PROOF OF DELIVERY · FILE FORMAT · 2026

A tamper-proof seal
for delivery photos.

.prfd turns a JPEG into evidence. Cryptographically sealed at capture, fraud-checked before signing, verifiable anywhere.

Request a demo See how it works →
The Problem

Every delivery photo today is just a JPEG.

Trivially forgeable. Trivially swappable. And since 2024, trivially AI-alterable — fifteen seconds in Photoshop or Stable Diffusion turns an intact box into a "damaged" refund claim.

$0
Retail refund fraud annually, growing fast as AI editing cheapens.
0%
Of last-mile shipments end up in some form of delivery dispute.
$0
Manual review cost per disputed claim — plus the refunded item.
~0 sec
To edit a JPEG's timestamp, GPS, or pixels with free, off-the-shelf software.
The Idea

It's a tamper-proof seal, built into the file.

Like a notarized stamp — but produced at the moment of capture and welded to the file itself. The seal contains the photo, the time, the place, the device, and a fraud verdict. Touch any of them and the seal visibly breaks.

VERIFIED
How It Works

Four steps. Invisible to the driver. Decisive in a dispute.

STEP 01

Capture

The driver opens the delivery app and takes a photo. Location, time of capture, and device fingerprint are bundled with the image.

STEP 02

Seal

The bundle is transmitted to our cryptographic infrastructure and sealed in real time. The signing key lives in a hardware security module and never touches the driver's device.

STEP 03

Deliver

A complete .prfd file is returned to the carrier's system. The original photo bytes are preserved exactly — no compression, no rewriting, no metadata loss.

STEP 04

Verify

Anyone with the public verification key can confirm a .prfd file's integrity in milliseconds. Customers, insurers, auditors, and dispute platforms all see the same answer.

Try It

The fraud score lives inside the seal.

Competitors store fraud scores in some database — quietly editable later. We weld the score to the file. Click below to try to tamper.

delivery_AB12CD34.prfd
📦 delivery_AB12CD34.prfd 2.4 MB
photo.hashsha256:0x9a3f…b1e4
captured2026-05-08 12:34:55Z
deviceiPhone 15 Pro
location37.7749, -122.4194
fraud.score0.04 / verdict: ok
SEAL VALID
Click any of these — the seal breaks instantly, with the exact reason.
Attacker Math

The hack defeats itself.

The verdict, the photo, and the metadata are welded into one signature. Touching anything inside the file is what voids it — a successful tamper produces a worthless artifact that fails verification the instant anyone checks. There is no edit that helps the attacker.

01 — VERDICT

The verdict can't be rewritten

The fraud verdict is part of the signed manifest, not a record looked up later. Flip "fraud" to "clean" and the signature dies with the edit — there is no path to a file that's both rewritten and valid.

02 — PIXELS

Every byte is hashed

Swap one pixel and the photo hash mismatches the manifest. We don't need to see the original to know it was altered — the math says so in milliseconds.

03 — VERIFICATION

The proof is in the file

Every .prfd carries its own proof. A verifier checks the file against our public key and gets a definitive yes or no in milliseconds. To forge one, an attacker would have to break the cryptography itself.

The Moat

Five things competitors can't easily copy.

A .prfd binds the photo, its location, and a server-anchored timestamp into one cryptographic seal. Any byte change breaks it. Before sealing, a proprietary forensic stack analyzes each capture for signs of staging, substitution, or manipulation. The result verifies in milliseconds, anywhere.

01 — MOST DURABLE

We own the file format

Like JPEG for photos or PDF for documents, .prfd is a wire format we authored. MIME type, file signature, spec — ours. Owning a format is the playbook that built Adobe. Anyone can read it; the spec authority is the company.

02

Trust anchor

Every .prfd file in the wild points back to our public key. Network-effect asset.

03

One-time-ticket attestation

Refusing imports at the format level — before the camera opens — beats every after-the-fact heuristic.

04

Welded fraud verdict

The score is inside the seal. Editing it breaks the signature. Hard to walk back once standard.

05

Packaged contract

One file, one verification call. Competitors stitch together five services.

Who Pays

Where unverifiable photos cost real money.

Last-mile carriers
Stop paying for fraud you can't disprove.
Item-not-received claims, driver theft, and chargeback losses share one root cause: photo evidence no one can defend. Verified capture closes the loophole without changing how drivers work.
PER-SIGNATURE · PER-DRIVER/MO
Retailers & e-commerce
Stop paying out on staged return photos.
Customer-submitted return photos are trivial to fake — wrong items, pre-existing damage, recycled shots from other shipments. A .prfd sealed in your return flow ends the ambiguity. Every refund claim comes with evidence anyone can verify.
PER-ANALYSIS · PER-SIGNATURE
Insurance carriers
Underwrite delivery loss with real evidence.
Verified chain-of-custody data lowers loss ratios on cargo and shipment policies. Premiums fall when proof improves. The math reaches every line of the book.
ENTERPRISE LICENSE
Specialty logistics
Medical, legal, regulated, high-value.
Where each delivery is worth thousands and disputes are catastrophic, a cryptographic seal is no longer optional. Compliance, regulators, and customers all expect it.
ENTERPRISE LICENSE
Why It Matters

The math is straightforward.

0 / 6 Click each row →
resolved by .prfd
Item-not-received disputes
Verifiable photo evidence carriers can defend
Return-fraud refunds
Customer-side photos cryptographically sealed at capture
Driver fraud (staged photos)
Eliminated by location + sandboxed in-app capture
"Arrived damaged" claims
Server-anchored timestamp + sandbox blocks substitution
Chargeback losses
Stronger evidence raises dispute win rate on both sides
Customer service cost
Disputes resolve in one verified link, not five emails
Where We Are

Built. Tested. Spec-ready.

Format + signing service
Reference implementation in Python. Documented REST API.
Fraud analyzer (deterministic)
Catches the lazy 90% of fakes out of the box.
Public-ready spec
Publishable on day one of standards-body conversations.
Offline verifier library
Any third party can validate with a pinned public key.
Adaptive ML detection
Layered on top of the deterministic analyzer. Trained against current manipulation patterns and refreshed as the field evolves.
Mobile SDK — next build
Server is done. iOS/Android camera surface is next.
What's Next

The mobile SDK.

Server is built. Format is locked. Spec is publishable. The next build turns a verifiable file format into a camera you put in a driver's hands.

Apple App Attest and Google Play Integrity do the heavy lifting. We ship the surface on top.

EVERYTHING ELSE IS DONE.
.prfd · proof of delivery

Proof of delivery,
sealed at capture.

A new file format. A new evidence standard. We're working with select retailers, carriers, insurers, and return-management platforms on early deployments. If verified evidence — on either side of the transaction — would change your numbers, let's talk.

TAMPER-EVIDENT OFFLINE VERIFIABLE SPEC v1.0