Certify your photos in the simplest way.

Since 2016, CertiPhoto is the industry-leading mobile application to authenticate pictures taken with your smartphone.

Certiphoto mobile app photo proof

The mobile digital evidence

Originally developed as part of forensics court-expert activities, CertiPhoto can date a photo securely and ensure that it has not been tampered with since the shot was taken. CertiPhoto hence gives probative value to your photographs by establishing a digital evidence of a visual situation, in a particular place, at a particular time.

Each picture you take is encrypted, geolocated, stored on a secure remote server and then sent in a signed email to the user along with a certificate. This certificate is an unfalsifiable PDF document, signed and timestamped by a trusted authority, and has legal value in EU countries.

Photo proof for building permit

Take a picture

Take a shot easily as you would with any smartphone, and add a comment to your photo if you want or need to.

Geolocate

The app geolocates your picture in seconds by GPS. You can also certify a non-geolocated picture if no GPS signal is found.

Certify

Confirm your choices, send the picture and... that's all! You'll get the picture certificate by email in a few seconds.
Take a shot, geolocate, certify

Digital picture certificate

Each certificate is self-contained, which means all cryptographic data are embedded to be checked with no limit in time. There is no dependency whatsoever with an external entity which could potentially be corrupted, as a Blockchain for instance.

More than just a PDF document

When it comes to documents management, PDF/A ISO standard has established itself worldwide since its launch in 2005. It is platform independent and designed to achieve long-term archiving of electronic documents.

  • QR-code validation(1)

    By flashing this code, you can instantly get an attestation of conformity containing the picture details, at any time.
  • Electronic signature and secure timestamp(2)

    This inset provides access to the signature properties of the document, including information from the trusted third party that provided the secure timestamp. All certificates used are embedded in the document.
  • Picture data(3)

    Data related to the picture are recorded in this paragraph along with a cyphered security chain. They are included in the EXIF metadata as well.
  • User data(4)

    The distinctive details of the device which took the picture, as well as the identity of its author, are captured here.
Digital certificate PDF file

Secured process

CertiPhoto uses advanced banking-level measures to build a secure channel between your smartphone and the certification servers.

DigiCert
Comodo Cybersecurity
GlobalSign
Symantec

Unfalsifiable digital picture certificate

PDF/A-3B document format

Electronic signature

PAdES-LTV compliant prescribed by ETSI TS-102-778 technical specs

Trusted secure timestamp

RFC 3161 timestamp provided by DigiCert, Symantec or GlobalSign (with optional eIDAS qualification)

Protected from fake geolocations

Multiple cross-linked control layers

Certiphoto secured process features

Instant email delivery

With unique identifier and permanent link to the certified picture

Pictures storage

From 2 to 5 years in a PCI DSS private cloud, replicated over 3 different sites

Share link and QR-code check

Unique URL and validation features at any time

Machine learning inspection

Experimental fake detection by ELA (Error Level Analysis) and NLE (Noise Level Estimation)

A trustworthy app

Strict privacy policy, on-demand technical support and on-demand features

No ads

The interface does not disturb your user experience with advertising, and your personal data will never be exploited by third parties or for commercial purposes.

24/7 support

Depending on your requirements, CertiPhoto can provide technical support by e-mail and/or phone, as well as several service level agreements.

Scalable REST API

CertiPhoto is a complete information system with a proprietary storage cloud, a powerful API and multiple database management user interfaces.

Business solutions

Thanks to its modular design, the app can easily and securely interface with your company's information system.

You also can order and drive a private certification instance running your own certificates (software or HSM based).

Professional application for companies

They use CertiPhoto

Users

900.000+

Certified pictures every day

3.500+

Certified pictures since 2016

12.000.000+

Note

4.8/5

Pricing

Three solutions to meet your needs.
Non-binding offers, no expiration date, no hidden fees.

Free!

Up to 5 monthly pictures

  • Refilled every 1st of month
    (see conditions in the Terms of Service)
  • 2 years private storage cloud
  • 100% free for legal experts

Mainstream

In-app billing

  • 10 to 50 pictures packs
  • From 3.99 to 14.99€
  • 2 years private storage cloud

Advanced

Professional use

  • 100 to 10.000 pictures packs
  • €0.59 inc. VAT/picture
  • Optional eIDAS qualification (+ €0.20)
  • Access to API and management interface
  • Credits/users company-level management
  • Automatic billing
  • 5 years private storage cloud

About the author

Pascal Eric Mayani is a State graduated engineer specialized in IT security, and a legal forensics expert to the Court.

FAQ

When you click on 'Take a photo', the app performs multiple integrity checks on your phone and communicates them to the CertiPhoto information system. All data collected before, during and after the shot are encrypted several times per second, compiled at the time of sending, and finally verified upon receipt by the certification servers.

When all these steps are validated, the photo is formatted in a PDF document which will then be signed and timestamped, and finally sent to the user.
Yes. CertiPhoto produces documents with high probative value, at least in the French and European Courts. They are time stamped, electronically signed and strictly impossible to tamper with.

According to the Directive 1999/93/EC of the European Parliament, the electronic signature [must be] uniquely linked to the signatory, be capable of identifying the signatory, be created using means that signatories can maintain under their sole control, be linked to the electronic document to be authenticated. This is to ensure that any subsequent change in that document is detectable.
You just have to send a paper print of the certificates along with the original files on a USB key, so that the judge will be able to check the cryptographic information contained in the PDF documents.
Certificates are LTV-compliant (Long Term Validation) and include all cryptographic data necessary for their verification with no limit in time.

Their lifetime on CertiPhoto cloud, and therefore the possibility of viewing them online, is at least 2 years after the shot was taken.
Every evidence can be challenged about its probative value, whether it's a digital certificate or a bailiff's report. In such a case, CertiPhoto's source code and activity logs are designed to be audited as part of a forensic examination, under terms of a non-disclosure agreement.
Absolutely not. Pictures are timestamped by a secure trusted authority such as DigiCert or GlobalSign, which are among the most important certification services in the world. This is a verifiable and irrefutable mathematical link between your photo and the precise moment it was taken.
In individual mode, you manage your own credits and can acquire new ones directly from the Play Store or the App Store. This is the default mode.

In professional mode, your account is linked to a company that shares its credits with you. This allows a manager, designated as administrator, to manage the credits at the company level in a single operation.

An individual user can join a company at any time from the My account/Company mode menu by entering a unique 8-character code. Optionally, it is also possible to automatically link an account during its creation based on the e-mail address.

The professional mode also gives access to a board which allows you to manage the whole company's photos.
The CertiPhoto IT infrastructure is 100% GDPR compliant and is hosted in French data centers. Databases are replicated over three different sites and collected data are protected with multi-factor authentication.

These information are sealed by daily checksums to ensure their integrity according to a process inspired by the NF Z42-013 French norm. They will never be disclosed to any third parties, except with prior agreement from the user or upon a judicial authority's request.

You have a right to view and control your personal data and may at any time require their consultation or destruction.
No. CertiPhoto constantly communicates with its backend to check how your device is operating when you take a picture. The same goes for geolocation, which combines data from multiple sources for maximum accuracy and reliability.
No. The certification must apply an electronic signature and a secure timestamp when the picture is shot. Otherwise, there will be no way to prove that the picture has not been tempered with in the meantime or that it was taken on a specific date.
This forgery technique consists in distorting the reality in front of the camera lens. It is known in forensics science as "rebroadcasting" and exists since the invention of photography.

CertiPhoto can not detect in real time if you are misleading it. And no computer system is able to do so with an acceptable error rate at the current state of technology.

What we can do though, is to collect enough information at shot time to correlate them manually if a certificate is disputed. It will then be possible to demonstrate with a high probability whether the photo was falsified, but this can only occurs ex-post.

If there is still a doubt, a further analysis will be carried out using forensic investigation tools like Amped Authenticate. If it appears that the picture has been forged, the corresponding certificate will be immediately revocated.

Note that any user can dispute a photo from the share link or the thumbnail embedded in the certificate.

Important: if you fool the application to submit in court a certificate stating inaccurate facts, you are committing an offense which is liable to imprisonment for one year and a 15,000 euros fine (art. 441-7 of the French Criminal Code).
API stands for Application Programming Interface. It's a tool intended to interact with CertiPhoto's databases outside the app. This allows for instance to recover, in a single command line or via a web browser, photos taken by a particular phone, or at a specific location, or between defined dates.

The sorting possibilities are very wide and can be adapted to your needs. These advanced features are particularly useful in the professional area, because they allow a company to overcome the computer management of certified photos.
The app is designed for bilingual French/English use. Other languages may be added in the future depending on demand.
Frequently Asked Questions about CertiPhoto

Support

Business questions, technical issue to report, or just want to share your user experience?