FOR GOVERNMENT
Hashproof signs official media at the source, lets the public verify it against impersonation, and keeps an auditable record of what was signed. Built on C2PA, the open provenance standard, behind one HTTP API.
Three failures in how public media is authenticated and retained.
Fabricated statements attributed to officials, doctored footage of public events, and forged documents now spread during exactly the moments when accurate information matters most. Agencies have no native way to let the public confirm what is authentic.
A press release, a hearing recording, or a satellite image is copied, re-hosted, and excerpted across countless third-party sites. Each copy is severed from the issuing agency, and there is no way to point back to the canonical original.
Records retention statutes and evidentiary standards require a demonstrable chain of custody. Reconstructing one after the fact, across systems and decades, is slow and contestable when it is even possible.
Four primitives, one HTTP API, with deployment controls for the public sector.
Issue a C2PA manifest when a document, image, or recording is created or released. Hashproof stores a managed provenance record for each artifact, checkable through the public verify endpoint.
Soft-binding resolution maps a re-hosted excerpt or re-encoded copy back to the agency-issued original. The public, journalists, and courts can confirm a circulating asset against the source of record.
Signed manifests can be batched into Merkle trees, with a manifest inclusion proof available from the API once its batch is anchored. A proof records that the manifest identifier and its content hash were included in a recorded batch root.
Manifests follow the C2PA 2.x data model and are retrievable through the API. Stored records remain checkable through the public verify endpoint for as long as they are retained.
From issuance to retention. Existing records systems and portals stay in place.
01
Agency systems POST each official artifact to the signing endpoint at the moment of release. The manifest records the artifact hash and the signing timestamp.
02
Public-facing portals expose a verification badge. Anyone can check a circulating image or document against its stored provenance record through the public verify endpoint.
03
When a contested copy circulates, the verify endpoint checks it against the stored manifest. Resolution handles re-encoded image copies.
04
The compliance reporting endpoint produces structured JSON records for retention and discovery: per-manifest findings with specific issues, six summary counters, and a persisted report history with stable report IDs.
Open where it has to be open, controlled where you need control.
C2PA is a Linux Foundation specification. Manifests follow the C2PA 2.x data model, and stored records can be checked by partners, allied governments, and the press through the public verify endpoint.
Enterprise deployments include a DPA and contractual data-handling terms. The neutrality of the format keeps your records portable.
Hashproof signs and verifies. The authority of a record comes from the agency that issued it; the stored provenance record makes the released artifact checkable. We do not sit in the chain of authority, only the chain of evidence.
One provenance layer across retention, evidentiary, and transparency obligations.
For the reporting surface, see the compliance reporting page.
Government deployments live on Enterprise, with a countersigned DPA available on request. Pilot a single record class before you scale.