Is FreeSign really a free e-signature (electronic signature)?

Yes. FreeSign is free for everyone - no account, no monthly limit, no per-document fee. There is no paid plan. The model is possible because we never store the PDF, so we do not pay for document storage, and we run on Cloudflare Workers. It is a full electronic signature compatible with eIDAS evidence models, not a simplified graphic stamp.

Is a FreeSign signature legally valid in the United States and the European Union?

Yes, for most business and personal contracts. In the United States, ESIGN (15 U.S.C. §7001) and UETA provide that a signature, contract, or record may not be denied legal effect solely because it is electronic or because an electronic signature was used. FreeSign captures signer intent, verified email, consent, document hash, and a reproducible signed PDF. In the European Union, FreeSign is built to the Advanced Electronic Signature (AES) evidence model in Article 26 of eIDAS. FreeSign is not a Qualified Electronic Signature (QES), which is required only for a narrow set of EU acts.

How is it possible to sign a PDF without uploading it anywhere?

The browser computes the file's SHA-256 hash locally using WebCrypto. Only the 32-byte hash reaches FreeSign - the PDF bytes never leave your device. The server witnesses signing intent (typed name, email verified by one-time OTP code, consent), issues a one-time X.509 certificate from an HSM-backed CA (Google Cloud KMS), and returns a CMS PKCS#7 seal. The browser appends the seal to the PDF as an incremental update. The result is a standard PAdES-B-T file that Adobe Reader, openssl, and pyHanko can verify without contacting FreeSign.

What contracts can I use the free electronic signature for?

For most of them - NDAs, employment contracts, contractor and service agreements, vendor contracts (MSA, SOW), GDPR and medical consents, declarations, board resolutions, term sheets, lease agreements. Do not use FreeSign where the law requires a Qualified Electronic Signature (QES) or notarial form, for example some company-register acts and notarial acts involving real estate.

Do I need to create an account?

No. There is no registration and no account. You drop a PDF, provide your name and email, confirm a one-time code (OTP), and download the signed file. The email address is bound to the signing evidence, so the signature is attributable to a specific person, but there is no password or profile to remember.

Why does Adobe Reader show a yellow warning on my signature?

Adobe colors signatures according to the Adobe Approved Trust List (AATL), a program for trusted certificate authorities and other approved providers. The FreeSign CA is not currently on AATL, so Adobe shows the yellow message "At least one signature has problems". This is information about list membership, not about document integrity. Adobe Reader's signature panel still confirms that the document has not been modified, shows the signer name, and shows the signing time. You can add the FreeSign CA to Adobe's local trusted list once; instructions are at /guides/trust-freesign-in-adobe.

How can the other party verify my signature?

Without contacting FreeSign. The file is a standard PAdES-B-T document - everything needed for verification is inside the file. Adobe Reader, openssl cms -verify, pyHanko sign validate, and our browser verifier at /verify check the signature locally. Each FreeSign signature also contains an RFC 3161 timestamp from DigiCert and an OpenTimestamps proof anchored in the Bitcoin blockchain - independent time evidence that works even if FreeSign no longer exists.

How is FreeSign different from DocuSign and Adobe Sign?

DocuSign and Adobe Acrobat Sign upload your PDF to their cloud because that is how their workflow works. FreeSign produces the same standard PAdES signature, but it never sees the document content: hashing happens in your browser. DocuSign and Adobe Sign are paid products with plan-specific envelope or transaction limits; Adobe Sign is bundled with Acrobat plans. FreeSign is free with no limits. Full comparisons: /compare/docusign and /compare/adobe-sign.

Private and secure e-signature · NO SERVER UPLOAD

Private and secure electronic signature in your browser. No PDF upload, no account.

FreeSign is a private, secure, and free electronic signature — an e-signature you create entirely in your browser. Your PDF file is never sent to our servers — the whole signing operation happens locally on your device. Drop a file, type your name, verify your email with a one-time code, and download the finished signed PDF. The document keeps evidentiary value, and the signature can be checked in Adobe Reader and other popular PDF tools. No account. No limits. Nothing to install.

Sign a PDF now →

English summary of FreeSign

What is a private electronic signature (e-signature)?

An electronic signature (short: e-signature, also called a digital signature) is the electronic equivalent of a handwritten signature: it attributes a document to a specific person and confirms that the person agreed to sign it. In the European Union, the legal framework is set by eIDAS (Regulation (EU) No 910/2014): an electronic signature may not be denied legal effect or admissibility as evidence solely because it is electronic or because it is not qualified. In the US, ESIGN (15 U.S.C. §7001) and UETA perform a similar role.

A private e-signature means your document never goes into the provider's cloud. Practically all popular services — DocuSign, Adobe Acrobat Sign, HelloSign, SignNow — take your PDF onto their servers, store it, and distribute it. FreeSign is the only service that creates a real electronic signature while never seeing the content of your document. Your browser generates a short one-time fingerprint of the file — and that is all we receive. The PDF itself stays on your computer.

How does the FreeSign e-signature work in the browser?

The entire signing ceremony happens on your side. Here are the six simple steps:

You drop a PDF. Your browser creates a short, unambiguous fingerprint of the file and sends only that — not the file itself. The PDF itself never leaves your device.
You type your name and email address. A signature envelope is created, binding your details to the document fingerprint and to your consent to sign.
You confirm your email address with a one-time code. A six-digit code arrives in your inbox. Entering it confirms that it is really you.
You sign. Your browser signs locally. At the same time, our server issues you a one-time certificate with your name and email address — bound to that specific document.
Seal and timestamp. The document receives a cryptographic signature seal, a trusted timestamp from an independent provider, and public time evidence anchored in the Bitcoin blockchain — the seal can be checked even in 10 years, regardless of whether FreeSign still exists.
You download. You receive a standard signed PDF that Adobe Reader and other popular tools recognize as correctly signed — without any need to contact FreeSign.

On later visits — passkey. After your first signature, you can save a passkey on the same device, unlocked with biometrics or the device PIN. You can then sign later documents with a fingerprint, Face ID, Touch ID, or device code — without entering an email code again. The whole ceremony drops to a few seconds and remains fully private.

Full technical description with diagrams: the architecture page. Advanced details are also at the bottom of this page.

Why "no upload" privacy matters

Because the alternative — sending a PDF to a provider — means handing a copy of every signed document to a third party. In several categories this is actively dangerous:

NDAs and confidentiality agreements are literally agreements about not disclosing content; uploading an unsigned NDA to a third party is exactly the disclosure the agreement is supposed to prevent.
M&A and investment transactions name parties and amounts long before any public announcement.
Medical, legal, and HR documentation is subject to regulations (GDPR, HIPAA, attorney/client professional secrecy) that a provider's terms may or may not honor.
Privileged communications (attorney-client, doctor-patient, journalist-source) may lose that protection the moment a third party reads them.
Personal data under GDPR — every upload of a signed document containing personal data to a provider creates a processor relationship (Article 28 GDPR) and the documentation that comes with it. FreeSign does not create that problem: we do not receive the document content, so you do not entrust us with any data from inside it.

FreeSign privacy is structural, not declarative: in our service there is technically no way to send us the file content. Full architecture diagram: architecture page.

Legal status in the United States

The federal Electronic Signatures in Global and National Commerce Act (ESIGN, 15 U.S.C. §7001) establishes the baseline rule for transactions in or affecting interstate or foreign commerce: a signature, contract, or other record may not be denied legal effect, validity, or enforceability solely because it is electronic, and a contract may not be denied effect solely because an electronic signature or electronic record was used in its formation. The Uniform Electronic Transactions Act (UETA), adopted in 49 states and the District of Columbia (New York uses its own Electronic Signatures and Records Act, NYESRA), follows the same technology-neutral model for state-law transactions.

US law does not use the EU's SES / AES / QES hierarchy. There is no "qualified electronic signature" category in the US. The practical questions are evidence questions:

Intent to sign — FreeSign records the typed name, explicit consent, and a signed canonical payload.
Attribution — FreeSign binds the signature to an OTP-verified email address and a one-time X.509 certificate naming the signer.
Record integrity — the signed PDF carries a PAdES/CMS cryptographic signature, timestamp, and independent OpenTimestamps proof so later changes are detectable.
Retention and reproduction — the result is a downloadable PDF that can be retained and reproduced for later reference by the parties.

US-specific practical note. ESIGN does not force any person to accept electronic records or signatures. Consumer transactions can require additional consent and disclosure steps. Some categories are excluded or may have special rules, including wills, codicils, testamentary trusts, some family-law matters, court orders or notices, foreclosure and eviction notices, cancellation of utility services or health/life insurance benefits, product-recall notices, and documents accompanying hazardous materials. Notarization, recording, government filing, and regulated-industry workflows can also impose their own identity, form, platform, or retention requirements.

Other major English-speaking jurisdictions use similar technology-neutral frameworks — the UK, Ireland, Canada, Australia, New Zealand, Singapore, India, and South Africa each recognise electronic signatures by statute. The country-by-country detail is in Legal status in other English-speaking countries below.

For ordinary business and private agreements — NDAs, vendor contracts, employment offers, consents, internal approvals, term sheets, and routine commercial documents — FreeSign is designed to produce the core evidence a US court or counterparty normally wants to inspect: who signed, what file they signed, when they signed, and whether the file changed afterward.

This is not legal advice. For uncertain cases, confirm the required form with a lawyer or your internal policy.

Legal status in other English-speaking countries

Outside the United States, major common-law jurisdictions generally recognise electronic signatures through technology-neutral statutes built on the same core idea: a record or signature is not denied legal effect solely because it is electronic. Many of these laws were influenced by UNCITRAL electronic-commerce work, but the statutes and exclusions differ by country. The evidence questions FreeSign answers — intent, attribution, integrity, retention — remain the practical questions a court or counterparty will inspect. The notes below summarise the governing statute and the local caveats; none of this is legal advice.

United Kingdom

Two pillars: section 7 of the Electronic Communications Act 2000 (electronic signatures are admissible in evidence as to authenticity) and UK eIDAS — Regulation (EU) No 910/2014 as retained and amended for domestic law by the Electronic Identification and Trust Services for Electronic Transactions (Amendment etc.) (EU Exit) Regulations 2019. UK eIDAS keeps the SES / AES / QES tiers; FreeSign is built to the AES model. The Law Commission's 2019 report on the electronic execution of documents confirmed that an electronic signature is capable in law of executing a document (including a deed, where all witnessing and other formalities are satisfied) provided the signatory intends to authenticate it. HM Land Registry has its own acceptance rules for electronic signatures, and statutory wills retain separate formal requirements.

Ireland

The Electronic Commerce Act 2000 (sections 9, 12, 13, 16 and 17) gives electronic signatures and electronic contracts legal effect and admissibility. EU eIDAS applies directly, so the SES / AES / QES tiers also apply — FreeSign sits at AES. Section 10 carves out the usual exceptions: wills and testamentary instruments, the law of trusts, enduring powers of attorney, most dealings in real property, affidavits and statutory or sworn declarations, and court or tribunal rules, which retain their traditional form or procedural requirements.

Canada

Federally, Part 2 of PIPEDA recognises electronic documents and defines a "secure electronic signature" for federal-law requirements that opt into the PIPEDA schedule framework. That secure-signature class is a specific regulated cryptographic process, not a label for every digitally signed PDF, so FreeSign should be treated as ordinary electronic-signature evidence unless a Canadian workflow expressly accepts it. At the provincial level, almost every province enacted a version of the Uniform Electronic Commerce Act (UECA) — for example Ontario's Electronic Commerce Act 2000 and British Columbia's Electronic Transactions Act — while Quebec uses its Act to establish a legal framework for information technology (CQLR c C-1.1). All follow functional-equivalence and consent principles. Wills, codicils, trusts created by a will, powers of attorney for personal care, and negotiable instruments are commonly excluded.

Australia

The Electronic Transactions Act 1999 (Cth), section 10, sets the signature requirements (a method that identifies the signer and indicates their intention, that is as reliable as appropriate, and to which the other party consents), mirrored by an Electronic Transactions Act in each state and territory. Exemptions are set by regulation. Recent Commonwealth reforms permit technology-neutral execution of company documents under section 110A of the Corporations Act 2001; individual deeds and witnessing rules still depend on state and territory law.

New Zealand

The electronic-transactions rules now live in Part 4 of the Contract and Commercial Law Act 2017 (which consolidated the former Electronic Transactions Act 2002). A signature requirement is met electronically where the method identifies the signer, indicates their approval, and is appropriately reliable, with the other party's consent. Schedule 5 lists matters that are excluded or subject to special rules.

Singapore

The Electronic Transactions Act 2010 implements both the UNCITRAL Model Law on Electronic Commerce and the UN Electronic Communications Convention. Ordinary electronic signatures are valid; a separately defined "secure electronic signature" attracts evidentiary presumptions. The First Schedule excludes wills; the creation, performance or enforcement of an indenture, declaration of trust or power of attorney (with exceptions for implied, constructive and resulting trusts, and lasting powers of attorney); contracts for the sale or other disposition of immovable property; and conveyances or transfers of interests in immovable property. Transferable instruments such as bills of exchange and bills of lading are now handled separately under the Act's electronic transferable records framework, so they should not be treated as a blanket First Schedule exclusion.

India

Read this one carefully — India is the exception. Under the Information Technology Act 2000 (sections 3A and 5), statutory "electronic signatures" are limited to techniques specified by the Central Government, such as Aadhaar/e-KYC based eSign and Digital Signature Certificates issued within the Controller of Certifying Authorities (CCA) framework. FreeSign issues neither, so it is not a section-5 "electronic signature" in the formal Indian sense. However, where the underlying transaction is not excluded from electronic form, a FreeSign-signed file may still be presented as an electronic record and supporting evidence under the Bharatiya Sakshya Adhiniyam 2023 (which replaced the Indian Evidence Act and carries forward the former section 65B regime). Treat FreeSign in India as supporting evidence of who signed what and when, rather than as a statutory eSign. The IT Act's First Schedule lists excluded documents and transactions, and it has been amended over time, so high-risk categories such as negotiable instruments, powers of attorney, trusts, wills, and immovable-property transactions need local-law review.

South Africa

The Electronic Communications and Transactions Act 25 of 2002 (ECTA), section 13, gives ordinary electronic signatures legal effect where the parties have not specified a particular type. Where a statute requires a signature and does not specify the type, ECTA requires an advanced electronic signature — one accredited by the South African Accreditation Authority — which FreeSign is not. Section 4 read with Schedules 1 and 2 excludes wills, agreements for the alienation of immovable property, bills of exchange, and long-term leases of immovable property in excess of 20 years. For ordinary commercial agreements that do not fall in those buckets, an ordinary electronic signature can suffice.

This is not legal advice. The exclusion lists and accreditation rules differ in detail between these countries; for a document near one of the excluded categories, confirm the required form with a local lawyer.

Legal status in the European Union (for cross-border contracts)

Article 25(1) of eIDAS says an electronic signature may not be denied legal effect or admissibility as evidence in legal proceedings solely because it is electronic or because it does not meet the requirements for qualified electronic signatures. FreeSign is built according to the Advanced Electronic Signature (AES) model in Article 26 of eIDAS (Regulation (EU) No 910/2014). eIDAS distinguishes three categories of signature:

Simple Electronic Signature (SES, Article 3(10)) — for example, a typed name in an email footer. Admissible as evidence, but weak.
Advanced Electronic Signature (AES, Article 26) — a signature that meets four conditions: it is uniquely linked to the signer, identifies the signer, is created using means under the signer's sole control, and is linked to the data so that any later change is detectable. This is the category FreeSign is designed for.
Qualified Electronic Signature (QES, Article 25(2)) — AES based on a qualified certificate, issued by a qualified trust service provider on a qualified signature creation device (QSCD). Required by law only in a narrow range of EU or member-state-specific cases.

eIDAS was amended by Regulation (EU) 2024/1183 (eIDAS 2.0, in force 20 May 2024), which adds the European Digital Identity Wallet but leaves the SES / AES / QES tiers above unchanged.

FreeSign meets the AES evidence conditions in Article 26 in the following way:

Uniquely linked to the signer — your one-time certificate contains your name and email address.
Capable of identifying the signer — email verification with a one-time code plus the typed full name.
Created under your sole control — the key used to sign is created only in your browser; nobody other than you has access to it.
Linked to the data so that changes are detectable — the document seal plus independent time evidence anchored in the Bitcoin blockchain.

FreeSign is not a qualified electronic signature (QES), and the service operator is not a qualified trust service provider. The list of documents that require QES varies by EU member state. If a specific EU workflow requires QES or notarial form, FreeSign is not the right tool.

What can you use a free e-signature for?

For anything that does not mandatorily require a Qualified Electronic Signature (QES) or notarial form. In practice, FreeSign is a strong fit for:

NDAs and confidentiality agreements — the classic "do not upload me anywhere" document. See the guide to signing an NDA without uploading.
Employment, contractor, and service agreements — employment offer, copyright transfer, equivalent compensation documentation.
Vendor contracts — master service agreements (MSA), statements of work (SOW), orders, amendments, policies.
Board resolutions and minutes — written consents, resolutions, shareholder-list updates.
Term sheets and investment documentation — everything except final documents requiring notarial form.
GDPR consents, medical consents, parental consents, asset declarations.
Lease agreements (with exceptions requiring a legally certain date).
Internal policies, rules, approvals — the document never has to leave the company network.

When FreeSign is NOT the right tool

Acts for which the law requires a Qualified Electronic Signature (QES) — some register filings, some court pleadings filed electronically.
Acts requiring notarial form — notarial deeds, real-estate ownership-transfer agreements, some wills, powers of attorney for acts requiring a notarial deed.
Acts requiring written form with a legally certain date — here, electronic form with AES alone may not be enough without an additional element, such as notarial certification.

When in doubt, confirm the required form with a lawyer. This is not legal advice.

FreeSign vs DocuSign vs Adobe Sign — e-signature comparison

DocuSign and Adobe Acrobat Sign are the best-known brands in the electronic-signature category. They create the same standard PDF signature as FreeSign — but along the way they upload your document to their servers, store it, and charge for it. FreeSign gives the same end result without ever seeing the document content and without a paid plan.

Privacy: DocuSign and Adobe receive and store your PDF in their cloud. FreeSign receives only a short, one-way file fingerprint — the PDF itself never leaves your browser.
What you get at the end: all three services produce the same standard signed PDF, compatible with the same format (PAdES) and a trusted timestamp. FreeSign additionally includes independent time evidence anchored in the Bitcoin blockchain — verifiable even if FreeSign disappears.
Trust in Adobe Reader: DocuSign and Adobe Sign are on Adobe's commercial trusted-provider list (Adobe Reader then does not show a yellow warning). FreeSign is not currently on that list. The signature itself is still verifiable — the warning concerns only the trust list, not document integrity (more below).
Cost: DocuSign and Adobe Acrobat Sign are paid products with plan-specific envelope or transaction limits. FreeSign is free with no limits.

Full comparisons: FreeSign vs DocuSign · FreeSign vs Adobe Acrobat Sign · all comparisons.

How will the other party verify the signature?

Without having to trust FreeSign. A PDF signed by FreeSign is fully self-contained — everything needed for verification is inside the file itself:

Adobe Reader. It opens the file and shows the signature panel with the signer name, signing time, and confirmation that the document has not been changed. The yellow warning concerns only the trust list — not signature integrity.
Popular open-source tools (for example openssl, pyHanko) parse the file, check the signature and certificate chain — without contacting FreeSign. Step by step: the verification guide.
Independent time evidence (OpenTimestamps) anchored in the Bitcoin blockchain — shows that your document existed at a given time. Verifiable even if FreeSign disappears.
FreeSign browser verifier: /verify — the same tests locally, if you prefer dragging the file into the browser instead of using the command line. The verifier source code is open source (MIT license) and published on GitHub: github.com/free-sign/verifier — you can read exactly what it does, run it yourself, or even deploy it on your own server if you prefer not to trust our copy.

What does the yellow warning in Adobe Reader mean?

Adobe Reader colors signature status according to its own commercial list of trusted providers (Adobe Approved Trust List, AATL). FreeSign operates its own certificate authority, but it is not currently on that list. That is why Adobe shows the yellow message "At least one signature has problems" by default.

That message concerns the trust list, not signature integrity. Open the signature panel in Adobe — the same panel still confirms that the document has not been modified, shows the signer's full name, and shows the signing time.

You can fix this manually in a few clicks. Add the FreeSign certificate authority to Adobe Reader/Acrobat's local trusted provider list once — from then on, Adobe shows a green icon instead of a yellow warning for every FreeSign signature on that device. Setup takes less than a minute and works for all later signatures on that device. Step by step: the Adobe trust setup guide and the FAQ answer.

E-signature with no account and no monthly limits

Most "free" signature services on the market have real restrictions — 3-5 documents per month, account creation, or the ability to sign only documents they send you. FreeSign is actually free:

No registration. There is no account and no password.
No monthly limit. We do not count signatures.
No per-document fee. There is no "premium" or "pro" plan — no paid variant exists.
No installation. Everything runs in your browser.

This is possible because we never store PDF files (we do not pay to store them) and we run on Cloudflare infrastructure, where the cost of a single signature is microscopic.

AI document summary in your language — also in the browser

Before signing a long document, you can generate a summary in your language with one click — in English, regardless of the language of the document itself. Just like the signature, the whole analysis happens in your browser: the AI model is downloaded once and runs locally on your computer. Your document content does not go to us or to any external AI service — not to OpenAI, not to Google, not to Anthropic. The feature is currently available on desktop and laptop computers with a modern browser; it does not run on phones because the model is too large for typical mobile devices.

The signing ceremony is available in English

The signing ceremony itself — the full interface where you drop the file, enter details, confirm the one-time code, and download the signed PDF — is available in 29 languages: all 24 official EU languages (Bulgarian, Croatian, Czech, Danish, Dutch, English, Estonian, Finnish, French, German, Greek, Hungarian, Irish, Italian, Latvian, Lithuanian, Maltese, Polish, Portuguese, Romanian, Slovak, Slovenian, Spanish, Swedish) plus Ukrainian, Japanese, Korean, Norwegian, and Icelandic. The language is detected automatically from your browser settings, and you can also switch it manually in the signing panel.

The signed PDF itself is language-independent — it verifies the same way regardless of the language used during the ceremony.

For product teams: embed it on your website

If you are building a portal or application where your users sign documents, you can embed the FreeSign ceremony as an iframe in your own page. The PDF still never leaves the user's browser (nor yours, nor ours): the file moves only between your page and the iframe, and the signed document returns the same way. No API keys, no webhook configuration, no data-processing entrustment.

Full instructions: the embed guide. Interactive demo: /demo/embed-signing.

Sign a PDF now

Sign your first PDF without uploading it anywhere

There is nothing to install. Drop a PDF, sign, download — the whole ceremony takes under a minute.

Sign a PDF now →

Technical details for advanced users

Cryptography

Your browser computes the file's SHA-256 locally (through WebCrypto) and sends FreeSign only the 32-byte hash — PDF bytes never leave your device. The end result is a standard signed PDF in PAdES-B-T format: a CMS PKCS#7 signature (RFC 5652) under a one-time X.509 leaf certificate issued under the FreeSign CA, with an RFC 3161 timestamp embedded in the same CMS. Each signature also contains independent OpenTimestamps evidence, which — once the public OpenTimestamps calendar server confirms our entry — is completed with an attestation in a Bitcoin block header.

Signing-ceremony evidence (signer identification, OTP or passkey assertion, consent, signed payload) is embedded inside the CMS itself as an unsignedAttribute under FreeSign's IANA Enterprise Number — so a multi-signature file carries each signer's evidence in that signer's own revision. Evidence schema: evidence JSON schema (v1 for OTP signatures, v2 for passkey). On free-sign.com, we also add a PAdES-B-LT revision with long-term validation: the FreeSign CA certificate and the published CRL (/.well-known/free-sign-signing-ca.crl) are inserted into the PDF /DSS — so openssl, pyHanko, and Adobe can verify the chain for years, even after the one-time leaf certificate expires.

Verification — no account and no API key

Adobe Reader, openssl cms -verify, and pyHanko sign validate parse and verify the file without a single request to free-sign.com. OpenTimestamps evidence verifies with the official ots CLI against public Bitcoin block headers — with no FreeSign trust anchor. Step by step: Verify a signed PDF with openssl.

The /verify page runs the same tests — CMS signature, certificate chain, RFC 3161 timestamp, OpenTimestamps anchor, and embedded evidence record — entirely client-side, with no upload. FreeSign runs the same verifier on every freshly sealed PDF before showing you the receipt, so every downloaded file has already been verified once on your device.

Advanced Electronic Signature (AES) — eIDAS Article 26 mapping

FreeSign is designed for the Article 26 eIDAS (Regulation (EU) No 910/2014) evidence model for Advanced Electronic Signatures (AES): signer attribution (one-time X.509 certificate with CN = full name and rfc822Name SAN = verified email), signing intent (typed consent + signed canonical consent payload), sole control (browser non-extractable ECDSA P-256 session key stored in IndexedDB), and tamper detection (CMS message-digest binding + independent OpenTimestamps). FreeSign is not a Qualified Electronic Signature (QES); QES/QTSP support is a separate roadmap item.

HSM — certificate-authority cryptography

The FreeSign CA private key lives in Google Cloud KMS HSM (FIPS 140-2 Level 3). The CA uses RSA-2048; one-time leaf certificates and browser session keys use ECDSA P-256. The HSM signs only the TBSCertificate hash of each leaf certificate — it never sees PDF bytes, signatures, or any signer personal data. Each ceremony generates a fresh leaf certificate under this CA; the ephemeral signing key is destroyed at the end of the ceremony.

What we store server-side

The document SHA-256, envelope-scoped email HMAC, consent payload, signed canonical payload, public JWK, RFC 3161 + OpenTimestamps tokens, and a hash-linked audit log. Never PDF content — the seal is built from the 32-byte ByteRange digest that your browser computes locally.

Interfaces for AI agents (MCP) and automation

Full REST + MCP server for AI agents. The MCP contract publicly declares documentUpload: false, and an automated public-contract test prevents adding any endpoint that accepts PDF content. Headless automation: headless guide. Full public API map: openapi.json · llms.txt.

The full legal mapping — how FreeSign relates to ESIGN, UETA, and every eIDAS layer (SES / AES / QES) — is in the FAQ.