is a
verifiable instrument.
A document issued by glomotec is not a file. It is a controlled instrument: assigned a permanent reference, sealed, delivered through protected channels, and confirmable by anyone who receives it, without contacting us.
This page sets out the security model end to end, from the moment a document is issued to the moment a third party verifies it is genuine.
One controlled path,
issuance to verification.
Each document moves through the same sequence. No step is optional, and no step can be skipped. The reference assigned at issuance follows the instrument for its entire life.
A reference that
cannot repeat.
Every document carries a control number in a fixed format. The sequence is held by the platform, not by a person, and it never reissues a number that has already been used. A gap in the sequence is evidence the system is working, not evidence of an error.
The same reference is printed on the document, stored in the registry, and resolved at verification. One instrument, one identity, for its entire life.
glomotec, Inc.
Verify at glomotec.com/verify
Anyone can confirm a
document is genuine.
A third party who receives a glomotec document, a bank, an employer, a registrar, can confirm it without contacting us. They enter the reference, or scan the code on the document, at glomotec.com/verify. The registry returns the document's status in real time.
Authentic
This document was issued by glomotec.
Protected in transit.
Protected at rest.
The documents are the visible layer. Underneath, the data that produces them is held under strict access control. Sensitive source files are never exposed openly, and access to them is scoped, time limited, and recorded.
Signed, time-limited access
Sensitive source files, such as identity documents and proofs, are reachable only through signed links that expire. There is no open URL to a private file.
Role-gated by default
Access to sensitive material is restricted to authorised roles. The default is no access, granted only where the role and the case require it.
Row-level isolation
Every record sits behind row-level security at the database. A request can only ever reach the rows it is entitled to, enforced below the application.
Recorded and retained
Issuance, supersession, revocation, and access are written to an audit trail and retained under the schedule set out in the privacy policy.
Superseded or revoked,
never quietly altered.
An issued document is fixed. If something must change, the original is not edited. A new document is issued and the original is marked superseded, or the document is revoked with a recorded reason. The status is visible at verification, so a relying party always sees the current truth.
The current, valid instrument. Verifies as authentic.
Replaced by a controlled reissue. Verification points to the successor.
Withdrawn with a recorded reason. Verification reports it is no longer valid.
Proof,
not paperwork.
Trust at the institutional layer is not asserted. It is demonstrated, document by document, and confirmable by the party who relies on it. That is the standard the platform is built to.