Policy

Retention & storage

How long certificates are kept, what is retained, and how plan-based storage limits work.

Certificate snapshot at issuance Plan-based retention + storage caps Public verification always free
Last updated: 1 November 2025
Plain-English policy for auditability. If anything conflicts with your signed agreement, the agreement governs.
Core rule

Snapshot at issuance

Retention is set per verification at the moment a certificate is issued, based on your active plan at that time. Upgrading or downgrading later does not retroactively change existing certificates.

In the certificate payload, this is represented as RetainUntilUtc (the earliest date the record may be deleted).
What we retain

CanonProof retains a verification record so results can be audited and independently verified. Depending on plan and configuration, retention may include:

  • Certificate metadata (ID, timestamp, media type, result label, score, confidence)
  • SHA-256 fingerprint of the verified bytes (binding identifier)
  • Indicators (forensic measurements) and human-readable reasons
  • Signed payload (JWS) and public key references (JWKS)
  • Generated artifacts such as the PDF certificate (where provided)
CanonProof certifies integrity/authenticity signals — not “truth.” AI indicators (when available) are advisory only.
What we don’t retain (by default)

CanonProof is designed to avoid storing unnecessary case context. Unless explicitly provided and agreed, we do not store:

  • your case notes, narratives, or conclusions
  • client/suspect names or internal reference numbers
  • communications content beyond the verified file itself
If you embed CanonProof via API, you control what you send and what you publish.
Plans

Default retention & included storage

Retention defines how long a certificate and its retained artifacts remain available. Storage caps exist so costs stay predictable when files are large (e.g., multi-GB video).

Plan Default retention Included retained storage Notes
Free 7 days Limited Evaluation tier. Public verification is free for everyone.
Professional Integrity 12 months 150 GB Storage overage available (e.g., £5 per extra 50GB/month).
Advanced Assurance 24 months 500 GB Designed for audits & disclosure workflows; lower overage cost.
Institutional / Enterprise 36+ months 2–5 TB Custom retention, storage, onboarding, and SLA options.
Storage caps apply to retained evidence. Uploading a large file can be supported, but retaining many large files for long periods has real infrastructure cost. Plans include storage so pricing stays predictable, with clear overage options when you exceed your cap.
Expiry & deletion

After RetainUntilUtc, the certificate and associated artifacts may be permanently deleted by automated processes.

  • Deletion may include PDFs, derived artifacts, and any retained file copy (where applicable).
  • Backups rotate on a schedule and will also expire.
  • Some records may be retained longer where required by law or dispute handling (see exceptions).
Public verification & disclosure

Public verification is designed for disclosure: third parties can validate the signed result without an account.

  • Always free to check a certificate by ID.
  • Shows the signed outcome and verification material required to validate signatures.
  • Does not include your private case context (notes, narratives, internal references).
Early deletion & customer control

You may request early deletion of certificates and retained artifacts, subject to:

  • legal obligations (court orders, disputes, fraud investigations)
  • technical constraints (queued jobs, backup rotation)
  • your contractual terms (Enterprise may define stricter controls)
Exceptions (legal holds & compliance)

We may retain certain records longer where required to:

  • comply with law or lawful requests
  • resolve disputes or enforce agreements
  • protect against abuse, fraud, or platform attacks
Enterprise agreements can define hold procedures and audit requirements.
Questions or retention requests?
Contact support@canonproof.com. For Enterprise retention/storage terms, use Contact.

CanonProof certifies integrity & authenticity signals — not “truth.” AI indicators (when available) are advisory only.