·Use case

Litigation evidence preservation.

A litigator preparing to introduce a chain-anchored receipt — or to rebut one offered by opposing counsel — needs to know what the receipt does and doesn’t prove, what the operator can attest to, and how to preserve the artifact so the proof survives to trial. This page describes that workflow honestly: it is not a claim of admissibility.

Frame. Satsignal is one piece of an evidentiary record. Whether a Satsignal receipt is admitted in any specific proceeding is a judgment for the court, on motion, with a qualified witness. This page does not claim self-authentication and does not claim that any court has accepted a receipt of this scheme. It describes what the operator can honestly attest to and how a litigator can preserve the artifact for the record.

01Three foundational questions for a digital record

Authentication, integrity, and preservation.

An offering party of a digital record typically needs to show three things: that the record is what it purports to be, that it hasn’t been altered since creation, and that custody of it can be accounted for. A Satsignal receipt contributes to the middle two by design and to the first via a sworn declaration from a qualified witness. None of the three are answered by the receipt alone.

1

Authentication of the record

The receipt binds a SHA-256 of a specific document to a public-chain transaction at a specific time. What the operator can sworn-attest to is narrow and concrete: the bundle was produced by the system, the SHA-256 matched the bytes the customer submitted, the chain transaction was relayed to a miner. The declaration template below sets out those facts in the form a witness could adopt under oath; admission of the underlying record still rests on FRE 901 / 902 analysis with the court.

Declaration template →

2

Integrity since the anchor moment

This is the property the receipt is designed to give. Re-hashing the document and walking the bundle’s cryptographic path to a transaction that’s been confirmed by independent miners shows the bytes haven’t changed since that block. A reviewer verifies this in any browser against any public block explorer — no Satsignal account, no platform trust.

In-browser verifier →

3

Preservation of the artifact

The chain transaction is durable independent of Satsignal. The .mbnt bundle and (for standard mode) the canonical document on the operator’s server are not. For sealed mode the server copy auto-deletes after the receipt’s retention TTL (default 7 days, max 30); the customer must self-preserve. The preservation recipe below sets out the four artifacts a litigator should hold.

Retention →

None of the three answer the harder questions the court will also ask — whether the underlying document is what it purports to be, whether the witness offering it has personal knowledge of its origin, whether any other rule of evidence bars its admission. Those need their own foundation. The receipt’s contribution is narrower: when those answers exist, it makes one byte-level property externally checkable.

02Where the structural properties matter

Three scenarios where the receipt’s shape changes the case.

Plenty of digital-evidence questions are answered adequately by routine business-records testimony or vendor logs. The Satsignal receipt has structural properties that matter most in a narrower set of scenarios — not because alternative timestamping mechanisms fail there, but because the public-chain anchor changes who has to be trusted.

Multi-party adversarial verification. When two or more parties to a dispute do not trust each other’s record-keeping — subrogation between insurer, insured, and a third-party actor; counterparty disputes in finance; contested chain-of-custody between forensic vendors — the receipt is verifiable by every party independently against the same public chain. No party has to rely on a counterparty’s vendor relationship to confirm the bytes existed at the moment claimed.
Pre-incident commitment proof. “We had this document before the dispute arose” is a recurring sub-question: incident-response playbooks, internal policies, pricing sheets, agent operating policies. A policy_snapshot or commitment receipt anchors the bytes to a chain timestamp predating the dispute, settled in a block whose mining was outside the offering party’s control. The point isn’t that alternative timestamps are unreliable; it’s that this one doesn’t require the court to weigh the offering party’s vendor relationships at all.
Privileged or trade-secret material. Manifest mode lets the operator never see the underlying documents — the customer hashes each item locally, sends only the leaf hashes, and discloses one item at a time later by sharing the inclusion path. Sealed-mode anchors take the same shape one step further: the operator never sees the canonical document either, only the commitment to a salted hash. For privileged communications, expert work product, or trade-secret evidence, the structural property is that no Satsignal staff is in a position to be a third-party witness, voluntary or compelled, to the document’s content.

The chain itself is operated by independent miners with no relationship to Satsignal. The security posture page covers what the operator keeps and what it doesn’t; the privacy page sets out the retention windows by mode and what the operator can and cannot produce in response to legal process.

03Preservation recipe

Four artifacts to hold for the record.

The chain transaction is durable; everything else is the litigator’s problem. The recipe is short. Once preserved, the four artifacts together let any qualified witness reproduce the verification end-to-end at trial.

# 1. Save the .mbnt bundle. This is the primary preservation
#    artifact. It contains the canonical document hash, the
#    Merkle path (if applicable), the chain transaction reference,
#    and the operator's signed metadata. Treat as you would any
#    other digital exhibit: hash it, log it, store it on
#    write-once or version-controlled media.
curl -O "https://app.satsignal.cloud/r/<bundle_id>.mbnt"
sha256sum <bundle_id>.mbnt   > bundle.sha256.txt

# 2. Save the canonical document the bundle commits to. For
#    standard-mode anchors this is the file the customer submitted.
#    For sealed-mode anchors it's the customer-held document plus
#    the salt printed on the receipt; the operator does not have it.
#    Either way the offering party must produce these bytes at trial
#    or there is nothing for the receipt to bind to.
sha256sum <canonical_document> > document.sha256.txt

# 3. Note the chain transaction. The bundle carries the txid; record
#    it independently against any public BSV block explorer. Print
#    the explorer view as exhibited evidence; the operator's site
#    is a convenience, not a system of record.
TXID=$(jq -r .anchor.txid bundle.json)
echo "https://whatsonchain.com/tx/$TXID" > chain_reference.txt

# 4. Verify end-to-end yourself, before depositions, and again
#    before trial. The verifier walks the same path a court-appointed
#    witness will walk. Print the result.
curl -O "https://proof.satsignal.cloud/verify"
# (or use the JSON endpoint at proof.satsignal.cloud/verify_json)

# 5. Adapt the declaration template below with your qualified
#    witness (the operator, the customer's IT custodian, or both
#    depending on your authentication theory). Filed as a
#    declaration in support; the court does the FRE 901/902
#    analysis on motion.

The bundle and the document together let any third party reproduce the verification independently. The bundle alone proves a hash was anchored at a moment but not which document — the canonical bytes are load-bearing.

04Declaration template

A starting point for a qualified-witness declaration.

The text below is a template, not a form. Counsel must adapt it to the case, the jurisdiction, the rules of evidence in force, and the witness actually offered. The Satsignal operator can sworn-attest to the system facts in paragraphs 4–6; the customer’s custodian typically attests to paragraphs 1–3 (the document and how it was held). Both attestations are usually needed.

DECLARATION OF [WITNESS NAME] IN SUPPORT OF AUTHENTICATION OF
EXHIBIT [N]

I, [witness name], declare under penalty of perjury under the
laws of [jurisdiction]:

1. I am [title] at [organization]. I make this declaration based
   on personal knowledge and on the records of [organization]
   maintained in the regular course of business. If called as a
   witness, I could and would competently testify to the matters
   set forth below.

2. Exhibit [N] is a true and correct copy of [describe document]
   ("the Document"). The Document was [created / received / held]
   by [organization] on or about [date], in the regular course of
   business, by a person with knowledge of the events recorded.

3. On [anchor date], [organization] caused the Document to be
   submitted to the Satsignal anchoring service operated at
   satsignal.cloud, which produced a receipt bundle identified
   below ("the Bundle"). The bytes of the Document submitted at
   that time were preserved by [organization] and are byte-for-byte
   identical to the bytes of Exhibit [N].

4. [Operator-witness paragraph.] Satsignal is an anchoring
   service that, for each submission, computes a SHA-256 digest of
   the canonical document or commitment, embeds that digest in a
   structured bundle ("the .mbnt bundle"), and broadcasts a
   transaction containing a derived 20-byte commitment to the
   public Bitcoin SV blockchain. The system documentation is
   published at satsignal.cloud/spec-mbnt and at satsignal.cloud
   /docs.html and is incorporated herein by reference.

5. [Operator-witness paragraph.] On [anchor date] at
   approximately [UTC time], the Satsignal system received a
   submission from the account of [customer organization],
   computed the SHA-256 digest [hex digest], produced bundle
   [bundle id], and broadcast transaction [txid] to the BSV
   network. The transaction was confirmed in block [height] mined
   by [miner pool name as reported by the chain]. A copy of the
   bundle as produced by the system is attached as Exhibit [M].

6. [Operator-witness paragraph.] The SHA-256 digest in
   paragraph 5 above is computable directly from the bytes of the
   canonical document or commitment submitted; no Satsignal
   software, account, or service is required to reproduce it. Any
   reviewer with the bytes of the document and a SHA-256
   implementation can confirm the digest matches; any reviewer
   with the bundle, the document, and access to a public BSV
   block explorer can confirm the chain transaction matches the
   bundle.

7. I declare under penalty of perjury that the foregoing is true
   and correct.

Executed on [date] at [city, state/country].

_________________________________
[Witness signature]
[Printed name, title]

This template makes no representation that any specific court will admit the receipt on this declaration, that the declaration alone satisfies any specific authentication rule, or that prior practice supports its use. Counsel must make their own admissibility judgment with the witness and the record in front of them.

The operator-witness paragraphs (4–6) describe facts Satsignal can verify from internal records: the SHA-256 was computed on the submitted bytes, the bundle was generated by the system, the transaction was relayed. Mail hello@satsignal.cloud with the bundle ID and a description of the proceeding to arrange a witness declaration. We respond to legitimate counsel inquiries; we cannot and do not attest to facts outside our own system records.

05What this page does not say

Honest limits before any court.

Nothing on this page is legal advice and Satsignal is not a forensic-evidence service. Specifically:

  • No claim of self-authentication. The receipt is not a substitute for the FRE 901 / 902 analysis any court will run on motion. The operator’s declaration sets out facts a witness can attest to; whether those facts plus the rest of the offering party’s foundation suffice for admission is for the court, not us.
  • No claim of acceptance. Satsignal has not been certified, audited, or accepted as evidence in any specific proceeding to our knowledge. The scheme is novel; admission today realistically requires a qualified witness explaining the cryptography from first principles, and may require expert testimony under the court’s reliability standard for scientific or technical evidence.
  • The operator is a small, independent project. We do not hold institutional accreditation, regulatory status, or industry-body recognition. Counsel should weigh this honestly when choosing whether the receipt is the right tool for the case — for many matters a routine business-records foundation will suffice without involving us at all.
  • Sealed-mode bundles auto-delete from the operator. Per the privacy page, sealed-mode server copies are removed after the retention TTL on the receipt (default 7 days, max 30). The chain transaction persists; the canonical bytes do not, unless the customer has preserved them. For sealed-mode evidence, customer self-preservation is the only path to the canonical document at trial.
  • The receipt is not the document. A receipt confirms that a specific hash was anchored at a specific moment. It does not establish the document is what it purports to be, that the offering party has personal knowledge of its origin, or that any other rule of evidence permits its use. A document that fails routine authentication does not become admissible because it was anchored.
  • Long-term cryptographic durability is not addressed. The receipt depends on SHA-256 being collision-resistant. For matters with long evidentiary tails (decades), counsel should consider whether a mid-tail re-anchor under a future hash function would be appropriate. We have not engineered an automated long-term-validation flow.

What Satsignal supplies is one externally checkable property in the offering party’s evidentiary record: the bytes of a specific document existed at a specific moment, and can be re-verified by any third party with the bundle, the document, and a public block explorer — without trusting Satsignal, the offering party, or any single vendor. That property is genuinely useful in some matters and unnecessary in many. It is not a substitute for any other element of the record.

Working on a matter where this would help? Mail hello@satsignal.cloud — we read every email and prefer concrete fact patterns to abstract pitches.