The clock started. Fix both ends of it.
Statutory removal windows are now hard law with live enforcement. The US TAKE IT DOWN Act requires covered platforms to remove flagged intimate-image content within 48 hours (in force May 2026). India's February 2026 rules run a 3 hour clock for flagged deepfakes. The EU AI Act's transparency provisions (from August 2026) add labeling duties on top. When a regulator or plaintiff asks "when did you receive the report, and when did you act?", your platform's database timestamps are your platform's own word. The play: hash the report record and the removal record, notarize each hash the moment it happens, and the two signed timestamps bracket the clock, without the content ever leaving your platform. Hash-only. Zero content shared.
Two steps: hash locally, notarize the hash.
Step 1 runs entirely in your browser: paste any record and get its SHA-256 fingerprint. Nothing you paste is transmitted anywhere. Step 2 is one API call that notarizes the fingerprint: Dynamic Feed signs the hash and the receipt time with Ed25519 and retains the record in the signed, append-only archive, RFC 3161 timestampable and publicly re-verifiable. Hashing is fully local; notarization uses a free self-serve key.
local hash record (JSON)
curl -X POST https://dynamicfeed.ai/v1/notarize -H "content-type: application/json" -H "X-API-Key: YOUR_FREE_KEY" -d '{"hash":"sha256:<your hash>","ref":"takedown-<ticket-id>"}'
Deadline disputes are decided on timestamps.
In an enforcement inquiry or civil claim, the platform's ticket system says the report arrived at 14:02 and the content came down at 15:37. Both timestamps live in a database the platform controls, and the other side knows it. A hash of each record, notarized by an independent witness at the moment it happened, signed against a published key and re-verifiable years later, turns "trust our logs" into "check the receipts." Two calls per ticket: one when the report lands, one when the action completes. The interval between the two signed timestamps is your answer to the clock, and it works against you exactly as well as it works for you: anyone can re-check it, including the regulator.
Covered platforms must remove flagged intimate-image content within 48 hours of a valid report. In force May 2026.
A 3 hour removal clock for flagged deepfake content, with a short-fuse escalation path.
Labeling and disclosure duties for synthetic media add a second layer of "show when you knew" questions.
Evidence, not a compliance determination.
Dynamic Feed is a neutral witness, not a regulator, certifier or adviser, and it never sees your content, only a hash. A notarized hash proves that a record existed unchanged at a point in time. It does not prove the underlying report was valid, that the removal was complete, or that a statutory duty was discharged; deadlines, coverage and notice requirements vary by law and jurisdiction, so check your own counsel's read. Advisory evidence, tamper-evident not tamper-proof, retained in the signed archive, zero personal data, not a compliance determination and not legal advice. The decision is always yours; the receipt is the witness.
Two API calls per ticket.
One notarize call when the report lands, one when the action completes. Trust-and-safety pipelines can mint both receipts automatically, hash-only, self-serve to scale.