What is the comfort or confirmation letter?
When you export your data room from Digify, you'll receive a comfort or confirmation letter along with your exported files.
This letter is a digitally signed PDF that proves your export is complete, authentic, and unchanged.
It also includes technical proof of integrity in the form of a SHA-256 hash, which acts as a unique digital fingerprint created from the exact contents of your exported data.
A hash is a value generated by a mathematical formula based on the digital contents of your files. This value always changes if the files change in any way, even by a single character or pixel. This makes any kind of tampering instantly visible.
💡Think of it like a DNA match for your data: it’s unique to your export, can be verified at any time, and cannot be faked.
Why Digify’s confirmation letter is more reliable than a traditional comfort letter
Traditional comfort letters rely on a person’s signature or statement to confirm that files are genuine. Digify’s confirmation letter uses cryptographic verification, which is mathematical, objective, and far more secure.
Key advantages
Tamper-evident verification
The SHA-256 hash ensures that any change to your files, no matter how small, creates a completely different fingerprint.
Independent validation
Anyone can check the authenticity of your export using simple, built-in tools like Terminal on macOS or PowerShell on Windows. No special software or access to Digify is required.
Immutable proof
Unlike a traditional comfort letter that depends on trust, this verification is based on mathematics, not personal assurance. It cannot be rewritten, forged, or disputed.
Audit and compliance ready
Auditors, buyers, or third parties can repeat the verification process at any time, maintaining a clear chain of custody for your data.
Time-stamped authenticity
The confirmation letter serves as digital evidence that your export existed in a specific state at a specific moment.
Legal reliability and evidentiary assurance
Legally and from a compliance perspective, the comfort or confirmation letter strengthens your documentation trail by providing:
Objective, tamper-evident proof of file integrity
Cryptographic confirmation that your export originated directly from Digify’s system
Independent verification capability, ensuring transparency during audits or legal reviews
While the confirmation letter is not a legal contract, it serves as digital evidence that supports due diligence, audits, and legal proceedings.
It confirms that your files are exactly the same as they were at the moment of export.
How to verify your export
There are two simple steps to make sure your exported data room is genuine and hasn’t been changed:
Step 1: Confirm that the letter is authentic.
Check that the comfort or confirmation letter is digitally signed by Digify. This proves the document itself is genuine and has not been altered.
Step 2: Validate the hash in the letter.
Compare the SHA-256 hash shown in the letter with the one you generate from your exported ZIP file. If both match, your export is complete and untampered.
Once both steps are done, you can be confident that your exported files are authentic, unchanged, and securely verified.
Step 1 of 2: Confirm that the letter is authentic.
Every comfort or confirmation letter from Digify is digitally signed, which proves that it was created and issued by Digify.
You can check this digital signature using any standard PDF viewer such as Adobe Acrobat Reader or Preview on macOS.
To check the signature:
Open the PDF comfort or confirmation letter
In your PDF viewer, look for and open the Signature or Document Properties panel.
Confirm that:
The signature is valid and
It is signed by digify.com (or "Digify Pte. Ltd.")
You should see a message confirming that the signature is valid and that it was issued by digify.com or Digify Pte. Ltd.
❗Note: If the signature appears invalid or unverified, do not rely on the letter or export until you confirm it was received directly from Digify’s email system.
✅ Once the signature is verified, you can move on to checking the hash.
How the verification works
The comfort or confirmation letter includes a SHA-256 hash, which is a long string of numbers and letters that represents your exported ZIP file.
When you calculate the hash again from your own exported files and compare it to the one in the letter:
✅ If the two hashes match, your files are authentic and unchanged.
❌ If they do not match, the export has been altered, even slightly.
This method allows anyone to confirm the integrity of your export independently, even years later.
Step 2 of 2: Validate the hash in the letter.
Once you’ve confirmed that the letter’s digital signature is valid, you can verify that your exported files haven’t been changed.
This step compares the SHA-256 hash listed in the letter with the hash you generate from your exported ZIP file. If they match, your export is intact and authentic.
🪟 For Windows users
Find your exported ZIP file (for example,
DataRoomExport.zip).Right-click the file and select Copy as path. This copies the full file path to your clipboard.
Open PowerShell:
Press Start, type “PowerShell" or "Windows PowerShell" and hit Enter.
In PowerShell, type this command (paste your file path inside the quotation marks):
Get-FileHash -Algorithm SHA256 "C:\path\to\your\file.zip"
Example:
Get-FileHash -Algorithm SHA256 "C:\Users\JaneDoe\Downloads\DataRoomExport.zip"
Press Enter.
PowerShell will show a long string of numbers and letters. This is your file’s SHA-256 hash.
Compare it with the one listed in your confirmation letter.
✅ If they match, your export is original and untampered.
❌ If they don’t match, the file has been changed or corrupted.
🍎 For Mac users
Locate your exported ZIP file (for example, on your Desktop).
Open Terminal using one of the following methods:
Open Finder → Applications → Utilities → Terminal
Or open Launchpad → Other (or Utilities) → Terminal
Or press Command + Space, type Terminal, and press Return
Type the following command:
shasum -a 256 /path/to/your/file.zip
Example:
shasum -a 256 ~/Desktop/DataRoomExport.zip
Press Return.
Terminal will display a long string of numbers and letters. This is your file’s SHA-256 hash.
Compare it with the one shown in your confirmation letter.
✅ If they match, your files are verified.
❌ If they don’t match, the export has been modified.
💡Tip: If you find these steps difficult, you can share both the exported ZIP file and the confirmation letter with your IT administrator, auditor, or legal representative. They can help you confirm the hash quickly.
If you make multiple copies or exports
If you export your data room once and copy that same exported ZIP file to several USB drives or devices, the SHA-256 hash will remain the same.
This means that one comfort or confirmation letter applies to all identical copies of that export. You can include a copy of the same letter with each USB.
However, if you perform a new export (for example, by clicking “Export Entire Data Room” again), Digify will generate a new ZIP file and a new confirmation letter. Even if the files inside look the same, the new export may produce a slightly different hash.
In summary, here’s how different situations affect your confirmation letter:
Scenario | Hash result | Confirmation letters needed |
One export copied to several USB drives or devices | Same hash | One letter (can be copied) |
Multiple separate exports | New hash each time | One letter per export |
💡Tip: For record-keeping, keep a copy of the confirmation letter with each exported batch, especially if you perform multiple exports over time.
Security and privacy at Digify
Digify’s systems follow a zero-access approach to customer data. No Digify employee can view or download your exported files.
All exports and confirmation letters are encrypted and remain under your full control.
Where to find your comfort/confirmation letter
When you export your data room:
You’ll receive an email with a secure download link to your exported ZIP file.
The comfort or confirmation letter (PDF) will be attached to the same email.
Keep this letter together with your export in a safe location for future verification.
✅ With the confirmation letter and hash verification, you can always prove that your exported data room is original, complete, and untampered, even years later.