Security & Hashing Explanation
This document explains how ProofLedger secures user data and how the hashing and blockchain anchoring process works in plain language.
1. Zero-File Storage Architecture
ProofLedger uses a strict privacy-first model designed to keep your files off our servers entirely:
- Files never leave your browser.
- The original file is never transmitted, received, or stored by ProofLedger.
- Only a one-way SHA-256 hash is generated from your file.
This ensures ProofLedger cannot access, view, or leak the contents of your data. Even if our systems were compromised, your original files would not be there.
2. SHA-256 Hashing
A SHA-256 hash is a cryptographic fingerprint of your file. It is:
- One-way — it cannot be reversed back into the original file.
- Unique — even a tiny change in the file produces a completely different hash.
- Deterministic — the same file always produces the same hash.
This allows anyone, including courts and investigators, to check if a given file matches the hash recorded on the blockchain without ever storing or exposing the original file in ProofLedger.
3. Blockchain Anchoring
ProofLedger anchors your hash to public blockchains so the evidence is tamper-evident and globally verifiable. Currently we support:
a. Polygon (default)
- Fast, reliable, and extremely low cost.
- Ideal for routine timestamping and high-volume use.
- Public, verifiable, and tamper-evident.
b. Bitcoin (optional)
- Optional Bitcoin anchoring method with higher decentralization characteristics.
- Higher fees and slower settlement times than Polygon.
- Strongest global immutability and longevity guarantees.
Your hash becomes part of a public ledger that cannot be altered without breaking the entire chain, which is computationally infeasible. This is what underpins the integrity of your ProofLedger certificate.
4. What a Certificate Shows
A ProofLedger certificate includes:
- Your SHA-256 hash.
- The timestamp of submission.
- Blockchain transaction ID(s) on Polygon and/or Bitcoin.
- Immutable anchor verification details.
- A platform integrity signature from ProofLedger; this is not a legal document signature.
Third parties, including courts and investigators, can independently verify that:
- The hash matches the original file you present.
- The timestamp is consistent with when it was written to the blockchain.
- The blockchain record exists and is immutable.
5. Security Controls
Beyond the zero-file storage model, ProofLedger uses layered security controls, including:
- TLS encryption for all network traffic.
- Strong hashing of user credentials.
- Segregated services and databases.
- Least-privilege access controls for internal systems.
- Regular monitoring of anchoring operations and infrastructure health.
- Strict handling of keys and secrets, with environment-based separation.
6. Limitations
ProofLedger records a specific SHA-256 hash at a specific time and, when applicable, anchors that hash to supported blockchains according to its documented technical procedure. ProofLedger does not determine who created a file, whether a file is lawful, accurate, authentic, or admissible, or how a certificate should be weighed by courts, agencies, or third parties.
You are responsible for ensuring you have the rights to any material you anchor and for how you present ProofLedger certificates in legal or commercial contexts.
7. Contact
For security questions, audits, or legal inquiries, contact:
ProofLedger LLC
PO Box 24
Floral City, FL 34436
support@proofledger.io