For HR teams
free · no signup · image stays in your browser
§ Receipts for hr teams

When the Slack message gets deleted before the investigation lands.

Workplace investigations live or die on the screenshot. An employee files a complaint, citing a Slack DM, a Teams message, an internal-tool comment. By the time HR opens the case, the message has been edited, deleted, or 'I never said that.' Sealing the screenshot when the complainant first surfaces it locks the evidence: SHA-256 + ECDSA signature + OpenTimestamps anchor, none of which the accused (or, frankly, anyone) can rewrite. The receipt doesn't decide whether the conduct violated policy — that's still the investigator's job. It just makes the underlying screenshot un-disputable so the investigation focuses on the substantive question, not on a forensics tangent.

Seal a screenshotRead the methodology

Workflows hr teams actually run

described as they happen, not as marketing
  1. 01

    Complainant intake: seal the screenshot at first interview.

    When the complainant first shares the screenshot, seal it in /seal on a workstation in the meeting room. The timestamp is now the moment HR took custody of the evidence; the chain of custody from intake forward is cryptographic. The complainant keeps a copy; HR keeps a copy; the receipt URL ties them.

  2. 02

    Internal-tool comment evidence: seal before the comment is deleted.

    Comments on internal documents (Confluence, Notion, Linear) are often deletable by the author. If a comment is part of a complaint, screenshot and seal before the platform's delete cascade catches up. The receipt outlasts the comment-history audit, which platforms vary on retaining.

  3. 03

    Slack / Teams DM evidence: complainant brings the screenshot, HR seals it.

    The complainant's phone screenshot is sealed in HR's session. Two copies exist: complainant's local, HR's sealed receipt. If the accused later claims the screenshot was doctored, the receipt's timestamp and signature settle the authentication question without involving IT forensics for every case.

  4. 04

    Anti-retaliation: seal complainant communications dated near the complaint.

    If an employee later alleges retaliation (performance review changed after complaint, schedule altered, project reassigned), the timeline of their pre-complaint communications matters. Sealing their performance review, schedule, project assignments at intake gives HR a defensible chronology if the retaliation claim escalates.

What it maps to in your world

the standards and rules already on your desk
  • FRE 901 (US) and equivalent admissibility frameworks accept screenshot evidence; a cryptographically-signed timestamp simplifies authentication if the investigation goes external.
  • Image bytes never reach our servers — the workplace's privacy posture remains intact even when sealing sensitive complaint material. We see only the SHA-256 hash and two perceptual hashes (~80 bytes total).
  • Verification is one-click for outside counsel, EEOC investigators, or any third-party reviewer. The receipt URL is short, stable, and offline-verifiable with our published public key.
  • Receipts are append-only on our side and externally anchored on a public chain. Even if your employer changes HRIS vendors or loses internal logs, the receipt verifies independently.
  • No SaaS lock-in. The receipt JSON, the public key, and the OpenTimestamps proof together verify offline — useful for HR teams under data-residency requirements that limit third-party SaaS dependencies.

Questions this page answers

what hr teams usually search for
  • slack message deleted hr investigation
  • teams message screenshot evidence
  • workplace harassment screenshot proof
  • employee complaint screenshot authentication
  • hr investigation chain of custody
  • retaliation evidence screenshot
  • discrimination screenshot evidence
  • policy violation timestamp evidence

Specific answers

Q.01

Is using receipts.you compatible with our data-residency / GDPR posture?

We never receive the image. The image is hashed in the browser; only the hash leaves the device. There's no PII in a SHA-256 hash; there's no possibility of reconstructing the underlying screenshot from the data we store. The data-protection argument is straightforward: we have less of the data than your phone does. The Cloudflare worker is region-routed based on the request origin; if your data-residency requirements specify EU-only processing, you'll want to confirm CF's routing for your IP range with your legal team.

Q.02

Should the complainant or HR be the one to seal?

Both, ideally. The complainant seals their copy when they first capture it (proves they had it at T-complainant). HR seals at intake (proves HR took custody at T-intake). Two receipts, two timestamps, one chain of custody. If only one happens, HR's intake seal is more important for investigation defensibility.

Q.03

Can the accused request the receipt be deleted under a 'right to be forgotten' or HRIS-retention claim?

Legally varies. Practically, we store the SHA-256 hash, not content; there's nothing to 'forget' in the GDPR sense. The receipt cryptographically can't be erased (OpenTimestamps anchor is on a public chain). We can mark a receipt as withdrawn on our side on request, but the cryptographic record persists. For high-stakes deletion requests, consult counsel.

Q.04

Does the receipt protect against accused-side allegations of 'fabricated complaint'?

It protects against allegations of post-complaint fabrication of the underlying screenshot evidence. It does not protect against allegations that the complainant fabricated the situation that led to the screenshot — that's a substantive investigation question, not an authentication one. Receipts shrink the perimeter of disputable evidence; they don't decide the case.

Q.05

Can we white-label receipts for an internal compliance tool?

Not in v1. The receipt page renders receipts.you branding; embedding the verification widget into an internal HRIS is on the roadmap. For now, the receipt URL slots into investigation case-management tools as a standard external link with a one-click verify on the destination page.

Q.06

Is this enough for an EEOC charge or a regulatory investigation?

Receipts are evidence, not a complete investigation file. They authenticate the screenshot; they don't substitute for witness statements, contemporaneous notes, performance records, or the rest of a properly-conducted investigation. For EEOC submissions, your counsel will package the receipts alongside the rest of the file. The cryptographic layer reduces investigator friction during file review.

Lock the screenshot at intake. Investigate the rest cleanly.

Free, browser-only, no SaaS lock-in. The complainant's evidence and HR's custody are both signed, dated, and externally anchored within minutes.

Seal your first screenshot — freeRun the test rig
Drop a screenshot →
free · no signup · stays in your browser