Content Storage
Advisory: where and how terms are stored affects trust, availability, and verifiability.
This section is advisory. The LCP standard does not mandate a storage approach.
The legal-context.json file points to the terms. Where and how those terms are stored affects trust, availability, and verifiability. The choice depends on the level of trust required and the nature of the terms.
The vendor does not need to guarantee long-term availability of the document at the URL. The document only needs to be downloadable when the agent transacts. After that, the proof lives with the parties — the document in their possession and the hash in the receipt.
Vendor-Hosted
The terms live on the vendor's own web server — a URL like https://example.com/terms/v3.pdf. The vendor controls the content and can update it at any time. This is how terms work today.
Suitable for Level 1. The weakness: the vendor can change the document and no one can prove what it said before.
Content-Addressed Storage
The document is stored at an address derived from its content (e.g., IPFS, Arweave). The address IS the hash. If the content changes, the address changes.
Suitable for Level 2+ — the storage itself provides the integrity guarantee.
- IPFS requires pinning for availability. Unpinned content may become unavailable.
- Arweave provides permanence at a cost. The document is stored permanently on the network.
Third-Party Archival
A neutral third party stores a snapshot of the terms — the exact bytes at a point in time. The snapshot can be hashed and verified.
Suitable for Levels 2-4. The trust model shifts to the archival provider.
On-Chain Storage
The full document stored on-chain (calldata or blob). Permanent and immutable but expensive. Practical only for short documents or high-value agreements.
Encrypted Storage
For persistent private terms (Level 4). The document is encrypted before storage. See Private and Custom Terms for the hash-then-encrypt recommendation: hash the plaintext, then encrypt. The contentHash identifies the content, not the encrypted artifact.
Summary
| Approach | Best For | Integrity | Availability | Cost |
|---|---|---|---|---|
| Vendor-hosted | Level 1 | Vendor-controlled | Vendor-dependent | Minimal |
| Content-addressed (IPFS) | Level 2+ | Content-derived | Requires pinning | Low |
| Content-addressed (Arweave) | Level 2+ | Content-derived | Permanent | Moderate |
| Third-party archival | Levels 2-4 | Third-party verified | Provider-dependent | Varies |
| On-chain | Any level (high-value) | Immutable | Permanent | High |
| Encrypted | Level 4 | Hash of plaintext | Provider-dependent | Varies |