Free e-signatureE-signature — the only one that never uploads your PDF that never uploads your PDF

Sign sensitive PDFs without uploading.

Every online signing service uploads your PDF. FreeSign is the only one that doesn’t. The browser signs the file — you get back a real signed PDF anyone can verify in Adobe Reader.

For product teams: embed the same ceremony in your portal — PDF bytes stay in the browser, never on FreeSign servers.

Privacy

Never upload your fileEvery other “free” PDF tool takes a copy. FreeSign receives only a fingerprint.

Evidence

Real PAdES signatureMost free tools paste a drawn image. Adobe shows no signature at all. We produce the real thing.

Price

No account, no monthly capElsewhere “free” means a few documents a month, watermarked. Ours: unlimited — no PDFs to store, no six-figure AATL membership to pay for.

Extra proof

Blockchain-anchored timestampA public, unalterable timestamp — verifiable even if FreeSign disappears.

Sign a PDF Sign PDF Verify a signed PDF Verify PDF

Drop your PDF here

Your PDF stays in this browser. Only a short fingerprint leaves your machine.

or drop max 10 files · max 50 MB each · PDF only

Selected document

Document.pdf

Document SHA-256: Calculating...

Signature receipt

Signed in this browser

The PDF was sealed locally. The server only stored hashes, certificates, and audit evidence — no PDF content.

Your signed PDF is sealed with a per-signer certificate issued under the Free Sign CA. The signing evidence is embedded inside the signature itself — one file, nothing extra to keep.

Signer: —
Email: —
Signed at: —
Profile: —
Document SHA-256: —
Final PDF SHA-256: —
Receipt ID: —
Document viewed at: —
Client IP fingerprint: —
Network / geo: —
Timestamp proof —: Once the seal is built, the document's signed-region hash is committed through OpenTimestamps. Public block-header confirmation typically lands ~1–2 hours after signing — this panel updates itself while it stays open.
Audit fingerprint: Full request fingerprint (every IP header, CF colo/ASN/TLS, user-agent) is stored in the audit-chain event data — the evidence JSON embedded in the signed PDF carries the complete record.

The signing evidence (identity, OTP, consent, signed payload) is embedded inside the PDF — inside the signature itself — so there is one file to keep, nothing extra to download. Re-check it any time with the verifier.

Starts a fresh, private signing session — a new envelope and new keys. You can also drag a new PDF straight onto the drop zone above.

Why FreeSign exists

Stronger proof than paper. The privacy of paper. Free, like a pen.

For centuries, signing meant ink on paper — private by nature: the document sat on a desk, seen only by the people signing it. E-signature platforms then gave us proof paper never had — but took that privacy away, because your document now lives on a vendor’s servers. We didn’t think that trade was necessary. FreeSign was built to keep both halves.

Evidence — intact

Stronger evidence than ink — without giving up the document.

A pen signature is intimate but weak: a mark anyone can copy, with no proof of who signed it or when. Cloud platforms fixed the proof and broke the intimacy — to get the evidence, you hand your contract to a third party that stores, scans, and retains it. FreeSign refuses that trade-off. Every signer gets their own cryptographic certificate; the document is bound to the signature by its hash; the moment of signing is anchored into the Bitcoin blockchain; and anyone can verify all of it without trusting us. All of that — while the file itself never leaves your browser.

Price — honest

Free, the way signing your name has always been free.

Putting your name to a document is one of the most basic acts there is — agreement, between people. A pen has never had a paywall, and we think its digital equivalent shouldn’t either: no account, no per-seat subscription, no “three documents a month” meter. The core act of signing a document, with real evidence — that, we offer today. Always free.

Legally valid in the US and EU

Legally valid for the contracts you actually sign.

FreeSign signatures count as electronic signatures under US and EU law for the vast majority of business and personal contracts — employment, NDAs, vendor agreements, consents. For a narrow set of special cases (some real-estate deals, certain EU court filings) you'd need a notary-grade signature; FreeSign isn't one of those.

United States

Counts as a valid e-signature

Your signed PDF carries everything US courts look for: you agreed in writing, you confirmed your email, your name is in the certificate, the document is bound to the signature, and you keep the signed file and a separate evidence record.

European Union

Advanced electronic signature

FreeSign is built to the EU's advanced e-signature evidence model. Anything that doesn't require a notary-grade signature is in scope.

How the keys are kept safe

Our signing key lives in a tamper-resistant chip

The private key we use to vouch for your certificate sits inside a bank-grade hardware security module at Google Cloud. It cannot be exported and never touches PDF content.

Not a DocuSign clone

FreeSign vs DocuSign — pick the right tool

DocuSign and Adobe Sign upload your PDF, store it in their cloud, and route it for you. FreeSign refuses to see the document at all. Both models are valid — for different documents.

Use FreeSign when…

The document is confidential (NDA, term sheet, M&A, board minutes, IP, medical records).
You don't want a third party storing or scanning the PDF.
You need proof that survives vendor shutdown — OpenTimestamps-backed, verifiable in openssl + Adobe Reader.
You sign in your own browser, or embed the ceremony in your portal and drive as many signings as your app needs.

Use DocuSign / Adobe Sign when…

You want their hosted envelopes: routing, reminders, templates, and status dashboards in their cloud.
You want turnkey Salesforce / HubSpot / SAP apps from their marketplace, not wiring REST/MCP/embed yourself.
The counterparty already uses that platform and refuses to switch.
You need a hosted document vault or procurement-mandated AATL vendor (FreeSign has no user accounts — with embed, SSO is yours).

See the full side-by-side comparison →

For products & institutions

Drop signing into your own site or pipeline

Individuals can sign here in the browser. Teams building a bank portal, insurer workflow, HR onboarding, or legal-tech product can mount the same ceremony inside their UI — still with zero document upload to FreeSign.

B2B & regulated flows

Customer-facing: loan packs, policy documents, KYC consents — signer stays on your domain; the contract PDF never transits FreeSign infrastructure.
Employee / partner: HR offers, NDAs, board packs inside an intranet or SaaS step — one iframe, your branding around it.
Ops & compliance: same PAdES-B-T output and audit trail as the public site; verifiable with Adobe, openssl, and OpenTimestamps without trusting our uptime.

B2C on your property

Membership sites, marketplaces, or vertical apps that need a “sign here” step without becoming a DocuSign customer.
Load /freesign-embed.js, pass the PDF from your page, receive the signed PDF in a callback — postMessage protocol v1.
Agents and batch jobs: hash locally, drive envelopes via REST or MCP; hand OTP/consent to a browser when needed (automation guide).

Embed signing integration guide →

Honest limits

Built for verification, not for blind trust

The free-sign.com service is new — the company behind it is not. It is built by an established Polish software company, working since 2013, with a team experienced in cryptography and digital-trust tooling. FreeSign is a focused signing primitive you can use directly or embed in your product — not a hosted vault, routing platform, or enterprise SSO suite. We state the limits up front so you can decide before you drop a PDF.

Check the signature yourself

The signed PDF is standard PAdES-B-T — verify in /verify, Adobe Reader, openssl, or pyHanko without an account.
Our CA cert is published at /.well-known/free-sign-signing-ca.pem; signing time is also anchored by DigiCert RFC 3161 and OpenTimestamps (public block headers).
Your browser re-verifies the sealed PDF before we show the receipt — if CMS or chain checks fail, the ceremony aborts.

What we don’t claim

Not QES — no qualified signature; see FAQ → eIDAS tiers.
Not AATL — Adobe may show yellow until you trust our CA locally or we ship an AATL OV CA (why that’s UX, not integrity).
Service closed-source — verifier open-source. No third-party SOC/ISO audit yet, but the code that checks a signature is public: github.com/free-sign/verifier (MIT). Operator since 2013 — see the imprint; security.txt.

Full trust & verification page: Should I trust FreeSign? · AI agents: llms.txt · human deep-dive: FAQ

How it works

You drop a PDF, type your name and email, agree to sign, and confirm a 6-digit code we e-mail you. Your browser does the signing on your device; we e-mail nothing back — you just download the signed PDF.

What we store

No PDF content, ever. We keep your e-mail (scrambled), your typed name, your consent, a fingerprint of the document, the signature, and a tamper-evident log of the signing event. That's the same audit trail every e-signature service keeps — minus the PDF itself, which we cannot read.

The optional AI document summary follows the same rule — the model runs in your browser via WebGPU, and the document text is never sent to a cloud LLM.

Verify later

Drop the signed PDF into the verifier to re-check it any time. Or hand the PDF and evidence file to anyone — they can verify it themselves with free public tools, no FreeSign account needed. See how →

Technical details for advanced users

Cryptographic shape

Your browser hashes the PDF locally and posts only the SHA-256 — the bytes never leave your machine. The output is a standard PAdES-B-T signed PDF with a CMS PKCS#7 signature (RFC 5652) under a per-user X.509 leaf certificate, plus an RFC 3161 trusted timestamp embedded in the same CMS. Every signature also carries an independent OpenTimestamps proof that upgrades to a Bitcoin block-header attestation once the public calendar batch confirms.

The signing evidence — signer identity, the OTP or passkey assertion, consent, and the browser-signed payload — is embedded inside the signature's CMS as an unsignedAttribute under FreeSign's IANA enterprise number, so a multi-signer PDF carries every signer's evidence in their own revision and there is nothing extra to download. Its format is the evidence JSON schema (v1 for OTP signers, v2 for passkey signers). On free-sign.com we also append a PAdES-B-LT long-term-validation revision: the FreeSign CA certificate and its published revocation list (CRL at /.well-known/free-sign-signing-ca.crl) are embedded in the PDF’s /DSS, so openssl, pyHanko, and Adobe can still check the chain years later — even after the per-ceremony leaf certificate expires. The RFC 3161 timestamp and OpenTimestamps proof already prove when you signed; B-LT adds the revocation material validators expect for offline long-term checks.

Verification — no FreeSign account, no API key

Adobe Reader, openssl cms -verify, and pyHanko sign validate all parse and verify the file without ever calling free-sign.com. The OpenTimestamps proof verifies with the official ots CLI against public block headers — no FreeSign trust anchor needed. Walk-through guide: Verify a signed PDF with openssl.

Prefer a browser? The FreeSign /verify page runs the same checks — CMS signature, certificate chain, RFC 3161 timestamp, OpenTimestamps anchor, and the embedded evidence record — entirely client-side, with no upload. FreeSign runs that same verifier on the freshly sealed PDF before it shows you the receipt, so every download has already passed verification once, on your own machine.

United States — ESIGN & UETA

FreeSign produces an electronic-signature evidence package designed to support the ESIGN Act (15 U.S.C. §7001) and UETA requirements: intent (typed consent), attribution (OTP-verified email + typed legal name in the leaf cert), association with the record (document SHA-256 bound into the canonical signed payload), and retention (one signed PDF with the evidence JSON embedded inside it, plus an independent timestamp proof embedded when the OpenTimestamps calendar answered inline and always available through the receipt proof URL).

European Union — eIDAS Article 26

FreeSign is designed around the eIDAS Article 26 evidence model under Regulation (EU) No 910/2014 for advanced electronic signatures (AES): signer attribution, intent, browser-held ceremony evidence (non-extractable ECDSA session key in IndexedDB), and tamper detection through CMS message-digest binding plus an independent OpenTimestamps proof. FreeSign is not a Qualified Electronic Signature (QES); QES/QTSP support is a separate roadmap item.

HSM-anchored cryptography

The FreeSign Signing CA private key lives in Google Cloud KMS HSM (FIPS 140-2 Level 3). The CA uses RSA-2048; per-ceremony leaf certs and browser session keys use ECDSA P-256. The HSM signs only each leaf certificate's TBSCertificate digest — it never sees the PDF bytes, the signature, or any signer PII. Each signing ceremony mints a fresh leaf cert under that CA; the ephemeral signing key is destroyed at the end of the ceremony.

What we store server-side

Document SHA-256, envelope-scoped email HMAC, consent payload, signed canonical payload, public JWK, RFC 3161 + OpenTimestamps tokens, hash-chained audit log. No PDF content, ever — the seal is built from a 32-byte ByteRange digest the browser computes locally.

Detailed legal framing — how FreeSign maps to ESIGN, UETA, and each eIDAS tier (SES / AES / QES) — lives in the FAQ.

Also from us — more productivity tools, all with a free tier, all AI-ready:

plugand.aiSlack AI bot for the whole team. No per-seat fees.
plai.chatPrivate AI chat, every model. No subscription.
cnvs.appReal-time collaborative whiteboard. No signup. Instant share.
maxcv.aiCV tailored to each job. AI that beats the AI screeners.
mcpfinder.devAn MCP that finds MCPs. Open-source discovery for agents.