Help center

Sign in, then on your dashboard tap the + New envelope button (top-right on desktop, bottom-right on mobile). The wizard walks you through four steps:

1. Upload the PDF you want signed.
2. Add details — document type, property address, optional tags.
3. Add signers — name, email, optional phone for WhatsApp.
4. Review & send. Each signer receives a magic link by email (and WhatsApp if you provided a number).

No printing, no scanning, no DocuSign account required for your signers.

Yes. TAG Vault is mobile-first — the web app runs as a Progressive Web App (PWA) on every modern phone, and we ship a Capacitor-wrapped Android APK for users who prefer a native install. The signing ceremony, envelope dashboard, and verification page all work on a 360 px-wide screen.

On Android, install via Play Store (closed beta) or open vault.tagprojects.in in Chrome and tap Add to Home Screen. iOS users can do the same from Safari; an iOS-native build is on our Phase 3 roadmap.

No. Signers receive a one-time magic link by email or WhatsApp. They tap it, complete the OTP verification, draw or type their signature, and submit — no password, no signup, no account hangover. The link is single-use and expires once the envelope closes or after the deadline you set.

The signer audit captures their identity (verified through OTP), IP, user-agent, screen size, timestamp, and the consent text hash for evidentiary purposes — see our Privacy Policy §4.4.

PDF only, up to 50 MB per file, in TAG Vault MVP. We accept PDF/A and PDF 1.4–2.0; password-protected PDFs are rejected at upload because we cannot embed signatures into a locked file. If you have a Word document or scanned image, export to PDF first.

We hard-block uploads of document types Indian law excludes from electronic signing under the First Schedule of the IT Act 2000 — wills, trust deeds, individual-to-individual powers of attorney, and negotiable instruments other than cheques (see our Terms §7.2). The upload UI surfaces a clear error if you try.

Open the magic link from the email or WhatsApp message. You will be asked to enter a 6-digit OTP sent to the same channel. After OTP verification, scroll through every page of the document, then tap Sign. Choose Draw (finger / stylus / mouse) or Type (we render your name as a signature) and tap Confirm.

You will receive a confirmation email with a link to the sealed PDF as soon as every signer on the envelope has signed.

Use WhatsApp as the delivery channel. When you add a signer, fill in the Phone field in E.164 format (for example +919876543210). The magic link and OTP land in WhatsApp via Meta’s WhatsApp Business Cloud API.

If neither email nor WhatsApp works for a signer, write to support@<domain-placeholder> — we can issue a manual link you can deliver out-of-band.

Yes. Open the magic link in Safari or Chrome on iOS — the signing ceremony runs entirely in the browser, with finger-drawn signatures captured on a touch canvas. The signed PDF is delivered by email or WhatsApp once every signer completes.

A native iOS app is not yet available — Phase 3 of our roadmap. The PWA path covers every signing flow in the meantime.

By default, signing links are valid until the envelope deadline the sender chose, or for 14 days from issue if no deadline was set. After that, the link expires and the signer needs a fresh one — the sender can click Resend invitation from the envelope detail page.

If the envelope is voided or completed by other signers, your link invalidates immediately. The OTP itself is single-use and expires after 10 minutes.

Yes. Open the envelope from your dashboard and the signer list shows live status for each: Pending, Viewed, Signed, or Declined. You also receive an email and WhatsApp ping for each signer event if you have those preferences turned on in your profile.

The full envelope timeline (every state transition with timestamps and IPs) is on the same page under the Audit log tab. That timeline is also embedded in the certificate-of-completion page of the sealed PDF.

On AWS infrastructure inside India. Sealed PDFs and active envelopes live in S3 in ap-south-1 (Mumbai), with cross-region replication of sealed copies to ap-south-2 (Hyderabad). Every bucket is encrypted at rest with AWS KMS customer-managed keys; every connection uses TLS 1.2 or higher.

The full sub-processor list, regions, and what each one processes is in our Privacy Policy §6.

Sealed PDFs are retained for 10 years from the date of sealing in S3 Object Lock COMPLIANCE mode — neither we nor AWS can modify or delete them inside that window. The retention exists because Indian real-estate dispute windows can run 12 years (Limitation Act, 1963) and §63 BSA / §65B IEA evidence rules require us to be able to produce a tamper-evident original on demand.

Audit-log entries are retained for 7 years; account profiles for 90 days post-closure; notification logs for 13 months. The full retention table is in our Data Retention Policy.

Yes. From the envelope detail page, tap Download sealed PDF once the envelope status is Completed. The download includes:

• The original document with each signer’s signature embedded at the placed coordinates.
• A final certificate of completion page with the audit timeline, signer ceremony attributes, and the §63 BSA / §65B IEA certificate.
• An ECDSA P-256 cryptographic seal over the SHA-256 hash of the PDF bytes. Any downstream byte change breaks the seal.

You can re-download anytime within the 10-year retention window.

Use our public verification page at /verify. Drop the sealed PDF on it (or paste the envelope code printed on the certificate page). TAG Vault recomputes the SHA-256 hash, checks the ECDSA P-256 signature against our published key, and reports a green tick or a red flag in milliseconds. No account is required — relying parties (banks, advocates, registrars) can verify independently.

Programmatic verification: POST /v1/verify. Submit the SHA-256 hash and receive a JSON response with the seal-key fingerprint and a redacted signer-audit summary.

Open your profile and switch to the Security tab. Enter your current password and your new password (minimum 8 characters, mixed cases / numbers / symbols recommended), then tap Update password. Other devices that were signed in get bumped — you stay signed in on the device you used to change.

If you have lost access to your old password, use the forgot-password flow instead — we email a single-use reset link valid for 30 minutes.

In your profile → Security, tap Turn on two-factor. Scan the QR code with an authenticator app (1Password, Google Authenticator, Authy), enter the six-digit code it generates, and we save a set of recovery codes for you.

Save the recovery codes somewhere safe — if you lose your phone and your authenticator app, those codes are the only way to regain access without a manual identity-verification flow with support. Each code works once.

Self-service account deletion is shipping in Phase 2a. Until that ships, write to support@<domain-placeholder> from the email address on your account and request deletion under §12 of the Digital Personal Data Protection Act, 2023. We will:

1. Acknowledge within 48 hours.
2. Schedule a 30-day soft-delete grace window so you can recover the account if you change your mind.
3. Hard-delete account profile data after 30 days; cryptographically erase authentication credentials within 30 days.

Sealed PDFs are excluded from erasure for the balance of their 10-year retention — they fall under §7(c) read with the proviso to §8(7) DPDP Act (legal-obligation retention). See Privacy Policy §9.2.

Self-service data export is shipping in Phase 2a. Until that lands, write to support@<domain-placeholder> with the subject line “DPDP §11 access request” from the email on your account. We will respond within 30 days per Rule 13 of the DPDP Rules, 2025, with a JSON export of your account profile, envelope metadata, audit-log entries you authored or received, and notification logs.

The first request per calendar year is free. Document content (the PDF bytes themselves) is also downloadable per-envelope from your dashboard at any time.

TAG Vault is free to use today. No platform fee, no envelope cap, no payment information required at signup. Fair-use limits apply — if you suddenly need to send 10,000 envelopes a day, we will reach out before any throttling kicks in.

Paid plans are not yet announced. When pricing launches, we will notify each existing user by email at least 30 days before any change takes effect. Existing beta users will be grandfathered onto a free / discounted tier — see Terms §16.

There is no paid tier yet, so there is nothing to upgrade. When paid plans launch, the upgrade flow will live at /profile → Billing, with one-click switching between tiers. Indian customers will receive 18% GST tax invoices automatically.

In the meantime, if you have a custom requirement (B2B volume, dedicated infrastructure, custom SSO, DPA negotiation), email support@<domain-placeholder> and we will set up a call.

The first three things to check, in order:

1. Spam / Promotions folder. Transactional mail from no-reply@<domain-placeholder> can land there on first contact. Mark it Not spam and add the address to your contacts so future links go straight to inbox.
2. Spelling. A typo in the email field (a missing letter, a swapped .com / .in) silently sends the link to nobody. From the envelope detail page, tap Edit signer to correct and Resend.
3. WhatsApp fallback. If you provided a phone number when you set up the signer, the same magic link is also delivered by WhatsApp as a backup.

If none of those work after 30 minutes, write to support@<domain-placeholder> with the envelope code (format ENV-XXXXX) and the recipient address. Our SES delivery dashboard tells us within seconds whether the message bounced, was deferred, or was rejected by the recipient mail server, and we will manually re-issue or escalate as needed.