Every legal and compliance team knows the nightmare. A contract is disputed eighteen months after signing. An auditor asks whether a policy was really in place before an incident. A regulator wants proof that a disclosure existed in its exact form on the filing date. Someone asks the question that sinks cases and careers: how do you know this file has not been altered.

Today the honest answer is usually some combination of email threads, document management system version history, and trust. That is not proof. That is paperwork.

Document Anchor replaces that trust with math.

Document Anchor binds a document's SHA-256 hash to a UTC timestamp and your organization's cryptographic identity, then writes that record to append-only storage signed with an Ed25519 key. The result is a tamper-evident, independently verifiable proof that a specific document existed in its exact byte-for-byte form at a specific moment — attributable to your organization, and verifiable by any third party without ever contacting Invoance.

It is, effectively, digital notarization for the era of programmable infrastructure.

Document Anchor is hash-first by design. You compute a SHA-256 hash locally and submit it to Invoance, and the cryptographic proof is built entirely from that hash, a UTC timestamp, and your organization's Ed25519 signature. If you never want the document itself to leave your infrastructure, you do not have to send it.

For workflows where the proof is only half the story — and you want the artifact itself preserved alongside the anchor for retrieval — Document Anchor optionally lets you store the original document bytes with Invoance, bound to the same anchor record. One call, one source of truth, one place to retrieve from years later.

You pick the mode per document, per workflow, or per tenant. Hash-only mode keeps everything in your environment and is ideal for privileged material or anything your data residency policy will not let you hand to a vendor. Hash plus stored bytes preserves the document alongside the anchor for long-term retrieval and is ideal for contracts, filings, and evidence you want to produce on demand. The cryptographic guarantee is identical in both modes.

You compute a SHA-256 hash of the document locally. You POST to /v1/document/anchor with the hash, a filename, a human-readable reference, and any metadata you want bound to the record — department, version, signers, matter number, cost center.

Invoance records the ingestion timestamp in UTC to microsecond precision, checks for duplicates under your tenant, signs the payload with your organization's Ed25519 key, and writes the record to append-only PostgreSQL storage. No updates. No deletes. Ever.

You receive a public verification URL. Any third party — opposing counsel, an auditor, a regulator, a court-appointed expert — can use it to verify the anchor without authentication and without calling us. The proof does not depend on Invoance being around, responsive, or trusted. Verification is a cryptographic operation, not a customer support ticket.

Business Email Compromise usually ends the same way. A spoofed or hijacked inbox sends a revised invoice, wire instructions, or contract addendum, and someone pays or signs against a document that was never the real one.

Document Anchor breaks that chain. If every legitimate invoice, MSA, and banking instruction is anchored at issuance, the recipient can verify in seconds that the file they just received matches the hash your organization anchored — and reject anything that does not. The attacker can forge the email. They cannot forge a cryptographic anchor signed by your Ed25519 key.

Pair it with a simple rule — no wire, no countersignature, no payment on an un-anchored document — and the entire BEC playbook loses its payload. The unlock is publishing a verification convention so counterparties are trained to check: anchor URL in the email footer of every outbound invoice, anchor hash in the contract's signature block, verification link in your statement of work template.

Contract integrity. Anchor the executed PDF at signing. When a counterparty later produces a copy with a different indemnity clause, you have math on your side, not memory.

Regulatory filings and disclosures. Prove the exact document submitted on the exact date, independent of the regulator's own systems.

Policies and procedures. Demonstrate which version of a policy was in force on the day of an incident — critical for employment, safety, and data-protection investigations.

Board minutes and resolutions. Tamper-evident records that survive changes in corporate secretary, counsel, or platform.

Audit evidence and workpapers. Give external auditors independently verifiable integrity proofs instead of "trust our DMS."

Chain-of-custody for investigations. Anchor evidence artifacts as they are collected, not months later when someone asks. If you have ever written the words "to the best of our knowledge, this document has not been altered" in a sworn statement, this is for you.

Document management systems were built to organize files, not to prove them. Version histories can be edited by administrators. Metadata can be rewritten. Timestamps from the same system that stores the document are, in a rigorous sense, not independent evidence at all.

Courts, regulators, and auditors are getting sharper about this. The bar for "integrity" is moving from "our DMS says so" to "here is a cryptographic proof anyone can verify." Document Anchor puts you on the right side of that line before you need to be.

Your documents should not need your trust. They should carry their own proof.