Whoever controls the record
controls the truth.

Built for courtroom scrutiny. Sealed on your device. Witnessed by three independent timestamp systems. Locked in immutable storage that no one can alter or delete.

Claim a Charter seat
Verify a record →
Hedera Consensus · Live
Bitcoin Timechain · Anchored
RFC 3161 Timestamp · Active
Sealed on your device
Never on ours
The asymmetry
Your AI provider has the record. You don't.
Until now.
The architecture
Sealed on your device before it reaches anyone's servers.
Not a policy. A technical fact.
The proof
Three independent timestamp witnesses. No single point of trust.
Hedera · Bitcoin · RFC 3161 — verifiable on public ledgers
The standard
A record that predates any dispute. Court-ready in one click.
FRE 902(14) · eIDAS · ESIGN Act
Evidentiary
Designed for FRE 902(14)
Regulatory
eIDAS 910/2014 · ESIGN Act · EU AI Act Art. 12
Cryptographic
RFC 3161 · RFC 8032 · FIPS 180-4/202
Architecture
Zero-Knowledge · 256-bit AEAD · Client-Side Encryption
The structural problem

In 2025, courts began disqualifying attorneys — not fining them, disqualifying them — for AI-related misconduct. The common thread: no verifiable record of what the attorney actually asked or verified.

Your AI provider built the tool, holds the record, and controls what a court sees. They are the evidence and the witness simultaneously.

In New York Times Co. v. Microsoft Corp., No. 1:23-cv-11195 (S.D.N.Y.), OpenAI spent two and a half months preparing 20 million user chat logs before producing them under court order — deciding what gets de-identified, what format is used, what context is included, and what is omitted. The professional whose conversations those were had nothing that predated the provider's version. Apostillum gives that ownership back to you — sealed before the preparation window begins.

Without Apostillum

An attorney receives a bar complaint alleging reliance on unverified AI output. She verified every citation manually — but has no record of doing so. Her chat history sits on the provider's servers, unverifiable and outside her control. The careful attorney and the reckless attorney look identical.

With Apostillum

The same attorney exports a sealed record showing her 2:14 PM prompt asking the AI to verify citations, the response, and her follow-up corrections — all sealed with three independent timestamps before the complaint was filed. Her diligence is visible and provable.

A screenshot
  • Can be edited after the fact
  • No proof of when it was taken
  • No chain of custody
  • Easily challenged in court
An Apostillum record
  • Cryptographically sealed at creation
  • Three independent timestamps
  • Full chain-of-custody declaration
  • Designed for FRE 902(14)
How it works

You change nothing about how you work.

It runs silently in the background — a sealed record is created the moment any AI conversation occurs. If you ever need to prove what was said, the record already exists.

01
Use any AI tool normally
ChatGPT, Claude — with Harvey, Gemini, and Copilot on the roadmap. You change nothing about how you work.
02
Captured at the moment of creation
Software running locally seals the conversation the instant it occurs. Nothing leaves your machine in readable form.
03
Encrypted on your device
The plaintext never leaves your machine. We store a locked box whose combination we were never given.
04
Three witnesses confirm the moment
A mathematical fingerprint is sent simultaneously to Hedera, Bitcoin via OpenTimestamps, and an independent RFC 3161 authority — three systems that have never shared infrastructure.
05
Locked in immutable storage
The encrypted blob is written to AWS S3 Object Lock (WORM). Once written, it cannot be deleted or overwritten through any API operation for twenty years — not by AWS, not by Apostillum. The constraint is enforced at the infrastructure level, not by policy.
06
Court-ready in one click
Full conversation, all three timestamp proofs, WORM confirmation, and a plain-English chain of custody written for a judge who has never heard the word blockchain — independently verifiable for twenty years.
Immutable by design

Write once. Read many. Delete never.

Every sealed record is written to Amazon S3 Object Lock in Compliance mode — a configuration where no record can be deleted or overwritten through any API operation before its retention period expires. Not by Apostillum. Not by Amazon Web Services. The lock is enforced at the AWS infrastructure level — there is no API path to override it.

If Apostillum shuts down
Your sealed records survive.
They remain in immutable storage and independently verifiable via public ledgers. Our existence is not required for your records to be valid.
If someone demands deletion
Compliance mode cannot be overridden.
Not by the storage provider, not by the account holder, not by Apostillum. An infrastructure constraint, not a policy.
Twenty-year retention
Every record carries a minimum twenty-year lock.
After twenty years, records can be renewed or released at the account holder's discretion.
AWS S3 Object Lock · Compliance Mode · WORM-compliant storage
The real cost of not having this

The cost of proof is nothing.
The cost of having none is everything.

In 2025, over 200 attorneys faced documented sanctions for AI-related misconduct. Firm policies do not protect you. Records do. At Charter rates, Apostillum costs less than a single court filing fee.

Forensic audit after litigation
$5,000 – $15,000+
Disqualification from a matter
Career event
Malpractice gap for AI use
Uninsured
Apostillum — Metered
$0.50 / seal · no monthly minimum
Apostillum — Standard
$699 / seat / month (billed annually)
Apostillum — Custom
Contact sales
Apostillum — Charter membership
Limited · locked permanently
$299 / seat / month (billed annually)
The compliance clock
August 2, 2026
EU AI Act Article 12 enforcement begins. Your AI audit trail should already exist.

Article 12 requires automatic recording of events over the lifetime of high-risk AI systems, with minimum six-month retention and broader documentation kept for ten years. Fines reach €35 million or 7% of global turnover. In the United States, over 300 judges have issued AI-specific standing orders, and the ABA's Formal Opinion 512 requires competence, confidentiality, and transparency in AI use. The question is not whether documented AI governance will be required — it is whether your records will predate the requirement.

Common questions

What people ask before they start.

"Doesn't ChatGPT already keep my history?"
It does — on their servers, under their control, in a format you cannot authenticate. Our record is yours: encrypted so only you can read it, with cryptographic proof that it hasn't been touched since the moment it was created.
"My malpractice insurance covers this."
The ABA noted in 2025 that no comprehensive AI malpractice coverage currently exists for legal professionals. Insurers are adding sublimits — $500K caps even on $10M policies. And insurance doesn't save your bar license, or stop disqualification.
"I'm careful — I always verify what the AI tells me."
Your carefulness is invisible if you have no record of it. The careful attorney without a record and the reckless attorney without a record look identical to a court.
"What happens to my data? Is it private?"
Conversations are encrypted on your device with a key only you hold. The archive key is split into five Shamir shares (any three can reconstruct), all generated on your device. Apostillum never sees, stores, or transmits any key share — not today, not if we're acquired, not ever. The fingerprint on the blockchain is a hash, not readable content.
"Can't I just screenshot my conversations?"
Screenshots can be edited and carry no proof of when they were taken. What we provide is the chain of custody — the same standard evidence labs use.
"Has this actually been admitted in court?"
Not yet. The architecture is designed to meet the technical requirements of FRE 902(14), eIDAS, and ESIGN, and any qualified examiner can independently verify every record. We invite scrutiny — that is the point.
"What if Apostillum shuts down?"
Your records are encrypted on your device — not ours — and the timestamps live on public blockchains that outlast any company. Your records remain independently verifiable for a minimum of twenty years. No vendor lock-in. The proof stands alone.

We built it so that even we cannot lie.
That is not a feature. That is the product.

If anyone — including us — altered a single record, the cryptographic hash would no longer match the three independent timestamps. The math would catch it before any human could.

Claim a Charter seat Verify a record →