PresenceVault · Trust Infrastructure · by PresenceProof

The backend that
knows nothing about you.

PresenceVault handles RFC 3161 timestamping, sealed receipt escrow, and permanent verification URLs — without ever seeing your location, your identity, or your payload.

Zero knowledge architecture

Your data never touches our servers.

The RFC 3161 timestamp authority receives only a cryptographic hash — a 32-byte fingerprint of your token that proves it existed at a moment in time, without revealing what it contains.

Your token payload lives in your own private iCloud container. Only your Apple ID can access it. JSC Biz LLC cannot read it, cannot export it, and has no keys to it.

The verification page wardens see runs entirely in the browser. The token decodes and verifies locally. No payload is transmitted to any server during verification.

🔒
What PresenceVault receivesA SHA-256 hash of your token. 32 bytes. No location, no label, no identity.
☁️
Where your payload livesYour private iCloud container. Apple infrastructure. Only your Apple ID has access.
🌐
What happens during verificationBrowser decodes and verifies locally. No network call after page load. Warden's device sends nothing.
📋
What gets loggedToken ID and timestamp only. Retained 90 days then permanently deleted.

How a Pro stamp flows through PresenceVault

W0

First launch — App Attest registration

Each device sends its App Attest certificate to PresenceVault. Apple confirms: genuine Apple hardware, genuine unmodified PresenceProof binary. Happens once per device.

No location data. No payload. One-time call.

W1

On each tap — RFC 3161 stamp

The app sends SHA-256(token) + two App Attest assertions to Worker 1. Both assertions are verified, then the hash is forwarded to the RFC 3161 CA for timestamping.

Payload never transmitted. Hash only.

iC

Receipt sealed in your iCloud

The RFC 3161 receipt is stored encrypted in your private CloudKit container. PresenceVault cannot read it. It remains sealed until you choose to unlock it.

iCloud private — your keys, your data.

W2

On unlock — certificate generation

When you purchase an unlock ($24.99 pay-later or $19.99 Pro ad-hoc), Worker 2 verifies the StoreKit receipt, updates your CloudKit record, generates the PDF, and activates the permanent URL.

One-time purchase per token.

W3

Permanent verification URL

veriplace.app/cert/[tokenID] serves the full legal-grade verification page permanently — RFC 3161 receipt, CA chain, dual device trust chain.

Permanent. No expiry. No renewal.

The five trust layers

L1

Apple Secure Enclave (×2)

Watch + iPhone each have a tamper-resistant coprocessor. Keys generated on-chip — never exported, never transmitted, never accessible to any software including iOS itself.

Defeats: key extraction, software compromise

L2

Apple App Attest (×2)

Apple's CA certifies each signing key lives in genuine Apple hardware running an unmodified PresenceProof binary. Both devices attest independently. Jailbroken devices and simulators cannot generate valid attestations.

Defeats: GPS spoofing apps, jailbroken devices, simulators, modified binaries

L3

Dual ECDSA P-256 Co-Signatures

Watch and iPhone each independently sign the full token payload. Any alteration to any field breaks both signatures simultaneously. Both public keys are embedded in the token.

Defeats: data tampering, screenshot editing, replay attacks

L4

Dual GPS Correlation

Watch and iPhone each record independent GPS readings. The delta is calculated and embedded in the signed token. A plausible delta (under ~50m) is a positive trust signal. A large delta flags potential spoofing.

Defeats: single-device GPS spoofing — two devices must be spoofed consistently

L5

RFC 3161 Timestamp (Pro)

A trusted CA co-signs a hash of the dual-signed payload. Same standard as DocuSign, Adobe Sign, and court e-signature systems worldwide. Cannot be created retroactively.

Defeats: backdated tokens, "I generated this later" claims

What PresenceVault collects — and what it doesn't

Token ID

A UUID per tap. Used to link the RFC 3161 receipt to your token. No personal data, no location.

SHA-256 Hash

A fingerprint of your payload. Mathematically impossible to reverse back to your location or label.

App Attest assertions

Prove the request came from genuine PresenceProof on genuine Apple hardware. No location or personal data.

RFC 3161 receipt

Stored encrypted in your private iCloud container. PresenceVault cannot read it. Deleted from our logs after 90 days.

Never collected

GPS coordinates. Stamp label. Solar context. Your name. Apple ID. Raw device UDID. Any biometric data.

Log retention

Token ID + timestamp only. 90 days maximum. Then permanently deleted.