Built for paperwork that matters.
E-sign on any device
Send an envelope, sign on the go, done. Signature fields travel with the doc — no printouts, no scanners.
Tamper-evident seals
Every completed envelope is sealed with Ed25519. Any byte change breaks the seal and is visible to everyone.
Verify by code
Paste the ENV-XXXXX code or drop the PDF in — TAG Vault confirms authenticity in under a second.
Frequently asked questions
Everything we're asked about in the first pitch meeting.
Is a TAG Vault signature legally binding?
Yes. The seal is an Ed25519 signature bound to the sealed PDF hash, which satisfies the “electronic signature” definition under Section 3A of the Information Technology Act, 2000. The audit trail captures the signer's identity, intent, consent, IP, device, and time — the same evidentiary package Indian courts accept for DocuSign and Adobe Sign records.
Who can verify a signed document?
Anyone. Drop the sealed PDF onto /verify or paste the envelope code — TAG Vault checks the hash against the Ed25519 signature and returns the result in milliseconds. The public key is published at
/v1/verify/keys so third parties can verify independently, even if TAG Vault is offline.Do signers need a TAG Vault account?
No. Signers receive a one-time magic link via email / WhatsApp, sign on their phone, and that's it. No password, no signup. The link is single-use and expires after the deadline or once the envelope closes.
How long do you retain documents?
Sealed PDFs and their audit logs are held for 10 years in AWS S3 with Object Lock (COMPLIANCE mode) — which means they can't be deleted or overwritten even by the AWS root account during that window. This meets the Indian real-estate retention requirement of 30 years for registered deeds; upon request we can extend to that horizon.
Where is the data hosted?
TAG Vault runs on AWS
ap-south-1 (Mumbai) with cross-region replication to ap-south-2 (Hyderabad) for sealed documents. All data stays within India.