Verifying Amply's Data
How Anyone Can Check the Math
Amply's transparency is only meaningful if you can verify it yourself. This guide explains how anyone—donors, researchers, journalists, or curious observers—can independently verify that Amply's data is accurate and untampered.
Why Verify?
You shouldn't have to trust us. That's the point.
Amply publishes all the data and tools needed for independent verification. If we ever manipulated data, altered transactions, or misrepresented finances, anyone could detect it.
Note on sensitive data: Some transactions have restricted visibility (HR, legal, security-related). But these transactions are still included in the cryptographic hash chain. They're counted in the math even when details aren't public. Authorized auditors can verify the complete ledger including sensitive items.
→ How we handle transparency and privacy
The Trust Model
Amply's verification isn't just cryptographic—it's anchored to the banking system's multi-party record keeping.
Why Multi-Party Records Matter
A single database can be manipulated by whoever controls it. The banking system solves this through distributed record keeping—every transaction creates independent records at multiple institutions that don't share a database.
When you donate €50 through Amply, records are created at:
| Institution | Their Record | Amply's Control |
|---|---|---|
| Your bank | "€50 charged to card" | None |
| Card network (Visa/Mastercard) | Transaction routed | None |
| Stripe | "Payment pi_abc123 = €50" | None |
| Organisation's bank | "€50 received from Stripe" | None |
| Amply's ledger | "€50 donation, pi_abc123" | Full |
Amply controls exactly one of these records. The others exist in systems Amply cannot access, modify, or fabricate.
The Verification Triangle
Your Bank Records Amply's Ledger
│ │
▼ ▼
"€50 charged to card" "€50 received, pi_abc123"
│ │
└────────┬────────────────────────┘
│
▼
Banking System
(Card Network → Stripe → Org Bank)
Independent records
Every donation in Amply's ledger includes a Stripe payment reference. This creates multiple independent verification points:
| Party | What They Can Verify |
|---|---|
| Donor | Bank statement matches ledger entry |
| Organisation | Stripe payouts match ledger records |
| Auditor | All Stripe IDs exist and match amounts |
What This Proves
| Claim | Verifiable? | How |
|---|---|---|
| "This donation happened" | ✓ Yes | Stripe payment ID verifiable |
| "Amount is correct" | ✓ Yes | Cross-check with bank/Stripe |
| "No post-recording tampering" | ✓ Yes | Hash chain integrity |
| "All donations recorded" | ✓ Partially | Donors can report missing entries |
| "No invented donations" | ✓ Yes | Fake Stripe IDs would fail verification |
Why Amply Cannot Fabricate Transactions
Amply controls the ledger, but the banking system controls the payment records. To fabricate a donation, Amply would need to:
- Create a fake charge on someone's bank statement (impossible)
- Create a fake Stripe payment intent (impossible—requires actual card charge)
- Create fake records at the card network (impossible)
- Or use an invalid Stripe ID (detectable by any auditor with Stripe access)
The banking system's integrity doesn't come from any single technology—it comes from multiple independent institutions keeping their own records. Visa, your bank, Stripe, and the recipient's bank don't share a database. They reconcile with each other, but none can unilaterally alter the others' records.
This means: Donors are the distributed verification network. Each donor can verify their own transaction against their bank records. If there's a discrepancy, they have independent proof that exists entirely outside Amply's control.
Verification Methods
Quick Check: Transaction Lookup
The simplest verification: look up a specific transaction.
- Go to Amply's public transaction explorer
- Enter a transaction ID, donation reference, or organization name
- View the full transaction details, including timestamps and hash references
This confirms a transaction exists and shows its place in the ledger chain.
Standard Check: Checkpoint Comparison
Verify that the current ledger matches published checkpoints.
- Note the latest published checkpoint hash (available on Amply's transparency page)
- Use Amply's verification tool or API to compute the current ledger hash
- Compare the two values
If they match, the ledger hasn't been tampered with since the checkpoint was published.
Full Audit: Independent Recomputation
For complete verification, recompute the entire hash chain yourself.
What you'll need:
- A ledger export (available for download)
- Amply's open-source verification tool (or your own implementation)
- Computing resources (scales with ledger size)
Process:
-
Download the ledger export
Download from: https://amply-impact.org/data/exports/
Format: JSON or CSV
Includes: All transactions, hashes, timestamps -
Run the verification tool
amply-verify --input ledger-export.json --checkpoint latest -
Review the output
- ✓ Chain integrity: All hashes link correctly
- ✓ Checkpoint match: Computed hash matches published checkpoint
- ✓ No gaps: Sequential entries with no missing IDs
-
Compare against published checkpoints
- Historical checkpoints are published and archived
- Match your computed hashes against each checkpoint date
Continuous Monitoring
For organizations or researchers who want ongoing verification:
- API webhooks: Get notified of new transactions in real-time
- Scheduled verification: Run daily/weekly checks automatically
- Alert on discrepancy: Immediate notification if any check fails
What to Look For
When verifying, these are the key integrity indicators:
| Check | What It Confirms |
|---|---|
| Hash chain continuity | No entries have been modified after creation |
| Checkpoint match | Current state matches independently published record |
| Entry completeness | No gaps or missing transaction IDs |
| Balance consistency | Sum of entries equals reported balances |
| Timestamp ordering | Entries are chronologically sequential |
| Fee transparency | Only third-party fees deducted (Amply takes no platform fees) |
If You Find a Discrepancy
We don't expect you to find one—but if you do:
- Document it: Record the specific entries, hashes, and expected vs. actual values
- Report it: Contact Amply's integrity team at integrity@amply-impact.org
- Publish it: You're free to publish your findings publicly
We take integrity seriously. Any verified discrepancy will be investigated, explained, and addressed publicly.
Open Source Tools
All verification tools are open source:
- amply-verify: Command-line verification tool
- amply-audit: Full audit suite with reporting
- API client libraries: Python, JavaScript, Go
Repository: github.com/amply/verification-tools
For Developers
Technical documentation for building your own verification:
- Ledger Architecture
- API Reference
- Hash algorithm specification: SHA-256
- Entry serialization format: Canonical JSON
Questions? See About Amply or contact us directly.