Send legally binding documents for signature. Recipients sign instantly — no account required. Every signature carries a SHA-256 proof chain, device forensics, and eIDAS compliance certification.
The EU's eIDAS Regulation (EU 910/2014) establishes three tiers of electronic signature: Simple, Advanced (AES), and Qualified (QES).
An Advanced Electronic Signature must be:
COMPANY.LEGAL implements AES: biometric device data, drawn signature vector, SHA-256 document hash, and device fingerprint are combined into a tamper-evident proof record.
SHA-256 digest of document content, computed at request creation. Any tampering invalidates the chain.
Email, name, device fingerprint, and IP address recorded at the moment of signing.
Raw SVG path of the drawn signature — unique to each signing event, stored cryptographically.
SHA-256 of (documentHash | signerEmail | signedAt) — a tamper-evident seal on the completed signature.
Paste or upload your document. Enter the recipient's name and email. We generate a unique, expiring signing link.
Recipient opens the link — no account required. They read the document, draw their signature, and confirm eIDAS agreement.
On submission: device forensics captured, signature vector stored, SHA-256 proof chain computed. You get notified instantly.
Non-disclosure agreements for employees, contractors, or counterparties.
Scope of work, rate cards, and engagement letters.
Offer letters and employment contracts with legal binding.
Written resolutions requiring director sign-off outside of meetings.
Term sheets, SAFEs, and shareholder agreements.
Vendor onboarding, SLAs, and purchase agreements.
| Feature | Simple (SES) | Advanced (AES) ✓ | Qualified (QES) |
|---|---|---|---|
| Legally binding in EU | ✓ | ✓ | ✓ |
| Signer identity linked | — | ✓ | ✓ |
| Tamper-evident document | — | ✓ | ✓ |
| Device/IP forensics | — | ✓ | ✓ |
| Cryptographic proof chain | — | ✓ | ✓ |
| Qualified trust authority required | — | — | ✓ |
| Hardware token required | — | — | ✓ |
| No account needed for signer | ✓ | ✓ | — |
COMPANY.LEGAL implements Advanced Electronic Signatures (AES) — the standard required for most commercial agreements under EU law. Qualified signatures requiring a hardware token are outside our scope; contact a qualified trust service provider for those use cases.
Yes. Under eIDAS (EU 910/2014), Advanced Electronic Signatures carry full legal weight across all EU member states. They are admissible as evidence in court and satisfy the signature requirement for most commercial contracts.
No. Recipients receive a unique, expiring link via email. They open it in any browser, read the document, draw their signature, and submit — with no registration required.
Signing links expire after 30 days by default. After expiry, the request can no longer be signed. You can resend a new request if needed.
All data is stored in Cloudflare's European data centres. The signature vector, device forensics, and proof chain are stored at rest and can be exported as a signing certificate at any time.
Yes. Any contract in the platform can be sent for external eSign. The document content hash is computed at creation and locked — ensuring the signed version matches exactly what was sent.
When a signature is submitted, we compute SHA-256(documentHash | signerEmail | signedAt). This creates a cryptographic seal that links the specific document, signatory, and timestamp into a tamper-evident record. If any of these values change, the hash will not match.
eIDAS-compliant eSign is included in every COMPANY.LEGAL account. No per-signature fees. No seat limits on signatories.