EpochCore is built so the most sensitive part — your actual content — is fingerprinted on your side. We seal the proof, not the data. This page explains, in plain English, what is and isn't handled.
When you seal something, we store a SHA-256 fingerprint, the signature, and basic metadata (timestamp, record root, retention class). A fingerprint is a one-way function — it cannot be reversed into your original content. This is what lets anyone confirm a seal is genuine without ever seeing the underlying data (PHI- and trade-secret-safe by design).
The live tamper-evidence demo on the home page runs entirely in your browser using your device's WebCrypto. Nothing you type into it is sent anywhere — the fingerprint, the signing key, and the verification all stay on your machine and vanish when you close the tab.
Production seals are signed with keys held in an IBM Key Protect hardware security module and never exported. Each seal carries a classical signature (Ed25519) plus post-quantum signatures (ML-DSA-87, SLH-DSA-128f); the matching public keys are published so anyone can verify a seal without contacting us.
Recorded fingerprints are kept on an append-only ledger for 7 years by default to satisfy SEC 17a-4, FINRA 4370, and EU AI Act Article 12 record-keeping. Because only fingerprints are retained, that retention carries no exposure of your underlying content.
This site uses no third-party tracking cookies. Any preferences are stored locally in your browser and never transmitted.
Because we don't hold your content, there is little personal data to access or delete — but for any recorded metadata tied to your organization, contact us and we'll help. Reach the team at john@epochcoreqcs.com or via the support page.