Sign In Get Started
§ 2257 Custodian Service

Verified Identity.
Signed Release.
One API Call.

ProntoRelease combines KYC-verified identity with a legally-binding digital affidavit and managed § 2257 custodianship — the complete compliance layer for content platforms.

Request Access Read the Docs
KYC-verified identity
SHA-256 anchored PDF
7-year retention
The Problem

KYC alone isn't
enough for content

Identity verification tells you who someone is. But for content platforms, you also need their authorisation — and proof you have it.

The § 2257 Gap

US federal law requires age-verification records for every piece of sexually explicit content. KYC verifies the user but does not capture the affidavit, custodian address, or 7-year retention obligation that § 2257 mandates.

No Authorisation Trail

A verified identity does not mean the user has authorised the platform to host their content. Without a signed release, you have no defence against consent disputes, non-consensual imagery claims, or copyright challenges.

Fragmented Compliance

Platforms cobble together KYC from one provider, release forms from another, and PDF storage from a third. The chain of custody is weak, records are scattered, and audits become painful.

How It Works

KYC + Release
in a single flow

One API call initiates the full journey. ProntoID handles every step — your user arrives at your platform with a signed, custodied record.

1
User selects their role
Your platform presents two paths: Verify as Model (self-posted content) or Verify as Photographer. The choice maps to release_type in the API call.
2
Your backend creates the session
Pass release_required: true, release_type, and optionally a community slug to create-kyc-verification. A single API call starts the whole flow.
3
User completes KYC
ProntoID guides the user through document capture, biometric liveness, and age verification on verify.prontoid.com. No raw document data touches your infrastructure.
4
Completion screen shows the release CTA
Instead of "Go to website", the user sees "Sign Release Form →". Identity data pre-fills the affidavit — name, DOB, nationality — and is locked from editing.
5
User signs the affidavit
The user reviews, adds stage names or a records address, types their legal name as a digital signature, and submits. A SHA-256-anchored PDF is generated instantly.
6
Records retained for 7 years
The signed PDF, KYC session, and ID capture are linked by verification_token and retained until the statutory date by Brooks & Keitt Sàrl as the designated § 2257 custodian.
PHP · ProntoRelease 
// User selected "Verify as Model"
$result = $client->createVerification($userId, [
    'release_required' => true,
    'release_type'     => 'creator_model',
    'community'        => 'malibustrings',
]);

// After KYC → completion screen shows:
// "Identity Verified — One More Step"
// Button: "Sign Release Form →"

// User signs → record stored:
// prontoid-release-records
"release_token":   "ec5964ae-59bf…",
"document_hash":   "845276d5…",
"retain_until":    1997002300,  // 7 years
"status":          "signed"
Release Types

Two roles,
two affidavits

Each release type generates a different legal document matched to the user's role in content production.

release_type: creator_model

Creator / Model Release

For users who are both the subject and the producer of their content — selfie-style posts, self-shot videos, solo creators. The affidavit combines a performer sworn statement under 28 U.S.C. § 1746 with a producer identification clause.

  • Sworn statement of identity & age
  • Producer self-identification clause
  • Stage names / aliases field
  • Authorisation of content & distribution
  • § 2257 custodian clause (if enabled)
  • Limitation of liability & indemnification
Get Started
release_type: creator

Photographer / Videographer Release

For primary producers who photograph or film other performers. The affidavit is producer-only and includes a structured records-keeping address and a mandatory model records warrant — confirming the photographer holds compliant releases for every performer in the uploaded content.

  • Primary producer identification
  • Structured records-keeping address
  • Mandatory model records warrant (§ 2257)
  • Grant of infrastructure rights & copyright
  • 48-hour record production obligation
  • Limitation of liability & indemnification
Get Started
Infrastructure

Built for legal
enforceability

Every component of ProntoRelease is designed to hold up in a federal inspection or court proceeding.

Digital Signature

The user types their full legal name as a digital signature — equivalent to a handwritten signature under the ESIGN Act. Timestamp, IP address, and user agent are captured server-side.

SHA-256 Document Hash

The entire affidavit content is deterministically hashed before the PDF is generated. The hash is embedded in both the PDF and the database record — any tampering is detectable.

AES-256 Encrypted Storage

Signed affidavit PDFs are stored in S3 with AES-256 server-side encryption. The S3 key includes the verification_token — every record links back to the KYC session.

Brooks & Keitt Sàrl as Custodian

The § 2257 custodian address listed on your platform is Place du Midi 30, 1950 Sion, Switzerland. Brooks & Keitt Sàrl maintains the records and can respond to federal inspection requests.

Duplicate Submission Guard

The submit Lambda checks the verification_token-index GSI before writing. One verification session can only produce one release record — returning the existing token gracefully on retry.

7-Year Retention

The retain_until Unix timestamp is calculated at signing time as submitted_at + 7 years, matching the federal retention requirement from the date content was last publicly available.

1 API Call
To trigger full KYC + release flow
7 Years
Federal record retention period
2 Release Types
Creator/Model and Photographer
SHA-256
Anchored document hash per affidavit
Testimonials

Compliance that
doesn't slow you down

"ProntoRelease turned what used to be a manual, lawyer-reviewed process into a 60-second user flow. Our compliance overhead dropped overnight."

M
Maria Fontaine
Head of Legal, Content Platform

"The § 2257 custodian arrangement means we no longer have to store sensitive ID documents ourselves. That alone justified the integration."

J
James Okafor
CTO, Adult Entertainment SaaS

"Two release types, one API call, records retained for 7 years with a real address on file. I haven't found anything else that does this out of the box."

S
Sofia Bauer
VP Compliance, Creator Marketplace
FAQ

Common
questions

Everything you need to know about ProntoRelease. Can't find the answer? Contact us.

ProntoRelease is designed to satisfy the record-keeping requirements of 18 U.S.C. § 2257. Brooks & Keitt Sàrl is named as the designated custodian, holds the records at a disclosed Swiss address, and retains them for the required period. However, we recommend your legal counsel review the implementation for your specific jurisdiction and content type.
ProntoRelease produces a legally-binding digital affidavit that covers identity, age, content authorisation, and § 2257 compliance. It is designed to replace paper model releases for the KYC-verified user. Whether it fully replaces a bespoke model release depends on your jurisdiction and the nature of the content — consult your legal team.
The release form is a mandatory step in the post-KYC flow when release_required is true. If the user closes the browser without signing, no release_token is created. Your platform should check for a completed release before granting upload access — query prontoid-release-records by verification_token.
Yes. A single KYC service (identified by kyc_service_id) can have multiple community records in prontoid-release-services — one per community slug. Each community gets its own branded affidavit, post-signing redirect URL, and release service ID. New communities can be onboarded without any code changes.
Brooks & Keitt Sàrl, Place du Midi 30, 1950 Sion, Switzerland. This address should be disclosed on your platform as required by § 2257(e)(1). We will work with you on the exact disclosure wording as part of onboarding.
Not in the current version — the release_token and document_hash are returned in the API response on the completion screen and the signed affidavit is stored in prontoid-release-records. Webhook delivery for release events is on the roadmap.
Related Services

Part of the ProntoID ecosystem

KYC Verification

The identity verification layer that powers ProntoRelease. Document capture, biometric liveness, and age verification in a single API call.

Learn More

ProntoTag

Third-party model release management. A photographer tags a model in content and she digitally approves. Complements ProntoRelease for multi-party content.

Learn More

ProntoSigned

Identity-verified digital contracts for any document type — NDAs, service agreements, partnership deeds — with the same KYC anchor as ProntoRelease.

Learn More

Ready to close the
compliance gap?

ProntoRelease is available to platforms on the ProntoID enterprise plan. Contact us to discuss your use case and onboard your first community.

Request Access Read the Docs

Brooks & Keitt Sàrl  ·  Place du Midi 30, 1950 Sion, Switzerland  ·  Designated § 2257 Custodian