CanonProof is “integrity infrastructure” — not a truth engine. We combine cryptography, access controls, forensic analysis, and tamper-evident certificates so third parties can verify results independently.
Each certificate includes the file hash and is signed (ES256). Anyone can verify a certificate has not been altered.
Account access and API usage are authenticated. Your integrations use API credentials, and sensitive operations remain protected.
Verification is backed by indicators (flags, numeric values, metadata). Your team can understand “why” a result was reached.
Security isn’t one feature. It’s the whole flow — capture, storage, verification, certificate issuance, and independent checking.
Files are hashed (SHA-256) and identified by type (image/audio/video/PDF). The hash becomes the anchor for integrity across the system.
Forensic extractors generate indicators. A scoring layer produces status + confidence. Outputs are designed for auditability — not black-box labels.
A certificate snapshot is created and signed (ES256). This makes the result tamper-evident for court bundles, reports, and third parties.
The public verification page validates the certificate authenticity without exposing your account. It proves the certificate is real and unchanged.
CanonProof certifies integrity signals and authenticity indicators for a digital file and signs the result. It does not determine the truth of claims or events — it provides an independently verifiable technical assessment.
When AI analysis is available, it is recorded as indicators (probabilities/confidence) and never becomes the sole decisive factor. If AI is unavailable, the certificate records that fact.
Certificates are kept according to your plan’s retention window and storage cap. Public verification remains free, even if you downgrade later. See Retention & storage policy.
Designed to protect customer data while preserving independent verification.
Short answers for due diligence and procurement.
No. Certificates are signed (ES256). Any modification breaks signature verification and will fail on the public verification page.
No. Public verification is designed for external trust. Anyone can check the certificate authenticity via the public link.
No. AI is advisory-only. When available it becomes indicators; when unavailable the certificate records that fact.
Retention depends on your plan. See Retention & storage policy for exact windows and storage caps.
We can provide a security summary tailored for PI firms, law firms, insurers, and platforms.