We use confidential computing. Secure enclaves provide cryptographic proofs of the code running on them. A user can build the open source code and compare the fingerprint to the secure enclave.

Lots of details in our tech primer here https://blog.opensecret.cloud/opensecret-technicals/