🔒 Private beta — we’re finalizing our qualified eIDAS electronic seal. Request early access →
instantproof.legalWe create evidence for individuals and institutional partners.
EN | NL | FR | DE Log in Request early access Create proof
How it works · Architecture & trust

Evidence engineered to hold up — even if you don’t trust us.

Anyone can record a screen. The hard part is proving the recording is real — that what you saw is what the server actually sent, at the moment it claims, unaltered since. We solve that by removing ourselves from the chain of trust: the network is witnessed by an independent notary, the record is cryptographically bound to the real servers, and the time is fixed by a third-party authority. We can’t forge it — and that’s the point.

Create your first proof Why it can’t be faked ↓
Layered evidence architecture illustration

1 · A clean room for every capture

Every browser session and every URL capture runs inside its own isolated, single-use environment — a fresh container with nothing carried over from any other capture or any previous run.

Isolated by constructionEach capture gets a dedicated browser container with its own filesystem, network namespace and memory. No shared cookies, no leftover state, no cross-contamination between captures.
Clean every single timeThe environment is rebuilt from a known-good image and torn down afterwards. It starts identical on every run, so a capture can never be influenced by what happened before it.
Recorded as it happensThe live page is screen-recorded to video while it loads and is interacted with — the human-visible record of exactly what appeared on screen.

2 · An independent traffic notary that can see but never read

This is the part that makes the evidence independent of us.

First, 30 seconds on HTTPS. When your browser talks to a website over HTTPS — the little padlock in the address bar — everything that travels between them is encrypted: scrambled into locked data that anyone in the middle can copy but cannot read. Only your browser and that website hold the keys that unlock it. That is what keeps your banking, email and messages private as they cross the internet.

Every byte the browser sends or receives is routed through a separate notary service, which records the traffic exactly as it travels — as locked, encrypted data. The notary is never handed the keys. So it can prove that this specific locked data flowed to and from these specific servers at this exact moment, while being completely unable to open it and read what is inside — your contents stay private even from the witness.

The notary then signs its sealed recording with its own cryptographic key, vouching for what it witnessed. This role is operated independently of instantproof.legal, so the network record is attested by someone other than the party that produced it.

To be clear, the “notary” here is a digital service — an automated, always-on witness running on its own infrastructure. It is not a person watching your screen. What makes it a notary is that its access and configuration are controlled by a notary — a regulated, independently-accountable legal professional — not by instantproof.legal. That independent control is exactly what gives the witness its weight.

3 · Sealed first, then made readable

We keep two things from every session: the notary’s independent recording of the encrypted traffic, and the encryption keys the browser used.

During the session we capture the HTTPS keys the browser itself used to secure its connections. On their own, those keys reveal nothing — but combined with the independently-captured data that travelled over the wire, they unlock it completely. The locked traffic becomes readable, exposing the actual HTML, JSON and JavaScript the servers sent — the exact data that built and drove the page recorded in the video.

This gives the evidence two layers that confirm one another: the video shows what a human saw on screen, and the decrypted record proves what the machines actually exchanged beneath it.

Crucially, the keys can only ever unlock the one encrypted recording the notary witnessed — they cannot turn it into anything else. (See the next section for why that matters.)

4 · Why it can’t be faked

We run the browser and hold the keys — so why should anyone believe the result? Because the maths doesn’t let us cheat.

The witness is independentThe notary records the encrypted traffic and signs it. We never touch its capture, and it never touches our keys — so the encrypted record can’t have been written by us after the fact.
The keys can’t lieTLS binds ciphertext to plaintext cryptographically. For a fixed encrypted record there is exactly one plaintext the keys can produce. We cannot craft keys that decrypt the notary’s bytes into a fabrication — that would mean breaking the encryption itself.
The server proves itselfThe decrypted handshake contains the server’s real certificate, signed by a public Certificate Authority. That proves the traffic genuinely came from gmail.com, bol.com or whoever — not a look-alike.
The time is fixed elsewhereA qualified eIDAS timestamping authority fixes when it happened — independent of our clock, legally presumed accurate, and not changeable afterwards.

Independent witness + unbreakable key-binding + CA-proven server identity + third-party time = evidence whose authenticity does not rest on trusting instantproof.legal.

5 · Qualified electronic seal & timestamp

Each completed package — the video, the notary’s signed capture, the decryptable record and their hashes — is bound with a qualified eIDAS electronic seal and a qualified electronic timestamp.

The seal and timestamp are issued by Openapi, an eIDAS qualified trust service provider. Under EU Regulation 910/2014 (eIDAS), a qualified electronic timestamp carries a legal presumption of the accuracy of the date and time it indicates and of the integrity of the data it covers — so any later change to even one byte breaks the seal and is immediately detectable.

The qualified seal binds the package to instantproof.legal as its issuer; the independent notary and the qualified timestamping authority are separate parties — so no single party can both produce a record and vouch for it.

6 · Stored to outlast the dispute

Evidence is worthless if it disappears before you need it. So every package is written to redundant cloud storage built for the long haul.

Short- and long-term storageEach certificate and its full evidence bundle is stored on Amazon S3 — kept available for retrieval and retained for the long term.
Redundant + replicatedObject versioning and write-once Object Lock protect against tampering and accidental deletion, with replication to a separate disaster-recovery region and continuous, verified backups.
Engineered durabilityThe underlying storage is designed for 99.999999999% — eleven nines — of object durability, the figure that makes “we still have it years later” a reasonable promise.

7 · Built like financial infrastructure

Evidence software has to be correct under adversarial scrutiny — the same bar as the systems that move money. instantproof.legal is engineered by a senior engineer with 25+ years building high-assurance systems, including 15 years designing financial and cryptocurrency-exchange platforms where correctness, auditability and tamper-evidence are non-negotiable.

That discipline shows up everywhere here: fail-closed gates that refuse to issue a certificate unless every check passes, independent verification baked into the architecture rather than bolted on, and a system that assumes no one — including us — should simply be taken at their word.

Proof you can hand to a court — or a skeptic.

Capture a web page, an email, a message thread or a file, and walk away with independently-witnessed, cryptographically-sealed, timestamped evidence.

Create your first proof Request early access →