Every signature on SignForge is backed by 256-bit encryption, open-standards verification with a public transparency log, and an immutable audit trail — hosted on ISO 27001 certified EU infrastructure.
Six layers of security protect every document from upload to verification.
TLS 1.3 protects every connection. Documents are encrypted at rest with 256-bit AES. No unencrypted data leaves your browser.
Every signed document gets a W3C Verifiable Credential receipt, embedded public keys for offline verification, and a record in a public Merkle transparency log.
Append-only event log — no user or system process can modify or delete audit events. Every action recorded with IP, user-agent, and exact timestamp.
Signing links use cryptographically random tokens. Only hashes are stored in the database — raw tokens exist only in the link sent to the signer.
Short-lived access tokens with refresh rotation. Secure password hashing. CAPTCHA protection. Rate limiting on all endpoints.
Amanda AI requires your explicit confirmation before sending, voiding, or deleting any document. Destructive actions use time-limited approval cards — AI never acts without your consent.
Every signed PDF gets portable, verifiable proof embedded in the document itself — built on open standards, not locked to any vendor.
An open-standard signing receipt (W3C VC 2.0) with a cryptographic DataIntegrityProof — who signed, when, and the document hash. Verifiable by any tool that supports the standard.
Every signature is recorded in a public, append-only Merkle transparency log with Signed Tree Heads. Anyone can browse and audit it — no authentication required.
Public keys are embedded in the PDF alongside the credential. Verify a document without contacting SignForge — the proof travels with the document, not in our database.
Survives vendor shutdown
Proof is in the document, not our servers
EU Digital Identity Wallet aligned
Built on the same W3C VC standard
Tamper detection
SHA-256 hash comparison catches any modification
QR code on every PDF
Scan to verify from a printed or on-screen document
Public verification page
Upload any signed PDF at signforge.io/verify
Transparency log API
Query document status programmatically, no auth required
Scan QR code
On the last page of every signed PDF
Upload PDF
At signforge.io/verify
Enter verification code
Use the code from the signed document
Transparency log
Browse at signforge.io/transparency
SignForge captures intent, consent, identity, and document integrity — the universal requirements for legally enforceable electronic signatures.
Hosted on Hetzner in Nuremberg, Germany. Enterprise-grade physical and logical security.
Valid through 2028
International standard for information security management. Covers risk assessment, access control, incident management, and continuous improvement.
German Federal Standard
Cloud Computing Compliance Criteria Catalogue from Germany's Federal Office for Information Security. Type 2 verifies operational effectiveness over time.
Nuremberg, Germany
All data stored in Hetzner's Nuremberg data center. No cross-border transfers. GDPR-friendly by default — your data never leaves the European Union.
Enterprise-grade facility
Biometric access control, 24/7 video surveillance, redundant power systems, and multi-layer perimeter security at the data center facility.
Our infrastructure provider, Hetzner Online GmbH, holds ISO 27001:2022 and BSI C5 Type 2 certifications. SignForge inherits these physical and operational security controls as a hosted customer.
We collect the minimum data necessary and give you full control over your information.
All data stored in Germany. No cross-border transfers.
Privacy-first analytics. No third-party data sharing.
Only the essentials — email, name, and signing metadata.
Delete your account and documents at any time.
Four steps create an unbreakable chain of evidence — from upload to verification.
PDF uploaded over TLS. SHA-256 hash computed and stored as the original document fingerprint.
Signer fills fields and applies signature. New SHA-256 hash computed for the signed version.
W3C Verifiable Credential receipt and public keys embedded in the PDF. Document recorded in the public transparency log.
Anyone can verify — scan the QR code, upload the PDF, or check the transparency log. Proof travels with the document.
Verification records are permanent — they survive even if documents are deleted.
Deep-dive into specific laws, security features, and compliance standards.
256-bit encryption. Open-standards verification. Public transparency log. Immutable audit trail. ISO 27001 infrastructure. Free to start.
Get started freeNo credit card required.