Security Architecture
Security Philosophy
TimeProof’s security is built on a principle: minimize what you need to trust. Instead of asking you to trust TimeProof’s servers, the system is designed so that the most critical data — your timestamp proofs — lives on a decentralized blockchain that no one controls.
This is defense in depth. Even if one layer is compromised, the layers beneath it protect your data.
Layer 1: Blockchain Immutability
The foundation of TimeProof’s security is the Polygon blockchain:
| Property | What It Means |
|---|---|
| Immutable | Once written, data cannot be changed or deleted |
| Decentralized | No single entity controls the network |
| Transparent | Anyone can read and verify the data |
| Consensus-protected | Changes require agreement from thousands of validators |
When a hash is anchored on the blockchain, it’s permanent. TimeProof cannot modify it. A hacker cannot modify it. A court order cannot modify it. The data is protected by the same consensus mechanism that secures billions of dollars in cryptocurrency.
Smart Contract Design
The TimeProof smart contract is intentionally minimal:
- Single purpose: Accept a hash, record it with a timestamp
- No admin functions that could override or delete data
- No upgrade proxy — the contract is deployed once and cannot be changed
- Verifiable source — the contract code may be published on Polygonscan
A simpler contract is a more secure contract. Every line of code is a potential vulnerability. By keeping the contract minimal, the attack surface is as small as possible.
Layer 2: Client-Side Hashing
Your files never leave your machine. This eliminates entire categories of security risks:
| Risk | Eliminated? | How |
|---|---|---|
| File interception in transit | ✅ | Files aren’t transmitted |
| Server-side data breach exposing files | ✅ | Server never has files |
| Insider threat (employee access) | ✅ | No files to access |
| Legal subpoena for file contents | ✅ | TimeProof doesn’t have them |
| Storage encryption failures | ✅ | No file storage exists |
The SHA-256 hash is computed in your browser using the Web Crypto API — a hardware-accelerated cryptographic implementation built into modern browsers. The hash is the only data sent to TimeProof.
Layer 3: Wallet-Based Authentication
TimeProof uses Sign-In with Ethereum (SIWE) instead of passwords:
| Feature | Traditional Auth | TimeProof (SIWE) |
|---|---|---|
| Credential type | Password | Cryptographic signature |
| Server stores | Password hash | Nothing (stateless verification) |
| Phishing risk | High | Low (signature is domain-bound) |
| Credential reuse | Common problem | Not possible (keys are unique) |
| Brute force risk | Depends on password strength | Infeasible (256-bit keys) |
| Recovery | Email reset (attack vector) | Wallet seed phrase (user-controlled) |
With SIWE, there’s no password database to breach. Your private key never leaves your wallet — the server only sees a signature that proves wallet ownership.
Layer 4: Session Security
After authentication, sessions are protected by:
| Protection | Implementation |
|---|---|
| HTTP-only cookies | JavaScript cannot access the session token (XSS protection) |
| Secure flag | Cookie transmitted only over HTTPS (production) |
| SameSite: Strict | Cookie not sent with cross-origin requests (CSRF protection) |
| Server-side sessions | Session state stored server-side, only an opaque ID in the cookie |
| Session expiration | Automatic timeout after inactivity |
Why Not JWTs?
Some APIs use JSON Web Tokens (JWTs) stored in localStorage. TimeProof uses server-side sessions instead because:
- JWTs in localStorage are vulnerable to XSS attacks
- JWTs cannot be revoked once issued
- Server-side sessions can be immediately invalidated on sign-out
- HTTP-only cookies are inaccessible to JavaScript
Layer 5: Data Protection
Database Security
- Encryption at rest — database storage is encrypted
- Regular backups — automated backup schedule with point-in-time recovery
- Principle of least privilege — database access restricted to necessary services
- Input validation — all API inputs validated and sanitized
Payment Security
- Stripe handles payments — credit card data never touches TimeProof’s servers
- Webhook verification — Stripe webhooks verified via cryptographic signatures
- No financial data stored — only Stripe session references, not card numbers
Identity Verification
- Stripe Identity handles verification — ID documents processed by Stripe, not TimeProof
- Minimal data — TimeProof receives verification status, not identity documents
- JWS attestation — identity proof is cryptographically signed, self-verifiable
Layer 6: Network Layer Security
| Measure | Purpose |
|---|---|
| HTTPS everywhere | Encrypts all client-server communication |
| Rate limiting | Prevents abuse and denial-of-service attacks |
| CORS policy | Restricts which domains can call the API |
| Input sanitization | Prevents injection attacks (SQL, XSS, etc.) |
| Content Security Policy | Restricts what resources the browser can load |
Threat Model
| Threat | Mitigation | Impact If Breached |
|---|---|---|
| Server compromise | Database encryption, backups, blockchain immutability | Account data exposure; timestamps remain safe on blockchain |
| Man-in-the-middle | HTTPS, certificate pinning | Cannot intercept because all traffic encrypted |
| XSS attack | HTTP-only cookies, CSP, input sanitization | Cannot steal sessions or inject scripts |
| CSRF attack | SameSite cookies, origin checking | Cannot forge requests from other sites |
| Blockchain attack | Polygon’s consensus mechanism (thousands of validators) | Practically impossible for historical data |
| File exposure | Client-side hashing (files never transmitted) | Cannot expose what was never received |
What You Should Do
TimeProof’s architecture handles most security concerns, but you can strengthen your security:
- Protect your wallet seed phrase — never share it, store it offline
- Use a hardware wallet for high-value timestamps (Ledger, Trezor)
- Download and back up certificates — don’t rely solely on the dashboard
- Sign out on shared devices — terminate your session when done
- Keep your browser updated — security patches protect the client-side hashing
Related Guides
- Privacy and Your Files — privacy protection details
- Open Source Verification — verify without trusting TimeProof
- What Happens If TimeProof Goes Down? — business continuity
- API Authentication — SIWE authentication details
Use the live product for timestamping and verification.
The company site owns the technical reference. The app handles runtime workflows.