Why Every MarkMyAI Record Is Permanently Anchored on Polygon

The uncomfortable question every compliance service avoids

About two months into building MarkMyAI, a friend asked me a question I hadn't fully worked through yet:

"If you store all these compliance records in your database, what happens to them if you shut down in three years?"

It's a fair question. Most SaaS services close. Some pivot. Some just stop responding. Under EU AI Act Article 50, publishers are required to maintain transparency records for AI-generated images. The regulation doesn't say "as long as your compliance vendor is still in business." It says you need to be able to demonstrate compliance — potentially years after the fact, during a regulatory investigation.

The embedded C2PA metadata in the image itself would survive us. That's one layer. The remote manifest hosted at verify.markmyai.com — that would go down with us. The audit log in our Supabase database — also gone.

We decided that wasn't acceptable for a product built on the premise of long-term compliance evidence. So we added a fourth layer: every marked image gets its audit hash permanently written to the Polygon blockchain.

What "permanently anchored" actually means

A lot of products use the word "permanent" loosely. Let me be precise about what we mean.

When you call POST /v1/mark, we:

1. Sign the image with C2PA and embed the manifest
2. Create a hosted Remote Manifest at verify.markmyai.com/[markId]
3. Write a fingerprint + SHA-256 hash to our audit log
4. Compute an anchor hash — a SHA-256 of a deterministic JSON payload containing the mark ID, image hash, fingerprint, creator, AI model, and timestamp — and write those 32 bytes to the Polygon blockchain as the data field of a transaction

The resulting Polygon transaction looks like this on Polygonscan:

That transaction is now part of the Polygon blockchain's history. It cannot be altered, deleted, or taken offline. Not by us, not by anyone.

How you verify it — without us

This is the key test: can someone verify the anchor without MarkMyAI being involved? Yes. Here's the three-step process:

If all three checks pass, the compliance record is proven. No MarkMyAI login required. No API call. Just math and a public blockchain.

Why Polygon, and why not Bitcoin or Ethereum?

We evaluated several chains seriously. The criteria were: cost per transaction, EVM compatibility (for tool availability and future migration flexibility), enterprise recognition, and long-term network stability.

Bitcoin's OP_RETURN is the gold standard for proof-of-existence anchoring — it's the most immutable record that exists. But a Bitcoin transaction costs $0.50–5 per anchoring and takes up to 10 minutes to confirm. At scale, that's prohibitive, and the latency adds meaningless delay to a compliance API.

Ethereum mainnet has the brand recognition, but $5–50 per transaction is equally untenable at volume.

Polygon PoS gives us:

• ~$0.005 per transaction — negligible at any scale we expect
• 2-second finality — async anchoring doesn't meaningfully delay API responses
• EVM compatibility — the same code runs on Ethereum, Base, Arbitrum; migration is a one-day task if needed
• Polygonscan — a well-known, established block explorer that enterprise clients immediately recognize
• Proven at enterprise scale — used by Starbucks, Reddit, NIKE for provenance and loyalty programs

The total gas cost for anchoring 10,000 images per month is approximately $50. We absorb that cost as part of the Business plan. It's not worth a line item.

This is a standard feature, not a premium add-on

When we decided to build blockchain anchoring, the first question was: charge extra for it?

We decided against it. Here's the reasoning:

If blockchain anchoring is locked behind an "Enterprise" tier, we're implicitly saying: "For most customers, your compliance proof is centralized. Only if you pay extra does it become truly permanent."That directly contradicts the trust promise we make.

Instead, every paid plan includes Polygon anchoring as standard. The Free tier does not — partly as an upgrade incentive, partly because the free tier is genuinely for evaluation and testing, not production compliance work.

Enterprise customers additionally get Batch Merkle Anchoring: instead of one transaction per image, we aggregate up to 1,000 images per transaction using a Merkle tree. The Merkle root goes on-chain; each individual image can still be proven using its Merkle path. This reduces gas costs by ~100× at high volume, which matters when you're marking 100,000+ images per month.

The broader point about compliance infrastructure

EU AI Act Article 50 doesn't specify how publishers must store their compliance evidence. It requires that they can demonstrate it. For a regulatory investigation that might happen in 2029 over content published in 2026, "we stored it in a database that no longer exists" is not an acceptable answer.

The embedded C2PA metadata in the image itself is the first line of defense — it travels with the image. The blockchain anchor is the last line: even if the image metadata is stripped, even if our service doesn't exist, the proof that a specific image was marked at a specific time by a specific publisher remains permanently accessible on a public, decentralized ledger.

That's what we mean by compliance infrastructure that survives time.