Tamper-evident compliance & audit evidence

Audit trails, evidence, and controlled records that are provably unaltered and independently timestamped — the integrity layer regulators, auditors, and data-integrity frameworks ask for, recorded on a public ledger no one can quietly rewrite.

For compliance, risk, quality, and audit teams.

What a seal proves

Four guarantees, in compliance & audit

Provably unaltered records

A controlled document or audit log is byte-for-byte as captured — any later edit is caught on verification.

Attributable to a signer

Each record is sealed by your organisation's certificate, chaining to a published root — the attribution auditors expect.

Contemporaneous by construction

Every entry is timestamped on Bitcoin and appended to a public, append-only transparency log — an independent “this existed then”.

Verifiable without your systems

An auditor or regulator checks the record and its timestamp against public infrastructure — no access to, or trust in, your internal systems required.

How it works

From your file to a proof anyone can check

The same pipeline every time — the seal and the timestamp travel with the file, so the proof is self-contained.

Your file
Your document or file
Seal
Signed over every byte · PAdES / detached CMS
Anchor
Bitcoin timestamp + public transparency log
Proof page
A permanent /d/… link travels with the file
Anyone verifies
Free, public, offline-capable — for anyone
The proof travels inside the file. Verification stands on the published root, the transparency log, and the Bitcoin ledger — so a court, a bank, or a counterparty can check it independently, forever.
Step by step · the web app

Seal it in the app — no setup

  1. 1

    Sign in as your organisation

    Open app.letsseal.org and sign in. Your organisation gets its own certificate authority for sealing controlled documents.

  2. 2

    Seal controlled documents

    Upload reports and evidence PDFs; each is sealed over the whole file and timestamped, so the record is fixed the moment you capture it.

  3. 3

    Timestamp raw evidence too

    For logs, exports, and forensic files, anchor the file's hash from the CLI — the bytes never leave your machine, only the 32-byte digest.

  4. 4

    Hand auditors the proof

    Give the auditor the proof link or the .ots file. They verify independently, against Bitcoin and the transparency log.

Step by step · the CLI

Automate it from your terminal or CI

The sealbot CLI does the same thing, scriptably — one command per file, straight into your pipeline.

# Seal a controlled document under your org
$ sealbot seal soc2-evidence-2026-q2.pdf --org examples
sealed   soc2-evidence-2026-q2.pdf
  proof  https://letsseal.org/d/3d5f21…9ac0

# Timestamp any evidence file — only its hash leaves the machine
$ sealbot anchor access-log-2026-06.jsonl --publish
anchored access-log-2026-06.jsonl → access-log-2026-06.jsonl.ots
  proof  https://letsseal.org/d/…

# An auditor re-checks the timestamp against Bitcoin, with stock tooling
$ ots verify access-log-2026-06.jsonl.ots
Success! Bitcoin attests existence as of 2026-06-30

Sealing a PDF binds it to your certificate; anchoring a raw file proves existence-and-date without the file ever leaving your machine. Both are recorded in the public transparency log.

See a real proof

A sealed compliance record

The proof page is what you hand an auditor: it shows the record is unaltered, sealed by your organisation, and timestamped on Bitcoin — verifiable without touching your systems.

A real document, sealed under the “Let’s Seal Examples” organisation.

Common documents

What you’ll seal

  • Audit trails
  • Evidence records
  • SOC / ISO evidence
  • Data-integrity records (ALCOA+)
  • Retention records
  • Incident logs
Questions

Straight answers

Does this satisfy ALCOA+ / data-integrity requirements?
It delivers the integrity and contemporaneous-record pillars cryptographically: each record is attributable to a signer, provably unaltered, and independently timestamped on a public ledger. It complements your quality system; it doesn't replace it.
Can an auditor verify without access to our systems?
Yes — that's the point. They verify the seal and the Bitcoin timestamp against public infrastructure, so the evidence stands even if your systems are unavailable.
What about records we must keep for years?
The seal and the Bitcoin anchor outlive any single vendor. A record sealed today stays verifiable indefinitely, by anyone, with standard tools.
Do sensitive files have to be uploaded?
No. For raw evidence you can anchor just the SHA-256 — the file never leaves your machine, only its 32-byte digest, and the timestamp still verifies against Bitcoin.

Start sealing compliance & audit documents

Free and open. Seal in the app, automate from the CLI, and hand anyone a proof they can verify themselves.