How it worksShieldPulsePricingDocsRequest access →
Deploy in an afternoon · Privacy-first architecture · Powered by PDQ + DINOv2

Protect your platform
from known NCII —
before it spreads.

Privacy-first image and video safety infrastructure for platforms with user-generated content. Deploy in an afternoon. No images ever leave your servers.

node.js · integrate in minutes
# install
npm install @corvinth/sdk          # v0.2.0
# pip install corvinth             # v0.2.0 · Python
import { CorvinthClient } from '@corvinth/sdk';
const client = new CorvinthClient({ apiKey: process.env.CORVINTH_API_KEY });

const result = await client.checkHash({
  pdq_hash,             // 64-char hex, computed locally by SDK
  pdq_dihedral_hashes,  // all 8 orientations — no pixels sent
});

if (result.action === 'content_removed') {
  return res.status(403).json({ blocked: true });
}
// → { case_uuid, classification, action,
//     confidence_score, matched_lane,
//     hamming_distance, matched_case_id, review_queue,
//     pipeline_1_result, pipeline_2_queued, timestamp }
request early accesssee how it works

Built for

Social Platforms
Dating Apps
Messaging Apps
Creator Platforms
AI Communities
Adult Content Platforms

Save six months of engineering.

Building NCII detection from scratch means VP-Trees, perceptual hashing, semantic embeddings, audit logging, and a compliance workflow. That's a full sprint. Corvinth is the version that ships this afternoon.

Deploy this afternoon.

One API endpoint in your upload pipeline. The SDK computes hashes on your server. No infrastructure changes required.

Catch edits, crops, rotations.

Pulse uses DINOv2 semantic vectors to match heavily edited variants that simple hash matching misses entirely.

FTC audit log, out of the box.

Every decision receives a cryptographically chained audit entry. Exportable for FTC review at any time.

Your policy. Our signal.

Corvinth returns allow / review / block / clean. You decide what happens next. We are the detection layer, not the decision maker.

NCII is where Corvinth starts. The same hashing, matching, and audit infrastructure underneath Shield and Pulse is built to extend to other categories of harmful or unauthorized content over time.


No images ever leave your infrastructure under Pipeline 1.

The SDK runs entirely on your servers. Only a 256-bit hash crosses the network — never pixels. This is Pipeline 1 (Shield). Pipeline 2 deep scans are opt-in, disclosed separately, and disabled by default.

Image
your server
SDK
runs locally
PDQ Hash
256 bits only
Corvinth
match engine
Decision
<100ms · p50
0 pixels sent to Corvinth · Pipeline 1
GDPR & TIDA compliant by design
No configuration required

Live in a day. Audit-ready by day two.

This isn't a multi-sprint project. Most teams are fully integrated in a single working day.

01

Install SDK

npm install @corvinth/sdk — Node.js/TypeScript and Python in active development. No SDK required either; one HTTP call works today.

02

Compute PDQ locally

The SDK hashes the image on your server. All 8 orientations in one call. No pixels leave your infrastructure.

03

POST the hash

Send the 64-char hex hash to POST /hash/check with your API key. Under 100ms round-trip.

04

Receive decision

allow · review · block — with a case UUID and optional Hamming distance for audit.

05

Enforce your policy

Act on the decision in your upload handler. Corvinth fires your webhook automatically for exact matches.

01

Normalize on your server

The SDK handles EXIF orientation, resizing, compression — all locally. No pixels sent anywhere.

02

Generate 8 PDQ fingerprints

Meta PDQ produces fingerprints for all 8 orientations simultaneously. Rotation and re-encoding are tolerated by design.

03

Match against NCII database

Hash sent to Corvinth's API. VP-Tree Hamming-distance lookup across all orientations. Under 100ms.

04

Decision returned to you

allow · review · block · clean — plus a case UUID, classification, confidence_score, matched_lane, and Hamming distance for your audit log.


<100ms
Shield decision latency · single worker baseline
0 pixels
Pipeline 1 · never sent to Corvinth
crops + rotations
caught by Pulse · what PDQ alone cannot reach
1 afternoon
typical integration time

Key differentiator

We match against real reported NCII hashes — not generic nudity detection.

Corvinth is built to be format-compatible with the StopNCII PDQ hash standard — the same fingerprinting scheme used across the industry's largest victim-reporting network. Corvinth is not currently partnered with or integrated into StopNCII's feed; matches run against Corvinth's own database, populated via direct victim complaints (Pulse) and platform-reported hashes. A photo on a beach is not a violation. A specific image reported by a victim is.

SDK in active development · v0.2.0
checkHash() · checkVideo() · submitComplaint() · addHash()
Shield
Every upload
PDQ hash (local SDK)
VP-Tree match
Allow · Review · Block
Pulse
Direct report
DINOv2 vector (local SDK)
Qdrant cosine
Semantic match
Video
Every video upload
MD5 + SHA-256 (local SDK)
O(1) set lookup
Exact match · Allow

What your team sees every day.

A real-time view of every scan decision — matches, blocks, and review queue items — with a full audit trail behind every case.

Illustrative dashboard · sample data, not live production metrics
corvinth / shield · TestDating
sample
Recent decisions
CASE-3829EXACTdist: 0
2s agoBlocked
CASE-3830FUZZYdist: 6
14s agoReview
CASE-3831EXACTdist: 0
41s agoBlocked
CASE-3832NEAR_MISSdist: 14
1m agoReview
CASE-3833FUZZYdist: 3
2m agoBlocked
CASE-3834CLEANdist:
3m agoAllowed
Today
Uploads scanned
1,248,991
Matches found
317
Sent to review
84
Avg response
60–120ms
p50 · under 50 rps
Active cases
12
48h compliance
All cases within deadline

Catch what hashes miss.

Pulse handles direct victim complaints, heavily cropped variants, and arbitrary rotations that PDQ cannot reach. Powered by DINOv2 384-dim vectors and cosine similarity. Submit a complaint via a presigned URL (we compute the embedding server-side, under SSRF-hardened constraints) or, on Enterprise, send a pre-computed vector directly — your image bytes never have to leave your infrastructure either way.

corvinth / pulse · TestDating
live
Complaint registry
CPL-0041cse_9f2a
sim: 0.97Active
CPL-0040cse_3b1e
sim: 0.91Active
CPL-0039cse_7c4d
sim: 0.88Resolved
CPL-0038cse_2a9f
sim: 0.94Active
Semantic stats
Active complaints
41
Resolved
189
Avg similarity
0.94
Variants caught
1,204
DINOv2 vectors
384-dim · cosine similarity

Everything you need. Nothing you don't.

Two pipelines. One decision. Every endpoint returns a structured response your upload handler can act on immediately.

Meta
GET/health
Platform
POST/platform/register
GET/platform/verify
Shield
POST/hash/check
POST/hash/add
GET/cases/{case_uuid}
POST/cases/{case_uuid}/confirm
GET/cases/{case_uuid}/audit
GET/cases/{case_uuid}/challenge
Pulse
POST/platform/complaints
GET/platform/complaints
DELETE/platform/complaints/{id}
Appeals & Hashes
POST/appeals
GET/hashes/count
Demo
POST/demo/check

No API key required — powers the live demo below. Rate limited to 10 requests/minute, 50/hour.

# POST /hash/check response
{
"case_uuid": "cse_83f1a2b3…",
"match_found": true,
"classification": "EXACT",
"action": "content_removed",
"hamming_distance": 2,
"matched_case_id": "case_7c4d…",
"review_queue": null,
"pipeline_1_result": "EXACT",
"pipeline_2_queued": false,
"confidence_score": 0.9922,
"matched_lane": "standard",
"timestamp": "2026-06-27T…"
}

Verifying webhook signatures

Every webhook is signed with HMAC-SHA256 over the exact raw request body — hash the bytes as received, not a re-parsed/re-serialized copy, or the signature won't match. Compare using a constant-time function (never === or ==) so verification doesn't leak timing information.

Webhook delivery retries up to 3 times with exponential backoff if we don't receive a 2xx response — your handler may receive the same case_uuid + event more than once (e.g. if your ack was lost in transit even though you processed it). Dedupe on case_uuid before acting, so a duplicate delivery can't trigger remove_content twice.

const crypto = require('crypto');
const express = require('express');
const app = express();

// Use express.raw(), not express.json() — you must hash the exact raw
// bytes Corvinth sent. Re-parsing and re-stringifying JSON can reorder
// keys or change spacing, silently breaking signature verification.
app.post('/webhooks/corvinth', express.raw({ type: 'application/json' }), (req, res) => {
  const signature = req.headers['x-corvinth-signature'];
  const rawBody = req.body; // Buffer, not parsed JSON

  const expected = crypto
    .createHmac('sha256', process.env.CORVINTH_WEBHOOK_SECRET)
    .update(rawBody)
    .digest('hex');

  const sigBuf = Buffer.from(signature, 'hex');
  const expBuf = Buffer.from(expected, 'hex');
  if (sigBuf.length !== expBuf.length || !crypto.timingSafeEqual(sigBuf, expBuf)) {
    return res.status(401).send('Invalid signature');
  }

  const payload = JSON.parse(rawBody);
  // Dedupe on payload.case_uuid before acting — retries can redeliver.
  console.log('Verified Corvinth event:', payload.event, payload.case_uuid);
  res.status(200).send('OK');
});

Test the Engine.

Submit a PDQ hash and see a real API response from the match engine. No API key required. Limited to 10 requests/minute.

Input — PDQ hash

Source tag (optional)

Live sandbox · first request may take ~10s (Render cold start)

waiting for input

Response

// response will appear here

Live in a day. Audit-ready by day two.

This isn't a multi-sprint project. Most engineering teams are fully integrated in a single working day.

Day 0

Get your credentials

Request access and receive API credentials — typically within 24 hours. We send you an API key and integration notes for Node.js/TypeScript and Python (SDKs in active development; raw HTTP works today).

API key issued
Integration notes sent
Live demo available with no API key
Day 1

One endpoint in your pipeline

Add a single POST call to your upload handler. The SDK computes the hash on your server — nothing else changes in your infrastructure.

POST /hash/check integrated
Block / review / allow logic wired
First real scan running
Day 2

Audit log running

Enable webhook notifications and connect the audit log export to your compliance tooling. You now have a paper trail for every decision your platform makes.

Audit log exporting
Webhooks configured
Legal team can pull reports

Where does the data go?

The first question your legal team will ask. Here is the complete answer.

Zero image storage

Images are never sent to or stored on Corvinth servers under Pipeline 1 (Shield). The SDK runs entirely on your infrastructure. Only a 256-bit hash or a 384-dim vector crosses the network boundary. Pipeline 2 deep scans are opt-in and disclosed separately.

Encryption in transit

All API traffic uses TLS 1.3. Hash values and vectors in transit are non-reversible and cannot reconstruct the original image. Even if intercepted, a 256-bit hash reveals nothing about image content.

Hash retention policy

We store only the fingerprint, vector, and decision metadata — never original content. Hash data is retained for audit log purposes and can be configured per contract for enterprise customers.

Data Processing Agreement available. Enterprise customers can request a signed DPA before integration. Email founder@corvinth.com with your legal team's requirements.

request DPA →

Built honestly on available technology.

Corvinth is built on open-source perceptual hashing and DINOv2 semantic vectors. The architecture supports optional Microsoft PhotoDNA integration — not currently active in production. When enabled, it operates on a platform opt-in basis with full disclosure in the DPA.

Zero image storage

Images are never sent to or stored on Corvinth servers. The SDK runs on your infrastructure. Only the hash or vector crosses the network boundary.

Rotation tolerant

All 8 orientations stored at index time. Rotated or flipped re-uploads are still caught by Shield. An optional second, normalized hash lane catches brightness/contrast evasion attempts that the standard lane alone would miss. Arbitrary rotations caught by Pulse.

PDQ + DINOv2

Uses Meta PDQ for perceptual hashing and DINOv2 for semantic vectors. Both run locally via the SDK — no pixels sent to Corvinth.

Your policy, our detection

We return a signal. You enforce your policy. Corvinth is the detection layer — not the decision maker.

FTC-ready audit log

Every decision receives a cryptographically chained audit log. Exportable for FTC or legal review at any time.

Compliance-ready architecture

Catches violations at upload — before any removal request is filed. Evidence is already logged before any regulator asks for it.

Near-miss pattern detection

NEAR_MISS content is allowed through, but every occurrence is logged and analyzed for coordinated evasion patterns — repeated near-variant re-uploads from the same actor get flagged for threat intelligence review, even when no single upload crosses the block threshold.

Signed webhooks

Every webhook we send is signed with HMAC-SHA256 over the raw request body. Verify the X-Corvinth-Signature header against your webhook secret before trusting a payload.

Meta PDQDINOv2Qdrant cosineOpen-source hashingNear-duplicate detectionCompliance logsReview queueCase management

Corvinth's hashing format is compatible with the StopNCII PDQ standard. Corvinth is not currently partnered with or integrated into StopNCII's feed, and does not represent or speak for StopNCII, Meta, or any listed organization. Corvinth is an independent trust and safety infrastructure company.


Why image safety suddenly matters.

Regulatory pressure on platforms is accelerating globally. The U.S. Take It Down Act is the clearest example — but it won't be the last.

01
Feb 2025

TIDA introduced

Bipartisan bill introduced in both House and Senate with broad support. Named partly in response to the Taylor Swift deepfake incident.

02
Apr 2025

Passed Senate 95–1

Near-unanimous vote. Senators cited the explosion of AI-generated NCII targeting minors and adults across social and dating platforms.

!
May 19 2026

Signed into law · FTC enforcement begins

Platforms now have 48 hours to remove flagged NCII after a valid request. Failure = $53,088 per violation. The FTC has active jurisdiction.

!
Now

Your platform is covered

If users can upload images on your platform, you are in scope. Dating apps, social platforms, messaging apps, creator tools — no exceptions for size.


Two different engineering realities.

The difference between platforms that handle image safety well and platforms that don't isn't intent — it's infrastructure.

Without Corvinth
User uploads image
No detection at ingest
Victim files abuse report
Support ticket created
Manual investigation begins
48h deadline missed
FTC complaint filed
Platform at risk
With Corvinth
User uploads image
SDK hashes locally — no pixels sent
POST /hash/check → <100ms
Decision returned: allow · review · block
Case UUID created
Audit log entry written
Webhook fired to your platform
Evidence ready before any complaint
Note on TIDA: Under the Take It Down Act (U.S., active May 2026), platforms have 48 hours to remove flagged NCII after a valid request. Failure is $53,088 per violation. Corvinth catches violations at upload — before the clock starts.
don't wait for a complaint →

What's your platform's risk?

$53,088 is the FTC's current civil penalty per TIDA violation — that figure is real and confirmed. There is no published benchmark for how many violations a platform like yours might actually have, so estimate a number you believe is realistic and see what it adds up to.

Estimated unresolved violations
5
12550100
Estimated exposure
$265K
5 violations× $53,088 each — the FTC's current TIDA civil penalty

Hypothetical planning tool — the violation count is a number you choose, not a sourced statistic. The $53,088 figure alone is the real, FTC-confirmed number here.

Corvinth costs from $99/mo to cover this.get protected →

Transparent, usage-based pricing.

Starter is Shield-only. Growth unlocks Pulse — semantic detection and the complaint registry.

Founding Access3 platforms only
$99/month
full Shield + Pulse access · 3 platforms only
✓ Pulse included
Full Shield + Pulse access. For our first three platforms.
  • Full Shield API — hash matching
  • Full Pulse API — semantic detection
  • Complaint registry
  • Library backfill — scan existing uploads (Mode B)
  • Audit log export
  • Direct line to founder
  • Weekly feedback calls
apply for founding access
Starter
$299/month
~$0.0003/scan · 1M scans included
✗ Pulse not included
For platforms under 1M monthly uploads that need Shield compliance without operational overhead.
  • Shield API — hash matching
  • Up to 1M scans/month
  • Audit log export
  • Webhook notifications
  • FTC compliance reports
request access
Growthpopular
$799/month
~$0.0002/scan · 5M scans included
✓ Pulse included
For high-growth platforms that need Pulse for victim complaints, semantic detection, and video.
  • Everything in Starter
  • Full Pulse API — semantic detection
  • Complaint registry
  • Library backfill — scan existing uploads (Mode B)
  • Video lane — MD5+SHA-256 exact match, StopNCII-compatible, computed locally
  • 5M scans/month
request access
Enterprise
Custom
Unlimited scans · dedicated infra
✓ Pulse included
For high-volume platforms and custom needs.
  • Unlimited scans
  • Pulse + Shield
  • Library backfill — Mode A available (metered)
  • Dedicated infrastructure
  • On-premise option
  • SLA available with dedicated infra
  • Legal & compliance support
contact us

Founding tier — 3 platforms only, full Shield + Pulse access from $99/mo. Once the founding tier closes, standard pricing applies from $299/mo. Email founder@corvinth.com to apply before it fills.

billing questions

Questions platforms actually ask.


for victims

If your images are being shared without your consent

Platforms using Corvinth can receive your complaint directly.

Your images are never stored — only a mathematical fingerprint, computed on your own device, is used for detection.


TIDA just passed. There will be more.

We publish plain-English regulatory updates for platform engineers — not lawyers. NCII law is moving fast. Stay ahead of it.

Email us to subscribe →

There's a human accountable for this.

Founder & sole engineer, Corvinth — building in public

I built Corvinth because I watched small platforms get caught flat-footed by TIDA — not because they didn't care, but because building trust and safety infrastructure is expensive and hard and usually comes after a crisis, not before. The compliance tools that exist are built for companies with legal teams and seven-figure engineering budgets.

Corvinth is the version of this that fits in a startup's infrastructure budget, integrates in a day, and gives you the audit trail you need to show the FTC you took this seriously. I'm not anonymous — email me directly with any questions, including hard ones about what Corvinth can and cannot do.

founder@corvinth.com

get started

Ready to integrate?

Tell us about your platform and we'll get you API credentials within 24 hours.

Early access from $99/mo · Standard plans from $299/mo