Back to blog
Deposit Disputes

How Tamper-Proof Evidence Wins Deposit Disputes

·Sam Pike·6 min read

Deposit disputes come down to one thing: whose evidence is more credible.

The adjudicator at TDS, DPS, or mydeposits isn't there to decide who's telling the truth. They're there to weigh evidence. If your evidence is more credible than the tenant's, you win. If it isn't — or if there's genuine doubt — you don't.

Most landlords lose disputes not because they're dishonest but because their evidence, however genuine, looks like it could have been tampered with. Here's how tamper-proof evidence changes that.

What "Tamper-Proof" Actually Means

The phrase sounds technical, but the concept is simple: a tamper-proof record is one where any alteration — however small — is detectable.

The mechanism that makes this possible is called cryptographic hashing. Every file can be run through a mathematical function that produces a unique string of characters — a "fingerprint" of that exact file. The SHA-256 algorithm, for example, produces a 64-character fingerprint for any file of any size.

The crucial property of this fingerprint: if you change even one pixel in a photograph, the fingerprint changes completely. Not slightly — completely. Two photographs that look identical to the human eye but differ by a single pixel will produce entirely different SHA-256 fingerprints.

When a photo is uploaded to a system that records its SHA-256 hash, you create an irrefutable record of what that exact file looked like at the moment of upload. If anyone — landlord, tenant, or anyone else — alters the file later, the fingerprint no longer matches. The alteration is detected.

This is what a deposit scheme adjudicator means when they look for "verifiable" evidence.

Object Lock: Files That Cannot Be Deleted

Hashing proves a file hasn't been changed. But what about deletion and replacement? An unscrupulous landlord could theoretically delete an inconvenient photo and upload a different one.

Object Lock, a feature of cloud storage systems like AWS S3, prevents this. Files stored with Object Lock in Compliance mode literally cannot be deleted — not by the account holder, not by the storage provider, not by anyone — for the retention period set at upload.

This means a photo uploaded at the time of a check-in inspection is permanently preserved. The evidence cannot be destroyed or replaced. For a deposit scheme that's reviewing evidence two years after a tenancy ended, this matters.

EXIF Metadata: When and Where Photos Were Taken

Every photo taken on a modern smartphone contains hidden data embedded in the file: the date and time it was taken, the device model, and — if location services are enabled — the precise GPS coordinates.

This EXIF metadata is the first thing a serious adjudicator looks at. If a landlord submits a check-in photo with an EXIF timestamp from three months before the tenancy started, that raises obvious questions. If the GPS coordinates show the photo was taken 40 miles from the property, that's even more problematic.

Good evidence preservation means capturing this metadata at the time of upload and making it independently verifiable. A platform that reads the EXIF data, records it server-side, and flags inconsistencies (a photo taken before the tenancy started, a photo taken at a different location) provides an automatic credibility check.

It also makes it significantly harder to submit a photo taken later and pass it off as a check-in image.

Dual Sign-Off: Both Parties Agree to the Same Record

Tamper-proof storage deals with the integrity of the evidence. Dual sign-off deals with something different: whether both parties agreed to the same facts.

A check-in report that only the landlord has seen proves nothing about what the tenant accepted. The tenant can claim they never saw it, that conditions were different, or that they raised objections that weren't recorded.

When both landlord and tenant sign the same digital record — and that record is then locked so neither party can alter it — the tenant cannot later claim ignorance of the reported condition. They signed it. The log shows when they signed it and what version they signed.

This is not the same as a tenant signing a paper document that you then scan and upload. That process doesn't prevent the document from being altered between signing and uploading. The sign-off needs to happen on the same platform where the document is stored.

Walking Through a Real Dispute: Carpet Damage

A practical example shows why this matters.

Without tamper-proof evidence:

A tenant moves out after 18 months. There's a 30cm stain on the living room carpet. The landlord submits a check-in photo showing pristine carpet and a check-out photo showing the stain. The tenant disputes the claim, arguing that the check-in photo was taken before the carpet was damaged by the previous tenant and that the landlord simply reused it.

The adjudicator cannot verify when the check-in photo was taken. The metadata has been stripped (it was compressed and emailed). The landlord has a PDF report signed by the tenant, but the tenant argues the PDF was altered. There's no audit trail to prove otherwise.

The claim is reduced by 70%.

With tamper-proof evidence:

The same scenario, but the check-in was completed on a platform that timestamps uploads server-side, preserves EXIF data, and records SHA-256 hashes.

The landlord submits the check-in record. The adjudicator sees: the photo was uploaded on the day of the inspection (server timestamp matches EXIF metadata). The EXIF data shows it was taken at the correct address. The SHA-256 hash matches the stored fingerprint — the file hasn't been altered. The tenant's digital signature is logged with a timestamp.

There's no credible argument that the evidence was fabricated or altered. The claim is awarded in full.

What Deposit Schemes Look For

TDS, DPS, and mydeposits all publish guidance on what constitutes good evidence. The common threads:

  • Contemporaneous records: evidence created at the time of the relevant event, not reconstructed later
  • Both parties' acknowledgement: a record that both landlord and tenant have agreed to
  • Photographic evidence with timestamps: not just photos, but photos with verifiable timing
  • A clear baseline: a check-in record detailed enough to make comparison at check-out meaningful

Tamper-proof records address all four. They are definitionally contemporaneous (created at upload, locked immediately). They capture both signatures. They preserve timestamps. And their detail level is the same as any other digital check-in.

The schemes don't require any specific technology. But they do look for credibility. Evidence that demonstrably cannot have been altered is the most credible evidence you can submit.

Start Building Tamper-Proof Records

If you're currently using PDF reports or emailed photos, moving to a platform that provides cryptographic hashing, Object Lock storage, and dual sign-off isn't a major process change. The check-in workflow is the same. The difference is what you're left with at the end of it.

Fairhold provides tamper-proof check-in and check-out reports with SHA-256 hashing, server-side timestamps, and in-platform sign-off for both landlord and tenant. It's free to get started — no credit card required.