FAQ · Folio Q
straight answers
§ Sceptical questions

The honest answers.

§ Privacy & data

where the image goes, what we store, what we don't.

Q.01

Does receipts.you ever see my image?

No. Your browser computes the SHA-256 hash locally using the Web Crypto API. Only the 32-byte hash is sent to our Cloudflare Worker. The image bytes never leave your device. You can verify this in DevTools → Network — the only thing posted to /api/seal is a JSON object containing the hex digest.

Q.02

Do you store the image in any form?

No. The database row contains: receipt ID, two SHA-256 hashes, a timestamp, a signature, an optional note + source URL the user supplied, an OpenTimestamps proof, and country code for abuse rate- limiting. About 400 bytes. There is no image, thumbnail, or any information from which the image could be reconstructed.

§ Technical floor

the cryptography, the hashes, the verdict ladder.

Q.01

Then how can someone else verify the receipt?

You share the stamped image (which has a QR code embedded) and the receipt URL. Anyone scanning the QR lands at the verification page. They drop the image — their browser hashes it locally and sends the hash to /api/verify. Our Worker compares against the two stored hashes (clean original and stamped composite). Match = the bytes are identical to what was sealed at the receipt's timestamp. Mismatch = the bytes differ (could be edits, recompression, or a different file entirely — the perceptual-hash verdict ladder distinguishes those cases).

Q.02

What if Twitter / WhatsApp / a screenshot tool recompressed the image I want to verify?

We also store two perceptual hashes — pHash (DCT-based) and dHash (gradient-based) — at seal time, computed in your browser before the file is forgotten. At verify time, even if the SHA-256 fails because a platform recompressed your file, the perceptual hash gives a verdict: recompressed (same image, just re-encoded by Twitter/WhatsApp), similar (cropped or mildly edited), or mismatch (genuinely a different image). Perceptual hashes are a heuristic, not a cryptographic guarantee — a determined attacker can craft a colliding image — but they survive the recompression that breaks the SHA, which makes the receipt useful through the channels screenshots actually travel through.

Q.03

I re-saved the stamped PNG and it still verifies — how?

Chrome's libpng encoder is deterministic: re-encoding the same pixels in the same browser session produces byte-identical output, so the SHA-256 matches. Cross-browser this does not hold — Firefox and Safari produce different PNG bytes for the same pixels and the SHA will mismatch. The perceptual hash catches that case and returns recompressed instead of failing. The safest practice: save the stamped image once and share that exact file, rather than re-saving through editors or platforms.

Q.04

Could you fake a receipt yourself?

We sign with our private key, so technically we could mint a receipt for any hash with any timestamp. Two things prevent that. (1) Every hash is independently anchored to OpenTimestamps's decentralized timestamp network within minutes; backdating a receipt would require forging that anchor, which we can't do without rewriting a public ledger's history. (2) Reputation — our public key is published; any forgery is provable forever by anyone with the key + the historical record. If we ever did this, the product is over.

Q.05

Why ECDSA P-256, not P-384 or RSA?

P-256 is universally supported by the Web Crypto API in browsers, Workers, and openssl — it works everywhere with zero polyfills. P-384 isn't supported in all browsers; RSA signatures are much larger. P-256 / SHA-256 is the right cryptographic floor for a public-verifier system in 2026.

Q.06

Why Cloudflare-only? Any vendor lock-in concerns?

Cloudflare's free tier covers MVP scale with zero recurring cost: Workers (100k req/day), D1 (5 GB), Pages (unlimited). The signing key is portable — we can export it and re-host on any Worker-compatible runtime (Deno Deploy, Vercel Edge, Bun, etc.) without invalidating any existing receipts. externally anchored receipts remain verifiable even with no provider at all.

§ Edge cases & scenarios

the awkward situations real users keep landing in.

Q.01

What if someone copies my QR onto a fake image?

Their fake image has a different SHA-256 hash. When they (or someone they want to fool) drops it on the verification page, the hash matches neither original_hash nor stamped_hash → the page returns mismatch. The QR is real but the image attached to it is not. This is the entire point of storing both hashes.

Q.02

What if your service shuts down? Does my receipt become useless?

No. Every receipt is anchored into the decentralized timestamp network via OpenTimestamps. Even if receipts.you disappears, anyone with the original image + the OTS proof can verify the hash existed at the anchored timestamp, using the public OpenTimestamps client. The trust ultimately bottoms out at the timestamp network's proof-of-work, not at us.

Q.03

Will receipts ever break or expire?

No. Receipts are append-only. We never delete or modify them. The signing key is valid for 20 years (and rotation, when it happens, preserves verifiability of all historical receipts by publishing the old public key under its old signer_kid).

Question that isn't here? Email [email protected]. We answer in writing, link the source.
Drop a screenshot →
free · no signup · stays in your browser