Turn a settled payout or sale into a verifiable PDF receipt — rendered from a branded template, hashed and written once to immutable store, then delivered — with an audit row on every step.
The whole flow, end to end
Settlement is the only trigger. A receipt is generated the moment an insurance or employee-claim payout is approved or a sale settles — line items, totals, tax and parties are assembled from the source-of-truth record, never re-keyed.
Tamper-evident by construction. The rendered PDF is SHA-256 hashed and written to a write-once bucket before anyone sees it — so the document on the trail is provably the document that was issued.
Delivery never fails silently. A render failure goes to a retry queue (3x) with ops alerted; a bounced email falls back to in-app plus download and is flagged — both paths recover or block loudly, never drop.
Mail = email sent Bell = in-app alert Amber diamond = automatic check Teal diamond = a person decides
Settlement is the only trigger; nothing is re-keyed — the receipt is built from the source-of-truth record. The PDF is hashed and written once before anyone sees it, so the document on the trail is provably the document issued. A render failure retries with ops alerted; a bounced email falls back to in-app plus download and is flagged. Every step is immutably audited.
What receipt generation guarantees
Every receipt is tamper-evident — a SHA-256 hash is taken before delivery and the file lands in a write-once bucket, so it can never be silently re-issued.
Delivery is fail-loud: a render error retries three times with ops alerted; a bounced email falls back to in-app plus download and is flagged for follow-up.
Generation is fully audited — assemble, render, hash, store and deliver each write one immutable row, so the receipt is downloadable and traceable end to end.