Every PDF you publish gets a tamper-proof receipt.

In plain English: a tamper-proof timestamp on every PDF, verifiable by anyone — without us.

SLA-backed. SOC 2 Type II in progress (target Q4 2026). Every sealed PDF is signed by the same bank-grade secure hardware that signs ACH transactions — shared across the rest of the EpochCore family.

Drop a PDF. We compute its unique digital fingerprint, sign it with two independent signatures (today's standards plus a future-proof one built to survive quantum computers), and post the entry to a public record anyone can check. You get back a court-admissible version with a visible cover page citing the public verifier link. Built to support self-authentication under Fed. R. Evid. 902(13)–(14). Verify any of yours on the verify page; see real receipts on evidence.

Built first for IP firms — same backbone serves pharma submissions, financial filings, healthcare records, source-document authentication, and M&A diligence.

FRE 902(13)/(14)
Permanent public record
Two independent signatures
Court-grade retention

A real VERIFIED chain receipt — VERIFIED verdict plus five plain-English gates: receipt exists on the public record, document fingerprint matches, prior-receipt link intact, bank-grade signature present, and future-proof signature present. — A real VERIFIED chain receipt — click to open the live one.

Concrete example. Ship a patent-prosecution office-action response with a sealed cover page. If opposing counsel disputes the filing date or contents, forward the chain-receipt link — no deposition, no custodian-of-records affidavit.

Live · Real seals · Same chain as everything else we ship

Drop a PDF to seal

or click to choose · up to 32 MB · Your file is processed in this request and not retained.

Hashing · sealing · rendering cover page · embedding XMP …

What gets embedded

The XMP block, verbatim.

Every watermarked PDF carries this metadata stream inside its document catalog. The watermarked_doc_hash field is self-referential: when present, it is the SHA-256 of the PDF with that field zeroed back to 64 ASCII zeros. Standard PDF-signature pattern.

Show the XMP block (for engineers)

<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/">
  <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
    <rdf:Description rdf:about=""
      xmlns:epochcore="https://epochcoreqcs.com/ns/proof/v2">

      <epochcore:schema>epochcore/proof-watermark/v2</epochcore:schema>
      <epochcore:sealed_at>2026-05-14T19:42:00Z</epochcore:sealed_at>
      <epochcore:original_content_hash><64-hex></epochcore:original_content_hash>
      <epochcore:watermarked_doc_hash><64-hex, self-ref></epochcore:watermarked_doc_hash>
      <epochcore:seal_full_hash><64-hex, from chain></epochcore:seal_full_hash>
      <epochcore:seal_short>16-hex-uppercase</epochcore:seal_short>
      <epochcore:verifier_url>https://chain.epochcoreqcs.com/v1/verify?hash=...</epochcore:verifier_url>
      <epochcore:authentication_basis>FRE-902-13 + FRE-902-14</epochcore:authentication_basis>
      <epochcore:retention_years>6</epochcore:retention_years>
      <epochcore:signer_id>proof.epochpay.today.v1</epochcore:signer_id>
      <epochcore:signature_algorithms>Ed25519 + ML-DSA-87</epochcore:signature_algorithms>

    </rdf:Description>
  </rdf:RDF>
</x:xmpmeta>
<?xpacket end="w"?>

How to verify without us

Three commands. Standard Python. Zero EpochCore dependencies in the loop.

Most users: just drop your PDF on the verify page and we'll show you the same five gates in plain English — no command line, no dependencies.

For your security team: hand a watermarked PDF to opposing counsel, a regulator, or your own infrastructure team. The verification path goes through chain.epochcoreqcs.com — a public read endpoint — and standard cryptographic libraries. Nothing depends on this site staying online.

# 1. Extract the seal hash from the PDF's XMP metadata.
pip install pypdf
HASH=$(python -c "
from pypdf import PdfReader
import re
xmp = PdfReader('watermarked.pdf').xmp_metadata.rdf_root.toxml()
print(re.search(r'seal_full_hash>(\w+)<', xmp).group(1))
")

# 2. Ask the public chain whether that seal exists.
curl "https://chain.epochcoreqcs.com/v1/verify?hash=${HASH}&full=1"
# ⇒ ok:true, found:true, signatures.post_quantum_dual_sign:true

# 3. Confirm the document hasn't been edited since sealing:
#    zero the watermarked_doc_hash field, SHA-256 the bytes,
#    compare to the value that was in the field.
python -c "
import hashlib, re, sys
with open('watermarked.pdf','rb') as f: b = f.read()
claimed = re.search(rb'watermarked_doc_hash>([0-9a-f]{64})<', b).group(1).decode()
zeroed = b.replace(claimed.encode(), b'0'*64, 1)
print('PASS' if hashlib.sha256(zeroed).hexdigest() == claimed else 'FAIL')
"

Your Tuesday

What changes Tuesday at your IP boutique.

No new software. No partner sign-off on a six-figure platform. Here's what Tuesday at 9:14 AM actually looks like once Proof is on:

9:14 AM, Tuesday. Your associate is finalizing the response to a USPTO Office Action on the Doe Industries '432 application — a 6-month statutory deadline that lands in 11 days.

Today: she emails the response, the EFS-Web filing receipt is the only timestamp record, and any later dispute about WHEN the response was prepared or WHAT bytes were filed goes to forensic email-header analysis.

Tomorrow (with Proof): she drags the office-action response onto proof.epochpay.today before uploading to EFS-Web. Three seconds later, a sealed PDF returns with two independent tamper-proof signatures, an FRE 902(13)/(14) certification ready for any later authentication challenge, and a public-record entry that locks in the exact PDF bytes within the hour.

Three months later: opposing counsel argues the response was modified post-filing to add a limiting amendment. You produce the sealed receipt. The QR resolves on chain.epochcoreqcs.com showing the original document fingerprint at filing time and both independent signatures backing it. The argument ends in 90 seconds, not 90 days.

Workflow delta: one drag-drop per outgoing PDF. Nothing else in your stack changes. (Patentcenter / EFS-Web plugin and Clio/MyCase webhook integrations are on the Mid tier roadmap — Q3 2026. Doe Industries '432 is illustrative — not a real matter.)

Three more moments your boutique will recognize.

Concretely

No IT lift, no new client-facing surface, no change to your matter management:

Every patent-prosecution office-action response goes out sealed. Drop the response PDF on this page (or via the API once piloted); receive a watermarked copy back with a visible cover page citing the public verifier URL. File the sealed copy with the USPTO; keep the chain-receipt link in the matter file.
When opposing counsel disputes a date, you forward the chain-receipt link in a one-line email. No deposition. No custodian-of-records affidavit. The chain endpoint is read-only, public, and resolves the signature + timestamp in a single GET.
FRE 902(13)/(14) certifications generate automatically alongside discovery production. Sealed PDFs include machine-readable XMP that maps to the Rule 902 self-authentication structure — opposing counsel receives evidence already in admission-ready form.

Live evidence

Recent seals from this surface.

Last few PROOF_WATERMARK_PDF directives on the public chain. Click any hash to resolve at chain.epochcoreqcs.com. Full ledger at /evidence.

Sealed at (UTC)	Watermark	Seal full hash
2026-06-04 03:00	`6D9DF6CD32E862CB`	`6d9df6cd32e862cb…c14ceda95911`
2026-06-02 05:24	`362F18D17C5753E1`	`362f18d17c5753e1…7b124e0158cf`
2026-06-02 05:24	`7F34BAA4F762A5B3`	`7f34baa4f762a5b3…97f91cc71c74`

Pricing

Plain table. No hidden tiers.

Annual billing saves ~17%. Pilot pricing — 50% off Year 1 — available for the first five named-firm design partners in exchange for a case study right.

Solo

$99

per month · small practice · $999/year

250 PDFs included
$0.40/PDF overage
7-year retention · FRE 902(13)/(14)
Visible cover page + XMP
Sidecar .seal.json + verifier

Boutique

$499

per month · mid practice · $4,990/year

2,000 PDFs included
$0.25/PDF overage
10-year retention · FRE 902(13)/(14)
Branded cover-page template
Per-matter chain views

Mid

$1,499

per month · large practice · $14,990/year

10,000 PDFs included
$0.15/PDF overage
15-year retention · FRE 902(13)/(14)
Per-user signer IDs
Priority chain queue

Firm

$3,999

per month · enterprise · $39,990/year

50,000 PDFs included
$0.08/PDF overage
Custom retention (15y / 25y / permanent)
Dedicated tenant slug + SLA

Most boutique IP firms (5–15 attorneys) seal 800–1,500 PDFs/month — the Boutique tier covers it comfortably.

Walkthrough requests: email john@epochcoreqcs.com with subject "Walkthrough request" — we reply within one business day.
Design-partner terms (50% off Year 1, first five named firms): same address.

What this is — and what it isn't

Scope, both sides.

In two lists. The first names what the tool does; the second names what it doesn't, so there are no surprises on either side.

What this IS

Is A court-admissible cover page on every PDF you publish — visible to anyone who opens the file, with a public verifier URL printed on it.
Is A public verification link anyone can hit — opposing counsel, regulator, in-house IT — with no EpochCore servers in the loop.
Is A chain receipt for every seal you produce, retained on the public chain for 7 years from the seal date.

What this is NOT

Not Legal advice. Nothing on this page constitutes a legal opinion. Use of this tool does not establish an attorney-client relationship.
Not A guarantee that any specific document will be admitted under FRE 902(13)/(14). Admissibility is a case-specific judicial determination.
Not DOCX, XLSX, PPTX, images, audio, or video. PDF only in Phase 0.
Not Encrypted (password-protected) PDFs. Decrypt before submitting.
Not Batch mode. One file at a time on this surface; talk to us about bulk ingest pipelines.
Not A document storage service. We do not retain your file beyond the request lifecycle.
Not Currently a substitute for a custodian-of-records affidavit. It's a supplemental authentication path.