Filed under: evidence that outlives its lawsuit
Sign in, drop a PDF, and the work happens inside your portal. Seal for hybrid PQ signatures anyone can verify. Vault for hybrid PQ encryption only your named recipients can open. We never store the original document.
FIPS 204 · NIST PQC
Adobe Reader · valid signature
The problem
DocuSign and Adobe Sign prove a person agreed. They don't prove the bytes survived intact, that the timestamp is authoritative, that the signature still verifies after the underlying algorithm breaks, or that an opposing counsel can open a privileged document only after they prove who they are. PQC Shield is the integrity and confidentiality layer those tools don't cover.
2017
Documents signed with SHA-1 lose meaningful integrity guarantees. Anyone can forge a matching hash.
2024
The standardized post-quantum signature algorithm. Enterprises with 20+ year retention obligations now have a target.
2030–2035
Once a cryptographically relevant quantum computer exists, every document signed with classical-only crypto becomes contestable.
2045
If its signature was classical-only, the chain of custody is now a defense exhibit. If it was hybrid, it still verifies.
How it works
Two products, one workspace. Seal for court-defensible signatures (anyone can verify). Vault for encrypted documents that only the people you name can read. We retain hashes and audit metadata, never the original bytes.
Programmatic API access (POST /v1/seal, /v1/vault) ships from the Pro plan upward. The portal is the default surface — no API key required to seal or verify.
Sign in
Drop your work email, click the link, and you land in your tenant's portal. First sign-in provisions a workspace on the Free plan. NextAuth + email-based one-time links — no shared credentials, no SMS, no SSO setup.
POST /api/auth/signin/nodemailer → magic link delivered GET /api/auth/callback/...?token=… ↳ creates user + tenant + role ↳ session JWT (HS256) ↳ redirect /app/dashboardSeal · in your portal
Drag a PDF onto the dashboard. We embed a hybrid PAdES signature — ECDSA P-256 + ML-DSA-65 — and chain an RFC 3161 timestamp from a qualified TSA. You download the sealed PDF plus a Certificate of Sealing. We retain only hashes and audit metadata.
SignedAttributes { contentType, messageDigest, signingTime, signingCertificateV2}Signatures { ecdsa-p256-sha256 // classical ml-dsa-65 // FIPS 204}TSA: RFC 3161 token (qualified)Vault · share confidentially
Use Vault when the document content is sensitive. We encrypt with AES-256-GCM and wrap the data key per recipient using a hybrid X25519 + ML-KEM-768 KEM. Recipients prove identity with an email OTP and decrypt in-browser. Every open is logged.
DEK = AES-256 randomciphertext = AES-256-GCM(DEK, pdf) For each recipient: shared = X25519_DH(eph_sk, rcpt_pk) (kem_ct, kem_ss) = MLKEM768.Encaps(rcpt_pk) KEK = HKDF(shared || kem_ss) wrappedDEK = AES-256-KW(KEK, DEK)Verify · public, free
Send the sealed PDF to opposing counsel, an auditor, or a future judge. They drop it into our public verifier — we re-derive the digest, validate ECDSA + ML-DSA, and confirm the RFC 3161 timestamp. Free, on every plan, forever.
{ "valid": true, "ecdsa": "ok", "mlDsa": "ok", "tsa": "FreeTSA · 2026-04-28T03:50Z", "sealId": "01HX9F…", "tenantHash": "bc8a…3f"}Built for
Title & escrow · Seal
Real estate closings already require notarization. Seal the PDF of the closing package in your portal and the chain of custody is no longer a deposition exercise — it is a 60-second public verifier check.
Anyone verifies · free, no account
Legal counsel · Vault
Encrypt the deposition, expert report, or settlement draft for one or more named recipients. They prove identity with an email OTP, decrypt in-browser, and every open is logged in your audit trail. The bytes never leave your tenant un-encrypted.
Hybrid X25519 + ML-KEM-768
Long-retention contracts · Seal
Insurance, energy, infrastructure. The signature has to outlive the analyst who wrote it. Hybrid PQ keeps the seal defensible the day a cryptographically relevant quantum computer is announced.
Re-seal · scheduled rotation
Why it holds up
None of this is research code. The algorithms are NIST-standardized, the formats are ISO-published, and the timestamp authorities are the same ones the EU's eIDAS regime relies on.
Seal uses ECDSA P-256 + ML-DSA-65; Vault uses X25519 + ML-KEM-768 + AES-256-GCM. We pair classical with post-quantum on every operation so a break in either family alone never compromises the document.
PAdES on the PDF side, RFC 3161 on the timestamp side, FIPS 204 ML-DSA, FIPS 203 ML-KEM. Same algorithms NIST and the EU eIDAS regime are standardizing on. No proprietary envelope.
We never persist the original sealed PDF. Audit records contain the hash, signature bytes, TSA token, and certificate URL. Your customers' documents stay on their disks.
Vault envelopes live in S3 encrypted with AES-256-GCM under a per-document data key, wrapped per recipient with a hybrid KEM. Recipient private keys are KMS-wrapped; Enterprise can BYOK to its own HSM.
Sealed PDFs can be verified by anyone without a PQC Shield account. Vault open events are logged back to the sender's audit trail in real time.
Per-tenant key material in Postgres. Magic-link sign-in provisions a workspace; queries refuse to execute without a resolved tenant. No cross-tenant leakage by construction.
Pricing
Free
$0/ mo
Kick the tires. Seal real evidence.
Starter
$49/ mo
Solo lawyers, small title shops.
Pro
$299/ mo
Title companies, mid-size firms.
Enterprise
Custom
ALTA partners, insurers, gov.
Questions we get a lot
Start sealing
No credit card. Free tier covers 10 Seal + 5 Vault sends a month using the same hybrid post-quantum algorithms our Pro plan uses. The public verifier is free for everyone, forever — no account required.
