Verifiable Media Infrastructure

Cryptographic proof
that a photo is real.

ProofKit signs every photo and video at capture time using hardware-backed keys on iOS and Android. Platforms accepting user-submitted media — insurance, KYC, legal-tech, journalism — use it to prove authenticity and eliminate entire classes of fraud.

Request SDK Access See how it works →

proof-manifest.json ✓ signature valid

{
  "dc:format": "image/jpeg",
  "proof:claim": {
    "alg":       "Ed25519",
    "hash":      "sha256:7f83b1657ff1fc53b92dc18148a1d65d…",
    "timestamp": "2026-04-28T09:14:23Z",
    "location":  "42.6977° N, 23.3219° E",
    "device":    "iPhone 16 Pro · Secure Enclave · hw-bound",
    "sdk":       "ProofKit/1.0.0"
  }
}

Regulatory pressure · Insurance · KYC · Legal-tech

Platforms accepting user-submitted media are under growing pressure to demonstrate authenticity controls.

Insurance claim workflows, KYC flows, legal evidence portals, and journalistic platforms are all being asked to show active prevention measures against synthetic-media fraud. ProofKit provides hardware-backed, capture-time cryptographic attestation: Ed25519 signatures that bind every photo and video to the real device, place, and time of capture.

How ProofKit works →

Your platform accepts photos.
Generative AI can fabricate them.

Detection heuristics lose to generative models. Cryptographic capture attestation does not.

Insurance claims

Fraudsters upload AI-generated damage photos. Manipulated claim photos can inflate motor-insurance payouts by tens of thousands of euros per claim.

KYC and identity

Synthetic-ID fraud has grown by orders of magnitude across financial sectors since 2022. Photo-based onboarding is a primary vector.

Legal evidence

Courts increasingly question admissibility of smartphone photos without provenance. Chain-of-custody is a losing argument without cryptographic proof.

A signature that can't be forged,
issued at the moment of capture.

Three steps. No server round-trip. Offline capable.

Capture

The SDK uses iOS Secure Enclave or Android Keystore to generate a hardware-bound keypair. The private key never leaves the device.

Sign

Every photo and video is signed at capture time with Ed25519, embedding GPS, timestamp, device identity, and a content hash.

Verify

Our verifier at /verify validates the Ed25519 signature. Tamper a single pixel and verification fails.

See the SDK in action

Full Swift and Kotlin examples, attestation manifest schema, and verification flow in the ProofKit integration docs →

Built for platforms that can't afford
to trust the pixels.

ProofKit is infrastructure, not a dashboard. It integrates into your existing capture flow in hours, not sprints.

Insurtech

First Notice of Loss workflows. Drop-in replacement for your existing camera capture. Photos arrive at the adjuster's queue with a verified manifest — no separate review step.

KYC / identity verification

Onboarding capture. Signed selfie + ID-document capture, verifiable server-side before the record is created. Plugs into your existing IDV provider.

Legal-tech

Evidence intake. Signed manifest is admissible-grade chain of custody from the moment of capture — before the file touches your servers.

Journalism & civil society

Source media authentication. Reporters and citizen contributors capture with ProofKit; editorial verifies provenance before the file enters the pipeline.

The procurement clock is already running.

Regulatory pressure

EU regulators and industry bodies are moving toward cryptographic provenance as a baseline control for platforms accepting user-submitted media. Specific obligations vary by sector and jurisdiction — check with counsel on applicability to your platform.

Insurance sector

Insurers and filing organisations are being asked to demonstrate active prevention measures against synthetic-media fraud. Procurement teams are adding provenance requirements to vendor evaluation criteria.

Industry momentum

The shift is industry-wide. Major camera manufacturers, publishers, and platform vendors are rolling out cryptographic capture and provenance workflows. Cryptographic attestation at the point of capture is moving from differentiator to baseline expectation.

Built in the EU, for EU compliance workflows.

ProofKit is operated by a European company under European data-protection law. That's relevant when your buyers are insurance carriers, banks, or government platforms subject to EU regulatory scope.

Single dependency

A single SDK import. Hardware-backed keys, offline-capable capture, no per-verification fees.

Platform engineers first

Integrates into your existing capture flow in hours. No separate dashboard, no review queue, no new operational surface.

Transparent pricing

No per-verification tax. You integrate once and own the trust layer.

What ProofKit is not.

ProofKit answers one question, definitively: was this image captured by a real camera on a real device at a real place and time, and has it been tampered with since?

—

It does not detect deepfakes after the fact.

—

It does not watermark AI-generated content — that's a separate problem addressed by Article 50 of the EU AI Act.

—

It does not review or score images for damage assessment.

—

It is not a content moderation layer.

Ready to see the SDK?

Integration is a single dependency and a few lines of code. We'll walk you through it in a 30-minute technical call.

Request SDK Access Verify a photo →

Cryptographic proof that a photo is real.