Hash locally → timestamp & sign via API → verify publicly. No content ever leaves your device.
We only compute a hash in your browser. The file is never uploaded.