Skip to content
PQC Shield
Open workspace

Filed under: evidence that outlives its lawsuit

Documents that outlive the lawsuit.

Sign in, drop a PDF, and the work happens inside your portal. Four products on one hybrid post-quantum core: Seal proves integrity, Vault sends to named recipients, Sign runs multi-party signature workflows, and My Vault is your workspace-shared encrypted store. We never retain the original document plaintext.

Create free workspaceSee how it works
ECDSA + ML-DSA-65
Seal · Sign signature
X25519 + ML-KEM-768
Vault · My Vault encryption
0 bytes
Original PDF storage
public · free
Verifier
tsa.live · monitor
SHA-256 · 0xa3f2…b1c4
PQC Shield
ecdsa: okml-dsa-65: oktsa: 03:50z

FIPS 204 · NIST PQC

Adobe Reader · valid signature

The problem

E-signatures verify today.
Evidence has to verify decades from now.

DocuSign and Adobe Sign prove a person agreed. They don't prove the bytes survived intact, that the timestamp is authoritative, that the signature still verifies after the underlying algorithm breaks, or that an opposing counsel can open a privileged document only after they prove who they are. PQC Shield is the integrity and confidentiality layer those tools don't cover.

  1. 2017

    SHA-1 collisions become practical.

    Documents signed with SHA-1 lose meaningful integrity guarantees. Anyone can forge a matching hash.

  2. 2024

    NIST publishes FIPS 204 (ML-DSA).

    The standardized post-quantum signature algorithm. Enterprises with 20+ year retention obligations now have a target.

  3. 2030–2035

    RSA-2048 and ECDSA P-256 enter the danger zone.

    Once a cryptographically relevant quantum computer exists, every document signed with classical-only crypto becomes contestable.

  4. 2045

    Your closing package is in court.

    If its signature was classical-only, the chain of custody is now a defense exhibit. If it was hybrid, it still verifies.

How it works

Sign in. Seal, Vault, Sign, or store. Anyone verifies.

Four products, one workspace, one hybrid post-quantum core. Seal for court-defensible signatures anyone can verify. Vault for encrypted documents only the recipients you name can read. Sign for multi-party PAdES signature workflows with a final workspace PQC seal. My Vault for workspace-shared encrypted storage of any file. We retain hashes and audit metadata, never the original plaintext.

Programmatic API access (POST /v1/seal, /v1/vault, /v1/sign/...) ships from the Pro plan upward. The portal is the default surface — no API key required to seal, send, sign, or verify.

Sign in

Password plus mandatory 2FA. Every time.

Create a workspace at /sign-up (T&C + Privacy captured) or sign in at /sign-in with your password. Every sign-in then requires a second factor: your authenticator app if enrolled, otherwise a 6-digit code emailed to you. Edge-layer CAPTCHA on the sign-up route. Encrypted session token, no SMS, no SSO needed.

auth · flow
POST /sign-in (credentials)  ↳ memory-hard password verify  ↳ returns MFA_REQUIRED POST /sign-in (second factor)  ↳ TOTP RFC 6238 verify  (or)  ↳ email-OTP 6-digit verify  ↳ encrypted session token  ↳ redirect /app/dashboard

Seal · in your portal

Seal a PDF without leaving the dashboard.

Drag a PDF onto the dashboard. We embed a hybrid PAdES signature — ECDSA P-256 + ML-DSA-65 — and chain an RFC 3161 timestamp from a qualified TSA. You download the sealed PDF plus a Certificate of Sealing. We retain only hashes and audit metadata.

asn.1 · CMS
SignedAttributes {  contentType, messageDigest,  signingTime, signingCertificateV2}Signatures {  ecdsa-p256-sha256        // classical  ml-dsa-65                // FIPS 204}TSA: RFC 3161 token (qualified)

Vault · share confidentially

Encrypt for one or more recipients.

Use Vault when the document content is sensitive. We encrypt with AES-256-GCM and wrap the data key per recipient using a hybrid X25519 + ML-KEM-768 KEM. Recipients prove identity with an email OTP and decrypt in-browser. Every open is logged.

crypto · per envelope
DEK = AES-256 randomciphertext = AES-256-GCM(DEK, pdf) For each recipient:  shared = X25519_DH(eph_sk, rcpt_pk)  (kem_ct, kem_ss) = MLKEM768.Encaps(rcpt_pk)  KEK = HKDF(shared || kem_ss)  wrappedDEK = AES-256-KW(KEK, DEK)

Sign · multi-party workflow

Hybrid PAdES B-LT plus a final PQC seal.

Add signers by email, set the order (sequential or parallel), and we drive the rest. Each signer authenticates with email + OTP and lands a hybrid ECDSA + ML-DSA PAdES B-LT signature. When the last signer finishes, we add the workspace PQC seal on top and emit the final PDF — one document, N signatures, court-defensible.

workflow · per signer
Per signer (i of N):  authenticate(email, OTP)  pades_sig = ECDSA + ML-DSA over byteRange  embed_signature(pdf, pades_sig)  audit(signer_i, ip, ua, signed_at) After last signer:  upgrade_to_BLT(dss + crl)  workspace_seal = PQC seal  emit final_pdf

My Vault · workspace storage

Encrypted file store for your tenant.

Store any file (not just PDFs) up to 100 MB under the same hybrid X25519 + ML-KEM-768 + AES-256-GCM envelope as Vault — but bound to the workspace itself rather than to external recipients. Optional zero-knowledge passphrase layer on sensitive items. Open from any device after sign-in; no second factor needed for retrieval.

envelope · per item
tenant_dek = AES-256 randomciphertext = AES-256-GCM(tenant_dek, file) shared = X25519_DH(eph_sk, tenant_pk)(kem_ct, kem_ss) = MLKEM768.Encaps(tenant_pk)KEK = HKDF(shared || kem_ss)wrapped_dek = AES-256-KW(KEK, tenant_dek)

Verify · public, free

Anyone can verify. No account required.

Send the sealed PDF to opposing counsel, an auditor, or a future judge. They drop it into our public verifier — we re-derive the digest, validate ECDSA + ML-DSA, and confirm the RFC 3161 timestamp. Free, on every plan, forever.

json · response
{  "valid": true,  "ecdsa": "ok",  "mlDsa": "ok",  "tsa":   "qualified TSA · 2026-04-28T03:50Z",  "sealId":     "01HX9F…",  "tenantHash": "bc8a…3f"}

Built for

The documents your grandchildren will need.

Title & escrow · Seal

Closing packages that survive 30-year title chains.

Real estate closings already require notarization. Seal the PDF of the closing package in your portal and the chain of custody is no longer a deposition exercise — it is a 60-second public verifier check.

Anyone verifies · free, no account

Legal counsel · Vault

Send privileged documents to opposing counsel.

Encrypt the deposition, expert report, or settlement draft for one or more named recipients. They prove identity with an email OTP, decrypt in-browser, and every open is logged in your audit trail. The bytes never leave your tenant un-encrypted.

Hybrid X25519 + ML-KEM-768

Multi-party agreements · Sign

MSAs, NDAs, and contracts with several signers.

Upload the PDF, add each signer's email, set sequential or parallel order, and we drive the rest. Every signer applies a hybrid PAdES B-LT signature; the last signer triggers a final workspace PQC seal on top. One PDF, N signatures, court-defensible offline at year 10.

PAdES B-LT + workspace PQC seal

Internal evidence · My Vault

Workspace-shared encrypted document store.

HR files, expense receipts, board minutes, lab notebooks, anything sensitive the team needs to retrieve later. Encrypted with the same hybrid envelope as Vault but bound to the workspace itself. Optional zero-knowledge passphrase on the most sensitive items. Up to 100 MB per file.

Hybrid envelope · tenant-bound

Long-retention contracts · Seal

Master agreements with 20-year terms.

Insurance, energy, infrastructure. The signature has to outlive the analyst who wrote it. Hybrid PQ keeps the seal defensible the day a cryptographically relevant quantum computer is announced.

Re-seal · scheduled rotation

M&A deal rooms · Sign + Vault

LOIs, term sheets, and NDAs for the same deal.

Mix workflows in a single tenant: encrypt the data room PDFs for named counsel via Vault, run multi-party Sign workflows for the executable agreements, and store the executed copies in My Vault for the post-close diligence window. One workspace, one audit trail.

Multi-product · tenant-scoped audit

Why it holds up

We picked the boring, defensible primitives.

None of this is research code. The algorithms are NIST-standardized, the formats are ISO-published, and the timestamp authorities are the same ones the EU's eIDAS regime relies on.

  • Hybrid by default

    Seal and Sign use ECDSA P-256 + ML-DSA-65; Vault and My Vault use X25519 + ML-KEM-768 + AES-256-GCM. We pair classical with post-quantum on every operation so a break in either family alone never compromises the document.

  • Standards, not novelty

    PAdES B-LT on the PDF side, RFC 3161 on the timestamp side, FIPS 204 ML-DSA, FIPS 203 ML-KEM. Same algorithms NIST and the EU eIDAS regime are standardizing on. No proprietary envelope.

  • Hashes only — Seal & Sign

    We never persist the original input PDF. Audit records contain the hash, signature bytes, TSA token, and certificate URL. For multi-party Sign workflows the same applies to every intermediate state; only the final sealed PDF is retained for sender retrieval.

  • Encrypted at rest — Vault

    Vault envelopes are stored as AES-256-GCM ciphertext under a per-document data key, wrapped per recipient with a hybrid KEM. Recipient private keys are envelope-encrypted behind a tenant-scoped hardware-backed key alias; Enterprise can BYOK to its own key-management infrastructure.

  • Public verifier, free

    Sealed PDFs can be verified by anyone without a PQC Shield account. Vault open events are logged back to the sender's audit trail in real time.

  • Tenant-isolated

    Per-tenant key material under strict isolation. Sign-in requires password + mandatory second factor and provisions a workspace; data-access queries refuse to execute without a resolved tenant. No cross-tenant leakage by construction.

Pricing

Four products, metered separately. Verifier is free.

Full pricing details →

Free

$0/ mo

Kick the tires. Seal real evidence.

  • 10 Seal · 5 Vault · 3 Sign / month
  • 500 MB My Vault storage
  • Hybrid ECDSA + ML-DSA + ML-KEM
  • Public verifier access
  • Certificate of Sealing PDF
Start free

Starter

$49/ mo

Solo lawyers, small title shops.

  • 100 Seal · 50 Vault · 25 Sign / month
  • 5 GB My Vault storage
  • Up to 5 team members
  • Email support · 2 business days
  • 12-month audit log retention
Choose Starter

Pro

$299/ mo

Title companies, mid-size firms.

  • 1,000 Seal · 500 Vault · 250 Sign / month
  • 50 GB My Vault storage
  • REST API + API key management
  • Indefinite audit log retention
  • Priority support · same-day
Choose Pro

Enterprise

Custom

Title insurers, multi-party deal rooms, regulated industries.

  • Custom Seal · Vault · Sign volumes + storage
  • BYOK · bring your own key-management infrastructure
  • Unlimited API rate · dedicated TSA
  • SAML SSO · BAA · compliance attestations
  • Dedicated solutions engineer
Talk to sales

Questions we get a lot

The honest answers.

Start sealing

Your free workspace is one sign-up away.

No credit card. Free tier covers 10 Seal + 5 Vault + 3 Sign workflows per month plus 500 MB of My Vault storage — same hybrid post-quantum algorithms our Pro plan uses. The public verifier is free for everyone, forever — no account required.

Create free workspaceVerify a sealed PDF