Privacy Scanner proof kit
=========================

This bundle contains a report exported by Privacy Scanner on a Mac,
exactly as the app produced it. Nothing here requires the app, an
account, or any trust in us. Verify everything yourself with tools
already on your machine.

Contents
--------
Privacy-Scanner-AI-Inventory_2026-07-03_150558.pdf    A signed AI content inventory (EU AI Act Article 50 report)
Privacy-Scanner-AI-Inventory_2026-07-03_150558.pdf.sha256    SHA-256 checksum sidecar
Privacy-Scanner-AI-Inventory_2026-07-03_150558.pdf.sig       ECDSA P-256 signature
Privacy-Scanner-Signing-Key.pem                       The public key (the private key never leaves the Mac's Keychain)

Step 1: verify the checksum
---------------------------
    shasum -a 256 -c Privacy-Scanner-AI-Inventory_2026-07-03_150558.pdf.sha256

On Linux, use sha256sum instead of shasum -a 256.

Step 2: verify the signature
----------------------------
    openssl dgst -sha256 -verify Privacy-Scanner-Signing-Key.pem \
        -signature Privacy-Scanner-AI-Inventory_2026-07-03_150558.pdf.sig \
        Privacy-Scanner-AI-Inventory_2026-07-03_150558.pdf

The command prints "Verified OK". If a single byte of the PDF
changes, it will not.

Why this matters
----------------
Every report Privacy Scanner exports is signed the same way, with a key
generated on your Mac and held only by you. A report you hand to a
client, a lawyer, or an auditor can be verified by them, on their
machine, with stock command-line tools. The proof does not depend on
our word, and it never will.

https://privacyscanner.app
