Verified source: GABEY Consulting Pty Ltd · gabey.com.au
DotShield™ ConveyanceShield · NOMATEQ · GABEY Consulting

You clicked send.
You have no idea
what happened next.

Registration: gabey.com.au/gabeyinfo/hvrc-register/
Already registered? Retrieve your document: gabey.com.au/gabeyinfo/retrieve/
A story from HR
Franceco Kbncini
Head of HR · Motindak Group
Every week for twelve years, Franceco sent sensitive employment contracts, executive offer letters, and remuneration packages through the firm's onboarding platform. The platform showed a green tick. "Delivered." He trusted it. Everyone does.
"Can I prove, not assume, not trust, not hope, that this document reached exactly the person it was meant for, and no one else?"
Zone 1
Register
Identity + context
Zone 2
Retrieve
Ceremony + memory
Zone 3
Verify
Integrity proof
Delivered
Verified custody
Proof. Not assumption.
Act One
The ordinary world.

Tuesday morning. 8.47am. Motindak Group, Sydney. Franceco Kbncini opens his laptop, logs into Joberbarge, and does what he has done every week for twelve years. He sends a document.

Tuesday, 8.47am
The document is an executive offer letter. The recipient is a senior candidate who has not yet told his current employer he is considering a move. The package details are confidential. The remuneration figure alone, if seen by the wrong person, could trigger a workplace dispute, a counter-offer war, or worse, a quiet conversation that ends a career before it starts.

Franceco attaches the PDF. Selects the recipient. Clicks Send via Joberbarge.

The platform processes the request. A progress bar fills. And then it appears.
The green tick
Delivered.

Franceco moves on. He has fourteen other tasks before lunch. The green tick means it worked. It always means it worked.

He has never asked what delivered actually means inside Joberbarge. He has never asked where the document went after it left his screen. He has never read the subprocessor list in the data processing agreement. He signed it in 2021 during an IT procurement exercise. He has not opened it since.

He trusts the platform. Everyone trusts the platform.
Joberbarge — Secure Document Delivery — Motindak Group
Send document for signature and delivery
Enterprise onboarding platform · ISO 27001 certified · Enterprise-grade security
📄
Exec_Offer_Letter_DavidLabmaya_Confidential.pdf
847 KB · PDF
📄
Remuneration_Package_CONFIDENTIAL_Q2_2025.pdf
1.2 MB · PDF
Recipient: David Labmaya <d.labmaya@candidateemail.com.au>
✔️
Delivered successfully
Tuesday 8:47am · Recipient notified · Joberbarge secure delivery confirmed
What Franceco does not know
The green tick is not a proof of delivery. It is a confirmation that Joberbarge accepted the document. What happens next is a different story entirely.
Joberbarge's Australian entity is a sales office. The platform itself is hosted by a parent company registered in Delaware. The document processing pipeline, the part that parses, indexes, and routes the PDF, runs through a shared services centre in a regional operations hub. The access control model for that centre was configured during a 2019 implementation project. It has never been audited since.
What the green tick does not tell you
23
Support staff with read access to document storage
Not because anyone decided they should. Because no one decided they should not. Access was provisioned broadly in 2019 and never scoped down.
Never audited
17
Subprocessors listed in the data processing agreement
Two of them are in jurisdictions Franceco did not know the data was touching. The DPA arrived eleven days after he requested it.
Undisclosed jurisdictions
3
Years since the Manila API token was last rotated
The payroll integration with the Manila shared services centre has API access to Joberbarge. The token has never been rotated. It gives read access to stored documents.
Unrotated credentials
0
Times Franceco has asked where the document actually goes
Not because he is careless. Because the green tick told him the story was over. It was not. It was just the beginning of a pipeline he has never seen.
Trust without scrutiny
Act Two
The investigation.

Six months after David Labmaya's offer letter disappeared into Joberbarge's pipeline, something else happens. Something that forces Franceco to open the audit log he has never opened, read the DPA he signed three years ago, and ask a question he cannot answer.

Week 1
Four senior people resign from the Singapore office in eight weeks
It starts as a coincidence. Then a pattern. Four members of the Singapore leadership team, people who had no obvious reason to leave together, hand in their notices within weeks of each other. All to the same competitor. Management calls it a talent raid. HR is asked to investigate.

Week 3
A remuneration review document surfaces at the competitor
During exit interviews, one of the departing staff mentions the competitor seemed to know exactly what everyone was earning. Salary bands. Bonus structures. Equity arrangements. Information that existed in one document. The Singapore leadership remuneration review. Sent via Joberbarge eight months ago.

Week 6
Franceco opens the Joberbarge audit log for the first time
He pulls up the delivery record for the Singapore remuneration document. Joberbarge shows: delivered. Green tick. Tuesday 9.14am. Recipient opened. That is all. No record of where the document was processed, who had access to it in the pipeline, which subprocessor handled the routing, or whether the file was retained in any intermediate storage.

Week 8
The board asks Franceco to explain what happened
He is handed a one-page brief. Two questions. How did the remuneration data reach the competitor? And can you prove the document reached only the intended recipients? Franceco looks at the Joberbarge dashboard. He sees green ticks. He has no answers to either question. He has never had them.

Security incident · Motindak Group · Singapore office
The remuneration review document contained salary bands for the entire Singapore leadership team. It was sent via Joberbarge. It reached the competitor. Franceco cannot explain how.
He can show the green tick. He can show the delivery timestamp. He cannot show where the document went after Joberbarge accepted it. He cannot show who had access to it in the processing pipeline. He cannot prove it reached only who it was meant for. The platform gave him a record of its own activity. Not a proof of custody.
Joberbarge audit log — what Franceco can see
joberbarge > audit_log > document_delivery > SG_malib_Review_2024.pdf
Click "Run query" to pull the delivery record...
Data processing agreement — subprocessors (received 11 days after request)
Joberbarge_DPA_v4.2_Subprocessor_Schedule.pdf · Motindak Group · Executed 14 March 2021
Requested Aug 2024 · Received 11 days later
Franceco had never seen this document before the incident. He signed the DPA during a procurement exercise in 2021. Click or hover any subprocessor to see why it matters.
Franceco's realisation — Week 8
"I have been sending the most sensitive documents we produce through a pipeline with subprocessors I have never heard of, in jurisdictions I did not know we were touching, for three years. And I called it secure delivery."
He invited his colleague to look at his computer screen. They both stared at the subprocessor list. Neither of them said anything for a moment. Then his colleague murmured: "Are you serious?"

Franceco closed the laptop. He had one question now. Not for Joberbarge. Not for IT. For himself.

Is there a way to deliver a document where I do not have to trust anyone in the pipeline? Where the proof is not the platform's word, but the delivery mechanism itself?

He had one question now.

Not for Joberbarge.

For himself

Not for IT.

Act Three
The discovery.

Franceco is not looking for a better platform. He is not looking for stronger encryption or a more detailed audit log. He is looking for something none of those things have ever given him. A mechanism. One where the proof is not the platform's word.

The moment everything changed
A colleague sends Franceco a link. Not a download link. Just a URL to read. He opens it at his desk on a Wednesday afternoon, still thinking about the board's two unanswered questions.

He reads about something called the Human-Verifiable Retrieval Ceremony.

The idea stops him.
Multi-Path Asymmetric Delivery · BlackGlass Theory · doi:10.5281/zenodo.20388612
FK
Franceco Kbncini
Head of HR · Motindak Group
"For twelve years I thought my job was to send the document. I never asked what happened to it after I clicked send. I assumed the platform handled it. I assumed the PII clause covered it. I assumed the green tick meant something. None of those assumptions were proof."
CL
The colleague
IT Security · Motindak Group
"When I saw the HVRC concept, the first thing I said was are you serious. Not because it sounded complex. Because it sounded like the first honest answer to a question we had been asking for years. The ceremony is the proof. Not a promise. The mechanism itself."
The cost of trusting the tick — what changes when you stop
0
Days to receive the subprocessor list after the incident
0
Support staff with undisclosed document access
0
Senior staff lost to a competitor in eight weeks
0
Times Franceco could prove custody before ConveyanceShield
Before and after — what actually changes
Before — Joberbarge
Click send. Trust the tick.
Document enters a pipeline across multiple jurisdictions
Subprocessors with undisclosed access handle the file
No record of who touched it between upload and inbox
Green tick is the platform confirming its own activity
Cannot prove custody if questioned
After — ConveyanceShield HVRC
The ceremony is the delivery.
Document held until the verified recipient completes the ceremony
Three isolated trust zones — none sufficient alone
Human memory is a required factor — cannot be intercepted
SHA-256 proof that the received file is byte-for-byte authentic
Custody log is evidence-grade by design
Before — after the Singapore incident
Green ticks. No answers.
Can show the document was accepted by the platform
Cannot show where it went inside the pipeline
Cannot show who had access at each subprocessor
DPA took eleven days to arrive and listed unknown entities
No way to answer the board's two questions
After — with ConveyanceShield
The ceremony log is the answer.
Ceremony completion logged with identity, timestamp, and session data
Only the verified recipient could complete all three factors
No single zone holds enough information to complete delivery alone
SHA-256 confirms the file was not altered in transit
Franceco can answer both board questions with evidence
The board's question — before
"Can you prove the document reached only who it was meant for?"
I can show the platform says it was delivered
I cannot show what happened inside the pipeline
I cannot account for subprocessor access
I trusted the vendor. That is all I have.
The board's question — after
"Yes. Here is the ceremony log."
The recipient completed a three-factor ceremony
Knowledge factor existed only in their memory — never stored
No single zone held enough information to complete delivery alone
SHA-256 confirms the file is authentic and unaltered
This is not a vendor's assurance. It is a mathematical property.
DotShield™ ConveyanceShield — the ceremony is live now
Ceremony open
Zone 1 · Register
Submit your identity
Name, organisation, email. The ceremony is prepared. The document stays where it is. Nothing moves yet.
Zone 2 · Retrieve
Complete the ritual
Email code plus your PIN from memory plus your registration phrase. All three factors. Navigate manually — never follow a link.
Zone 3 · Verify
Prove what you received
Generate the SHA-256 fingerprint of your downloaded file. Compare it to the official record. A match is mathematical proof.
gabey.com.au/gabeyinfo/hvrc-register/ · Verified source: GABEY Consulting Pty Ltd
Begin the ceremony →
DotShield™ ConveyanceShield · NOMATEQ · GABEY Consulting Pty Ltd
For the first time in twelve years,
Franceco can answer the question.
Yes. I can prove it. Not because a platform told me. Because only the person who remembered the PIN, held the email code, and navigated manually to the retrieval page could have completed the ceremony. The document did not travel through the network. The right to access it did. In pieces. Across three isolated zones. None sufficient alone.
Begin the ceremony → Already registered? Retrieve →
Register: gabey.com.au/gabeyinfo/hvrc-register/  ·  Retrieve: gabey.com.au/gabeyinfo/retrieve/  ·  Verify: gabey.com.au/gabeyinfo/verify-document/

Twelve months later...

Epilogue
Twelve months later.

Franceco still works in HR. He still sends sensitive documents every week. Offer letters, remuneration reviews, executive packages, termination agreements. The documents are the same. What is different is everything that happens after he clicks send.

Franceco, twelve months on
He does not use Joberbarge for sensitive documents anymore. Not because the platform changed. Because his understanding of what secure delivery actually means changed.

Every executive offer letter, every remuneration outcome, every sensitive HR document that could end a career or trigger a dispute if it reached the wrong hands now travels through the HVRC ceremony. The recipient registers. They receive partial evidence. They remember their PIN. They navigate to the retrieval page manually, type the address themselves, enter every factor. The document is released only when all three converge.

He has a ceremony log for every document he has sent in the past twelve months. Not a green tick. A verified, timestamped, three-factor custody record that he could produce in a board meeting, a regulatory inquiry, or a courtroom.
"The green tick told me the platform was happy. The ceremony log tells me the right person received it. Those are not the same thing."
What he tells other HR professionals now
When colleagues ask Franceco about document security, he does not talk about encryption standards or ISO certifications. He asks one question.

"If your board asked you right now to prove that your last sensitive document reached only the person it was meant for, what would you show them?"

Most people pause. Then they mention their platform. Then they describe the platform's own audit log. Then they go quiet.

Franceco nods. He has been there.

"That audit log tells you what the platform did. It does not tell you what happened to your document. Those are very different records."

Then he shows them the ceremony. Not a presentation. The actual page. He walks them through the three zones. He explains the PIN that lives only in memory. He shows them the SHA-256 verification.

Most of them say the same thing his colleague said the first time.

"Are you serious?"
What changes when you stop trusting the tick
📄
Every sensitive document goes through the ceremony
Offer letters, remuneration outcomes, termination agreements, executive packages. No exceptions for documents that could cause damage if they reach the wrong hands.
📋
Every delivery produces a custody log
Not a platform's self-report. A ceremony completion record. Three factors verified. Timestamped. Producible on request.
🔎
Every recipient proves what they received
SHA-256 fingerprint verification confirms the file is authentic and unaltered. The proof belongs to the recipient, generated on their own machine.
🟢
The board question has an answer
If an incident occurs and custody is questioned, Franceco produces the ceremony log. Not the platform's word. The mechanism's record.
DS
DotShield™ product family · NOMATEQ · GABEY Consulting Pty Ltd
ConveyanceShield is one layer
of a complete custody chain.
ConveyanceShield answers: did the right person receive the document? SecureSign answers: did the right person sign it, witnessed, in real time? BlackGlass FII governs the workflow layer. Together they form an unbroken custody chain from dispatch to execution. Evidence-grade at every step.
Delivery custody
DotShield™ ConveyanceShield
Human-Verifiable Retrieval Ceremony. Verified, logged delivery to the exact intended recipient. Three trust zones. Human memory as a required factor.
You are here
Signature custody
NOMATEQ SecureSign™
Live witnessed signing ceremony. The verified person signs the exact indicated location, watched in real time by witnesses whose identities are logged.
SecureView™ projection · Zero-cloud
Workflow custody
DotShield™ BlackGlass FII
Fraud-intent inspection at the workflow layer. The theoretical foundation of the full custody family. Multi-Path Asymmetric Delivery.
doi:10.5281/zenodo.20388612
DotShield™ ConveyanceShield · NOMATEQ · GABEY Consulting Pty Ltd
Ceremony is open right now
Stop trusting the tick.
Experience the ceremony.
The ConveyanceShield Product Guide is available right now, delivered only through the HVRC ceremony. Register, complete the ritual, receive and verify what you were meant to receive. No shortcuts. No email attachment. Exactly as it works in production.
Begin the ceremony → Already registered? Retrieve →
Register: gabey.com.au/gabeyinfo/hvrc-register/  ·  Retrieve: gabey.com.au/gabeyinfo/retrieve/  ·  Verify: gabey.com.au/gabeyinfo/verify-document/  ·  Workflow: gabey.com.au/gabeyinfo/hvrc-workflow/
Fictional scenario · Educational purposes
All names, organisations, platforms, and scenarios in this story are entirely fictional.
This narrative was created to illustrate real features, real risks, and real architectural properties of the DotShield™ ConveyanceShield product and the Human-Verifiable Retrieval Ceremony (HVRC). The scenario, characters, incidents, and organisations depicted are fictional and are used solely for educational and illustrative purposes. Any resemblance to actual persons, organisations, or events is coincidental and unintended.

The risks described in this story, including undisclosed subprocessors, unaudited access controls, unrotated API tokens, and data sovereignty gaps, reflect real and documented patterns in enterprise software procurement and are presented here to encourage informed scrutiny of document delivery practices, not to describe or imply any specific real-world platform or vendor.
Franceco Kbncini (Fictional)Motindak Group (Fictional)David Labmaya (Fictional)Joberbarge (Fictional)GungalDoc (Fictional)Notfloating Limited (Fictional)CanBTheRoute (Fictional)BogotaDync Marsia API (Fictional)Hudit TrailTime (Fictional)Neverpakt GmbH (Fictional)Ielora Fakora Ltd (Fictional)US-based Blue Bucket (Fictional)SG_malib Review (Fictional)
DotShield™, ConveyanceShield™, SecureSign™, SecureView™, and BlackGlass™ are trademarks of GABEY Consulting Pty Ltd. DotShield™ TM 2602060. The Human-Verifiable Retrieval Ceremony (HVRC), ceremony process, interface methods, verification sequence, three-zone architecture, and supporting implementation are proprietary to GABEY Consulting Pty Ltd (ACN 121 511 055). Unauthorised reproduction, redistribution, reverse engineering, commercial exploitation, or adoption of this workflow or its methods, in whole or in part, is prohibited without prior written consent. All third-party trademarks remain the property of their respective owners.

gabey.com.au  ·  nomateq.com.au  ·  ACN 121 511 055  ·  BlackGlass Theory: doi:10.5281/zenodo.20388612
© 2026 GABEY Consulting Pty Ltd & NOMATEQ. All rights reserved.
World's first Human-Verifiable Retrieval Ceremony
Have you completed yours?

The document did not move.
You did.

Three zones. One PIN that lived only in your memory. A SHA-256 fingerprint that proves what you received is exactly what was sent. That is not a download. That is a ceremony.

Zone 1 · Register
Zone 2 · Retrieve
Zone 3 · Verify
Yours
Begin the ceremony → Already registered?  →  Retrieve your document
DotShield™ ConveyanceShield  ·  NOMATEQ  ·  GABEY Consulting Pty Ltd ACN 121 511 055  ·  How the ceremony works  ·  Verify a document

Is this network environment worthy of carrying this ceremony?

Networthy™ Assessment

Introducing Networthy™
Session Environment Intelligence · Pre-ceremony protection layer
Protecting the user
before the ceremony begins.
The signal others cannot see.

Networthy™ assesses the entire environment surrounding your session — before any sensitive information is entered. It is not a filter at a boundary. It is a continuously active force field around the ceremony, operating independently of any gateway or perimeter security layer.

If gateway security is a bulletproof vest,
Networthy™ is the force field.
The vest protects at the boundary. The force field travels with the ceremony. If the perimeter is bypassed, the force field does not fail — it detects the changed environment and responds at the session layer, independently.
Networthy™ is designed to detect signs of session hijacking, network interception, automation, and early risk conditions associated with hostile activity before a Human-Verifiable Retrieval Ceremony begins — helping protect the user even when the end device's own security posture is unknown. The assessment runs before any form renders. The verdict is the opening entry in the ceremony custody evidence trail.
Live session signal stream — simulated
Pre-ceremony assessment — select a scenario
Assessment runs before
Any form renders
No sensitive information is entered until the environment verdict is complete. The opening verdict is the first entry in the custody evidence trail.
Suitable
The environment is ready for the ceremony.
The assessment found no material conditions of concern. The session profile is consistent, timing characteristics are stable, and no signs of hostile pre-attack staging, session manipulation, or incompatible intermediary behaviour are observed. The form renders and the ceremony begins with the opening environment record written to the custody trail.
Session environment baseline establishedA stable environmental profile is captured before the recipient enters any ceremony details. The session is consistent with a human-led, unintercepted ceremony.
No hostile pre-attack conditions detectedNo signals consistent with session hijacking, interception staging, automated tooling, or credential harvesting infrastructure are present.
Recipient experience
Environment assessed — proceeding
The form renders automatically. The recipient continues directly into the Human-Verifiable Retrieval Ceremony.
Networthy™
The environment can proceed — the user is informed first.
Some environments are legitimate but worth understanding before a custody ceremony begins. Corporate gateways, managed security layers, VPN routing, or elevated timing variance may be present. Networthy™ does not label those conditions as hostile. It discloses what was found, in plain language, gives the recipient a genuine informed choice, and records the acknowledgement as part of the ceremony evidence trail if they proceed.
Managed network condition detectedThe connection appears to pass through an organisation-controlled security layer. This is not hostile — but the user is told, because in a custody ceremony they have the right to know.
Conditions characterised and recordedWhatever the user decides, the conditions are permanently recorded in the ceremony custody evidence trail before the ceremony begins.
Recipient experience
Networthy™ assessment
Network conditions have been characterised. Details are shown before you proceed. You may continue with full awareness, or use another network or device.
Unsuitable
The ceremony is not offered in this environment.
If the environment cannot be characterised as suitable for a human-led custody ceremony, the form is withheld. No ceremony token is generated. No recipient details are requested. No sensitive information was ever at risk. The user is guided to retry from a standard browser, a different device, or a more trusted network — and can raise a query with GABEY Consulting if they believe the assessment is incorrect.
Session environment inconsistent with a human-led ceremonyThe session does not exhibit the characteristics expected of a legitimate, unmanipulated browser ceremony. Early risk signals are present.
Ceremony withheld — nothing was collectedThe ceremony is not offered. No form renders. No data is requested. The condition is recorded. The user is protected.
Recipient experience
Ceremony environment check failed
We could not establish a suitable environment for this ceremony. Please retry from a standard browser on a different network. If you believe this is incorrect, contact GABEY Consulting.
How the assessment works
Four stages. Before any sensitive data enters the session.
Networthy™ runs a structured assessment before the registration form renders. The assessment is invisible to the legitimate user. It operates independently of any upstream gateway — if the gateway is bypassed or absent, Networthy™ does not fail. The verdict, any characterised conditions, and any user acknowledgement are permanently recorded as the opening entry in the ceremony custody evidence trail.
01Observe
Environment signal collection
Session, network, and environmental signals are collected across multiple dimensions before any ceremony input is requested.
02Baseline
Pre-ceremony environment check
Timing and continuity characteristics are established. The environment is assessed as a whole — not against a list of known bad patterns.
03Classify
Three-verdict assessment
The compound signal profile produces a Suitable, Networthy™, or Unsuitable verdict. Internal assessment methodology is not disclosed.
04Record
Opening custody evidence entry
The pre-ceremony verdict and any user acknowledgement become the first permanent entry in the retrieval evidence trail.
Example public evidence language
pre_ceremony_verdictSUITABLE / NETWORTHY / UNSUITABLE
environment_statusCharacterised before sensitive information was entered
user_acknowledgementRequired only when Networthy™ conditions are presented
ceremony_startAllowed only after the environment verdict is complete
Personal protection · Powered by you
Be human.
Increase the strength of your force field.

Networthy™ learns the difference between a genuine human session and anything that tries to imitate one. The more you use it the way you naturally would, the stronger your personal protection becomes. No special actions required. No patterns to follow. Just be yourself.

One-time enrolment — never repeated
"To better protect your future ceremonies, Networthy™ will observe how you naturally interact with this service — just as you always would. That is all we need. You will not be asked again. You can withdraw at any time."
Your pattern
Unique to you
The way you naturally interact is unlike anyone else — and unlike any system that tries to simulate it.
Your protection
Gets stronger with use
Each verified ceremony deepens your personal profile. The force field grows stronger every time you use it naturally.
Your control
Always yours to remove
You can withdraw consent and delete your profile at any time. No raw recordings are ever stored — only the shape of your pattern.
Force field strength — increases with each verified ceremony
Strength