Does TimeProofs store my files?

No. TimeProofs is hash-only and stateless. You can create and verify proofs without uploading original content.

Is a file timestamp enough for audit evidence?

No. File dates are local and editable. A proof file (.tproof.json) is verifiable and can be independently checked later.

Is TimeProofs a qualified trust service (eIDAS)?

No. TimeProofs provides technical, verifiable evidence primitives. It is not a qualified trust service and is not legal advice.

Status: Public Beta v0.2 · ProofSpec v0.1 · API v0.2 · Privacy-first · No blockchain

Regulations

TimeProofs produces a verifiable proof file (.tproof.json) that a specific artifact existed at a specific time and did not change — without storing the artifact.

1) Scope & non-claims

What TimeProofs does: creates and verifies a signed timestamp for a SHA-256 hash (stateless, hash-only, proof file).

What TimeProofs does not do: it does not store your content, does not identify people, does not provide legal advice, and is not a qualified trust service.

Compliance note: this page is a practical mapping of where verifiable evidence helps audits. It is not legal advice.

See: Privacy · Legal · ProofSpec · API Docs

2) File date ≠ proof

A file date is not a proof. File timestamps are local, editable, and not independently verifiable.

A TimeProofs proof is verifiable. Anyone can re-hash the exact artifact and verify a proof file (.tproof.json) that it existed at a specific time.

In v0.2, verification is proof-based (no “verify by hash-only” lookups).

3) Regulations map

Where a verifiable timestamp + integrity proof can support audit evidence.

Regulation	Audit expectation (high-level)	How proof files help
EU AI Act	Traceability, technical documentation, versioning, evidence of controls and updates	Anchor datasets, model cards, prompts, outputs, releases, and change logs with `.tproof.json` proofs
GDPR	Accountability, integrity/security controls, minimization, auditability	Prove integrity/timing of records and policies without storing content in the proof (hash-only)
Data Act	Portability, governance, provenance for shared datasets and exports	Attach proofs to exports and dataset versions; portable evidence independent from a single storage backend
eIDAS2	Higher-assurance trust services exist; evidence requirements may be formal	Not a qualified trust service. Still usable as technical evidence layer, depending on legal needs

TimeProofs is infrastructure: it provides verifiable evidence primitives. Compliance depends on your broader process and controls.

4) Audit workflow

Hash the artifact locally.
Create a proof and download the proof file (.tproof.json).
Store the proof file next to the artifact (or in an evidence folder).
Reference the proof file in your audit log or ticket.
Verify later by re-hashing and validating the proof signature (offline or via stateless verification).

See: API Docs · Create / Verify

5) FAQ

Do you store my files?

No. TimeProofs is hash-only and stateless. Your original content does not need to be uploaded.

Is this legally binding?

TimeProofs provides technical, verifiable evidence. It is not legal advice and not a qualified trust service.

Is a file timestamp enough?

No. File dates are editable and not independently verifiable. Proof files can be verified by third parties.

Can I verify with only a hash?

No. In v0.2, verification requires the full proof file (.tproof.json).

↑ Top