How Cryptographic Proof Protects Your Records

What Is Cryptographic Proof?

When we say your records have "cryptographic proof," we mean that mathematics — not trust — guarantees their integrity. You don't need to take our word for it that your data hasn't been tampered with. Anyone can verify it independently.

This matters enormously for tax residency documentation, where the question isn't just "where were you?" but "can you prove it?"

The Hash Chain

At the heart of Borderly's integrity system is a SHA-256 hash chain. Here's how it works:

1. When you record a day, the app creates a digital fingerprint (hash) of that record — your location, timestamp, and other data
2. That hash is combined with the hash of your previous record to create a new linked hash
3. This process repeats for every record, creating a chain where each link depends on every link before it

The result is that you can't change any single record without breaking the chain. If someone altered your location on March 15th, the hash for that record would change — which would change the hash for March 16th, and every record after it. The tampering would be immediately and mathematically detectable.

RFC 3161 Timestamps

A hash chain proves that records haven't been modified, but how do you prove when they were created? That's where RFC 3161 trusted timestamps come in.

RFC 3161 is an internet standard for proving that a piece of data existed at a specific point in time. Here's the process:

1. Borderly sends the hash of your record to DigiCert, a globally trusted certificate authority
2. DigiCert signs the hash with their private key and a precise timestamp
3. The signed timestamp token is stored with your record

Because DigiCert's signing key is trusted worldwide (they're the same CA used by the U.S. Department of Defense), anyone can verify that your record existed at the stated time. Borderly can't backdate records, and neither can anyone else.

Blockchain Anchoring

For users on the Certify tier, Borderly adds a third layer of proof: blockchain anchoring.

Periodically, a Merkle root — a single hash that summarizes a batch of your records — is written to the Polygon blockchain. Once it's on-chain, it's permanent and publicly verifiable:

• The transaction is visible to anyone on the blockchain
• It can't be modified or deleted by any party, including Borderly
• It provides an independent, immutable timestamp that doesn't depend on any single company's infrastructure

Think of it as a notary public that never sleeps, never loses records, and can't be pressured to change them.

Why This Matters for Tax Residency

Tax residency disputes often come down to credibility. When you present evidence to a tax authority, they're evaluating not just what the evidence says, but how trustworthy it is.

A spreadsheet says "I was in Florida on March 15th." A cryptographically proven record says "I was at these GPS coordinates on March 15th, and here's mathematical proof that this record was created on that date and hasn't been modified since."

The difference in evidentiary weight is significant.

Public Verification

One of the most powerful aspects of cryptographic proof is that it's independently verifiable. You don't need to trust Borderly — or anyone else — to confirm that your records are intact.

Borderly's public verification tool allows anyone (your attorney, a tax authority, an auditor) to independently verify the integrity of your records using the same cryptographic methods described above. No account required.