ScriptShield logoScriptShield
Partnerships & Enterprise

The authorship layer
for the tools people write in.

ScriptShield turns any text into a cryptographically verifiable authorship record — SHA-256 hashing anchored by an RFC 3161 trusted timestamp. Platforms can embed it, teams can deploy it, and IP professionals can verify it independently. This page is for partners, enterprises, and legal teams evaluating that.

Start a conversationDeveloper API

Platform integrations

Billions of documents are written every year in design tools, word processors, and commerce platforms — and almost none of that text carries any authorship record. The content-provenance standards being built today (C2PA / Content Credentials) cover images well, but not unstructured text. ScriptShield fills exactly that gap, and slots in as a marketplace app or embedded widget rather than a migration.

Design platforms (e.g. Canva)

Every presentation and doc contains a script. Add an “authorship certificate” for written and AI-assisted content, with a verification badge placed directly in the design.

Word processors (e.g. Microsoft Word)

A “Certify this document” action where manuscripts, legal drafts, and academic papers actually live — submission-ready proof without leaving the page.

Commerce (e.g. Shopify)

Certify original product descriptions, brand copy, and listing content as human-authored and owned — useful for DMCA and ownership disputes.

Provenance ecosystems (C2PA)

A text authorship certificate that complements visual Content Credentials, so a single asset can carry both visual and text provenance.

Integrations are built on the public ScriptShield API. We also support deeper partnerships — co-developed flows, revenue share, and white-label.

For companies & teams

Studios, agencies, publishers, and content teams use ScriptShield to standardise how authorship is recorded across everything they produce. What a team typically needs to roll it out:

  • API-based certification. Certify works from your existing pipeline or CMS via one authenticated endpoint. Keys are issued and revoked per integration.
  • Privacy / hash-only mode. Hash content on your side and send only the 64-character digest — the work itself never leaves your systems.
  • Verifiable trail. Every certificate has a public verification URL and a downloadable PDF, plus an independently checkable RFC 3161 timestamp.
  • AI disclosure records. Capture authorship mode (human / AI-assisted / AI-generated) and the tools used, for submissions that now require disclosure.
  • White-label. Issue certificates under your own brand and verification domain (partnership tier).

Implementation in three steps

  1. A team admin generates an API key in Settings (Pro plan).
  2. Your system POSTs text or a hash to /api/v1/certify at the moment of creation or publication.
  3. Store the returned certificate number; surface its verify URL wherever provenance matters.

For IP & legal professionals

We are deliberately precise about what a ScriptShield certificate is, so it can be relied on appropriately. It is evidence of the existence and integrity of a specific piece of content at a specific time — not a copyright registration, and not legal advice.

What it establishes

  • That a file/text with a given SHA-256 digest existed no later than the timestamp.
  • That the content has not changed since (any edit changes the hash).
  • A trusted third-party (RFC 3161 TSA) attestation of the time, independent of ScriptShield.
  • A documented authorship and AI-disclosure declaration by the author.

What it is not

  • Not a copyright registration. In many jurisdictions copyright is automatic; federal registration (e.g. the U.S. Copyright Office) confers separate statutory benefits.
  • Not proof of who first authored the content, only that this party held it at this time.
  • Not legal advice. Counsel should assess admissibility for a given matter.

Independent verification

Verification does not require trusting ScriptShield. The certificate carries a SHA-256 digest and an RFC 3161 timestamp token, both checkable with standard, open tools. To confirm the content matches the certificate:

# 1. Recompute the digest of the content
shasum -a 256 your-file.txt
# compare the output to the certificate's content hash

# 2. Inspect the trusted timestamp token (RFC 3161)
echo "<base64_tsa_token>" | base64 -d > token.tsr
openssl ts -reply -in token.tsr -text

Programmatic verification is available at GET /api/v1/verify/{certificate_number}.

Distribution evidence

Beyond creation timestamps, ScriptShield records distribution: who accessed a work via a tracked link, when, and whether they accepted an NDA. As the positioning we share with practitioners puts it — copyright registration protects ownership; ScriptShield documents the circulation trail. In an infringement matter, a record that a specific party accessed a specific version on a specific date can be materially more probative than a creation date alone.

ScriptShield is a service of Catana Group LLC. It provides evidence-documentation tools and is not a law firm. Nothing here is legal advice. Independent counsel should assess evidentiary weight and admissibility for a specific jurisdiction and matter.

Let's build something defensible.

Whether you're a platform exploring an integration, a team standardising authorship records, or a firm evaluating the evidence model — we'd like to hear from you.

Contact usRead the API docs

Leah

ScriptShield Support

Hi! I'm Leah, ScriptShield's support assistant. I can help with questions about protecting your creative work, our pricing tiers, how certification works, or anything else. What can I help with?