Certified Backup Copies#

BenchVault uses the phrase certified backup copy in a narrow, practical way: the selected local backup copy has been verified, sealed with digital fingerprints, and prepared for outside witnessing.

It does not certify the live LabArchives notebook. Once a backup has been made, later edits in LabArchives are separate from the backed-up copy.

What The Email Does#

The Certify Copy action:

  1. Rechecks the selected backup’s integrity manifest and local seal.

  2. Refuses to continue if the backup copy is not verified.

  3. Exports or refreshes the local audit packet.

  4. Opens a prepared email draft through the computer’s default mail app.

  5. Falls back to copying the email body to the clipboard if no mail app opens.

The message contains:

  • notebook name,

  • backup ID,

  • backup creation time,

  • certification email generation time,

  • integrity status,

  • protected file count and protected bytes,

  • integrity manifest path relative to the backup folder,

  • manifest SHA-256,

  • sealed manifest SHA-256,

  • paths to local audit files relative to the backup folder.

It does not contain notebook contents, attachments, credentials, AI API keys, or local absolute paths.

Who Should Receive It#

The recipient should be outside the notebook owner’s own mailbox. Good choices include:

  • a colleague,

  • a supervisor,

  • an SD,

  • records staff,

  • a shared institutional mailbox.

A retained institutional mailbox is stronger than an ordinary personal mailbox, but even a colleague or supervisor mailbox is better than keeping the seal only on the same computer as the backup.

What It Proves#

If the email is sent and retained, it can help show:

  • this backup-copy fingerprint existed by the recipient mail system’s received time,

  • the backup still matches that fingerprint if BenchVault verifies it later.

It cannot show:

  • that the live LabArchives notebook was not edited before backup,

  • that the user actually sent the email unless the mail system provides records,

  • that the backup is legally admissible without institutional review.

Stronger Future Routes#

BenchVault leaves room for later routes with fewer manual steps:

  • institution-owned retained mailbox,

  • trusted timestamp authority,

  • institution-controlled API,

  • immutable file-server drop,

  • object-lock or WORM storage,

  • records-managed retention library,

  • append-only transparency log,

  • write-once media under separate custody.