How Evidence upload and integrity (hashing) work

Evidence in NearbySpy is the file artifact behind the work — the surveillance photo, the body-cam clip, the PDF of public records, the recorded call. Because Evidence may end up in a deposition or court exhibit, the platform treats every upload as something that has to be provably authentic. This article explains how the upload pipeline works and what the SHA-256 hash on every file is for.

Where Evidence lives

Evidence is uploaded into an Operation and shows up in that Operation's gallery as a card grid — one card per file. The gallery is flat by design: no folders, no nesting, fast to scan in the field. The aggregate view across the whole Case is covered in Evidence Locker vs Operation-level Evidence.

What you can upload

NearbySpy supports five Evidence types: photo, video, document, audio, and other. The card you see in the gallery uses a thumbnail when one can be generated and a file-type icon when it cannot. Photos and video can be opened in the lightbox preview; documents and audio download. There is no hard cap on file count per Operation, but very large videos should be uploaded over a reliable connection.

The upload pipeline

Upload happens in two stages, and both have to succeed before the Evidence appears in the gallery.

1. Hash the file in your browser. Before any byte leaves your device, NearbySpy computes a SHA-256 hash of the file contents. This is a deterministic 64-character fingerprint — the same file produces the same hash, every time, on any machine.
2. Upload to secured storage. The file is then uploaded to Supabase Storage under a path scoped to the Case, Operation, and file ID. The hash is stored alongside the metadata.
3. Server-side verification. When the upload finishes, the server recomputes the hash on what it received and compares it to the hash you sent. If they do not match, the upload is rejected. A successful match is what makes the Evidence appear in the gallery.

This means a corrupt file, a truncated upload, or a tampered byte cannot quietly land in the gallery without showing up as a hash mismatch.

Why SHA-256, and why it matters

SHA-256 is the same hashing algorithm used by Bitcoin, Git, and most modern code-signing tools. For Evidence purposes, it gives you a one-line answer to a question opposing counsel will eventually ask: "How do you know this file is the file you originally captured?" The answer is: the hash recorded at upload time matches the hash of the file in storage today. If anyone modifies even one byte, the hash changes.

Cloud-link Evidence

You can also attach Evidence by pasting a Dropbox or Google Drive URL. NearbySpy detects the provider and shows a preview card linked back to the source. The hash guarantee covers files NearbySpy hosts; cloud-linked Evidence is governed by the access controls on the linked service.

Uploader, time, and audit

Each Evidence card records who uploaded it, when, and from which Operation. That metadata is permanent and is part of the same audit trail described in Comments and activity on an Operation.

What happens after upload

Evidence is immutable. You cannot edit a file in place or replace it with a new version — uploading a new file creates a new card with its own hash. Removing Evidence from the gallery is a soft archive, recoverable by an Admin or Owner. The full retention model is described in Why Evidence is immutable and how archive/restore works.