Preserve disclosures, policies, prices — exactly as they appeared on date X.
Audit requests, regulatory reviews, and disclosure disputes all converge on one question: what did your site actually publish at a given moment? GetProofAnchor produces a tamper-evident Evidence ZIP and shareable Proof ID for each captured version, anchored in four independent integrity layers — turning audit answers from testimonial into deterministic: Match / Modified.
Standardized Evidence ZIP per published version — file it in the audit folder, retrieve it years later, verify offline.
Subsequent edits, file replacements, even whitespace reformatting — all detectable via the SHA-256 manifest.
Capture again whenever something changes. Each version gets its own Proof ID and eIDAS qualified timestamp.
What this is: a record-keeping and integrity-verification workflow for compliance and audit — point-in-time capture, four-layer cryptographic integrity, EU-qualified timestamp, Bitcoin anchor, audit-ready Evidence ZIP verifiable offline by internal or external auditors.
What this is not: a compliance certification, a regulatory filing tool, or legal advice. Regulatory sufficiency in your specific case (GDPR, DSA, MAR, MiCA, ESG, sector frameworks) is a determination for your compliance counsel and your regulator.
Built for the “show me the published version on date X” audit request — and for proving you can answer that question every time, year after year.
Public URL via the dashboard, or behind-login content (internal control attestations, vendor portals, regulator dashboards) via the browser extension — exactly as published, captured at the moment of publication.
Standardized, self-contained, offline-verifiable bundle: full-page screenshot + captured DOM + extracted text + SHA-256 manifest + hash chain entries + Bitcoin OpenTimestamps receipt + eIDAS qualified-timestamp kit + bilingual verification README. Drop into the audit folder for the relevant control.
When an auditor or regulator asks for the version on date X, hand over the ZIP. Verification is deterministic and reproducible: Match (intact) or Modified (per-layer report). Fully offline if needed — no service dependency on GetProofAnchor.
What compliance teams capture with GetProofAnchor
Built around the disclosures, policies, and statements where “the version published at the time” is the entire question.
MAR ad-hoc disclosures, MiCA whitepapers, prospectus updates, regulatory filings, sanctions notices — preserved at the version the market actually saw.
GDPR-relevant policy versions, cookie consent banners, terms-of-service revisions, DPA versions — captured at the version each customer accepted.
Published prices, advertised discounts, promotional T&Cs, time-limited offers — preserved with date-stamped evidence for consumer-protection and tax-compliance reviews.
Performance claims, certifications, sustainability/ESG statements, comparisons, “as advertised” evidence — captured as published, defensible against later challenges.
SOX-style control attestations, internal policy versions, intranet disclosures, vendor-attestation portals — preserved exactly as the control was performed and documented.
DSA transparency reports, content-moderation policy versions, dark-pattern audit evidence, consumer-rights disclosures — captured at the URL and version reviewed.
Why this evidence holds up under audit
An internal screenshot binder works until the auditor asks how you know it hasn't been edited. GetProofAnchor wraps every captured version in four independent integrity layers, each with its own files in the Evidence ZIP, each independently verifiable by a third-party auditor. Defeating any single layer doesn't break the others.
Every file in the Evidence ZIP has its hash recorded in manifest.json. Editing a single byte — even reformatting whitespace — fails the integrity check during audit.
Each capture is part of a global SHA-256 chain. Each entry contains the hash of the previous one, so inserting or modifying a past version-snapshot breaks the chain mathematically — the audit-trail timeline is itself protected.
The chain head is anchored to the Bitcoin blockchain. Once confirmed, the timestamp is preserved by the entire Bitcoin network — independent of GetProofAnchor and of any single jurisdiction.
RFC 3161 timestamp from an EU-qualified Trust Service Provider (currently SK ID Solutions, Estonia). Recognized as legal-grade proof of existence at a point in time under Regulation (EU) 910/2014 — the default audit-trail anchor for EU/EEA frameworks.
All four layers PASS → the audit trail is cryptographically intact, not just well-organized. Any layer FAILS → modification is detected, with a per-layer report showing exactly which one was tampered with — turning a vague tampering concern into a deterministic technical question for the auditor.
Why a screenshot binder fails the integrity test
Screenshot binders, PDF print-outs, and internal archives all share the same weakness: the audit team has to take your word that the contents weren't edited after the fact. Modern audit and regulatory frameworks are increasingly explicit about evidence integrity — accountability principle, audit-trail tamper-evidence, contemporaneous record requirements. Cryptographic integrity replaces credibility with verifiability, and converts an audit interview from “convince us” to “verify it yourself”.
Evidence ZIP includes a SHA-256 manifest of every file. Subsequent edits — text, screenshot pixels, file replacement, even JSON whitespace reformatting — become mathematically detectable. The audit trail does not depend on testimony or organizational trust.
Each version-snapshot gets two independent time anchors: an eIDAS qualified timestamp (legally recognized in EU/EEA under Regulation 910/2014) and a Bitcoin OpenTimestamps anchor (preserved by the Bitcoin network). Backdating accusations stop being a credibility argument and become a cryptographic fact-check.
A standardized, self-contained bundle of around 24 files (format: getproofanchor-evidence-1). Designed to be filed in the audit folder, attached to regulatory submissions, handed to internal or external auditors — and to verify independently of GetProofAnchor.
- manifest.json — the integrity baseline — SHA-256 hash of every other file in the package
- proof.json — main record — Proof ID, source URL, final URL, capture time, SHA-256 fingerprints, eIDAS status, Bitcoin anchor info
- screenshot.png — full-page screenshot at capture time (the published state of the page on date X)
- page.html + content.txt — captured DOM/HTML and extracted plain-text content — the underlying source for behind-the-pixels analysis
- capture/capture_meta.json — forensic capture metadata — engine, viewport, scroll, consent dialogs auto-handled — the audit-trail backbone
- chain/* — append-only hash chain entries linking this version-snapshot to the global chain of all captures
- anchor/anchor_receipt.ots — binary OpenTimestamps receipt with the Bitcoin merkle path — verifiable against any Bitcoin node
- timestamp/* — complete eIDAS qualified-timestamp kit — RFC 3161 token, TSA certificate chain, frozen EU Trusted List snapshot, verification report
- report.pdf — human-readable Evidence Report PDF — formatted summary suitable for the audit folder or regulatory submission
- README.md — bilingual (EN + CS) verification guide with copy-paste commands using python3, openssl, ots — auditors reproduce the verification independently
For a file-by-file walkthrough see the Evidence ZIP — every file inside tutorial.
eIDAS qualified timestamp — the default audit-trail anchor
Every GetProofAnchor capture receives an RFC 3161 timestamp from an EU-qualified Trust Service Provider. This is not a marketing label — it has specific legal meaning under Regulation (EU) 910/2014 (eIDAS) and is the recognized audit-trail time anchor for compliance frameworks across the EU and EEA, accepted by regulators as evidence of existence at a point in time.
Currently SK ID Solutions AS (Estonia), listed on the EU Trusted List as a Qualified Trust Service Provider — meeting the formal eIDAS criteria for qualified electronic timestamping.
Recognized in EU/EEA courts and regulatory proceedings as proof of existence at the timestamped moment. Required or strongly preferred under multiple compliance frameworks where contemporaneous evidence integrity is part of the obligation.
The full TSA certificate chain and a frozen snapshot of the EU Trusted List are inside the ZIP — verification works offline, throughout your retention period, even if the TSA later ceases operation or rotates certificates.
Common questions from compliance & audit teams
Direct answers to the questions we hear most often. Tap to expand.
How does this map to “what was published on date X” audit requests?
Is this admissible in regulatory proceedings or court?
Can it capture pages behind authentication (internal control attestations, vendor portals, regulator dashboards)?
Does this satisfy specific regulations like GDPR, DSA, MiCA, MAR, or ESG reporting requirements?
How do I capture multiple versions of the same page over time?
Will the audit evidence still verify after the retention period (5, 7, 10+ years)?
Reference material
Deeper reading for compliance officers, auditors, and the regulatory teams reviewing your evidence:
How GetProofAnchor works — capture, trust stack, Evidence ZIP, verification
How to create a proof from a URL — Dashboard + Browser Widget
Evidence ZIP — every file inside, offline-verifiable
How to verify evidence — Proof ID, ZIP, online & offline
Answer “what was published on date X” with mathematical certainty
Audit-ready, point-in-time web evidence with cryptographic integrity, EU-qualified timestamp, and a Bitcoin anchor. Verifiable offline, by any auditor, throughout your retention period.