CLOUD OR SELF-HOSTED • CRYPTOGRAPHICALLY VERIFIED

E-signatures with
cryptographically
verifiable audit trails.

SHA-256 hash-chained evidence that regulators and auditors respect.
Free for small teams (5 docs/mo market avg). Unlimited + depth for enterprise. Cloud or self-hosted.

HASH-CHAINED • VERIFIABLE • COMPLIANCE-NATIVE
SELF-HOSTED
SHA-256 HASH-CHAINED
FREE FOR SMALL TEAMS (5/MO MARKET AVG) • UNLIMITED PAID
HIPAA / SOX / 21 CFR PART 11
PUBLIC CERTIFICATE VERIFICATION
PWA-READY
DOCUSIGN FATIGUE IS REAL

The DocuSign tax is rising.
Your audit risk is too.

Envelope anxiety
“We burned through our quota in October and had to pause three deals.” — VP Sales, healthtech
Weak evidence
“Auditors asked for the full chain. Our vendor gave us a PDF log. We spent three weeks explaining it.” — Head of Compliance
Sovereignty risk
“Legal keeps telling us we can’t put this contract in the cloud. So we print, sign, scan, and pray.” — CFO, gov contractor
EVIDENCE, NOT THEATER

Audit-ready proof that regulators actually respect.

Every agreement comes with cryptographic proof that can be independently verified. No vendor logs. No "trust us." Just a tamper-evident chain you can hand to auditors, counterparties, or regulators.

The same strong evidence in the cloud or on your infrastructure.

Stuff for nerds: live chain demos, tamper tests, and signing simulations →

Public verification portal
Any third party scans the QR or visits /verify/[id]. No login required. Full chain status and exportable certificate.
Biometric signatures
Real pressure and velocity captured during signing. Stronger proof of intent than a typed name or static image.
Your PKI. Your chain.
3-tier X.509 you control. Native Adobe Reader verification. Optional timestamps. No vendor-managed certificates.
Compliance that actually enforces
Switchable HIPAA, SOX, and 21 CFR Part 11 modes with org-level locking. Intended rules applied via the compliance engine at signing time.
SOLUTIONS FOR REGULATED VERTICALS
Built for the teams that bet the company on evidence.
Finance / SOX
Approval thresholds + 7y retention + dual-control. Hash chain for auditors. Segregated RBAC enforced.
Explore →
Healthcare / HIPAA
BAA flag + PHI access logging + 10y retention minimum. One mode lock, no drift.
Explore →
Pharma / 21 CFR Part 11
Signing reason capture + unique per-signer X.509 + 20y + NIST timestamps. LTV/OCSP.
Explore →
Sovereignty & Gov-adjacent
Full self-host (Docker/Helm). Your keys, your DB, your S3. Air-gap ready. Data never leaves.
Explore →
FREE FOR SMALL TEAMS (5 DOCS/MO) • UNLIMITED ON EVERY PAID TIER
Stop paying for caps.
Start owning your evidence.
See full pricing & self-hosted options →
REAL-TIME DISRUPTOR CALCULATOR
Calculate your escape velocity (vs current provider list rates)
25
200
FLYSIGN CLOUD PROFESSIONAL (ANNUAL, UNLIMITED)
$7,800/yr
vs DocuSign list equivalent ≈ $12,000 (volume context — per-user model, illustrative per design §3 research; does not alter core seat-based derivation)
You save $4,200/yr (35%)
+ unlimited envelopes • + cryptographic hash-chain audit • + self-host option. (Rates illustrative per 2026 competitive data; FlySign true unlimited + evidence advantage.)
Volume context (per-user model): 2,400 docs/yr • ~$1.75/doc saved (illustrative only)
Professional tier positioned ~45% below DocuSign Business Pro list price while delivering true unlimited + cryptographic audit strength competitors cannot match.
TRUSTED IN REGULATED INDUSTRIES
Evidence that survives audits and litigation.
Regulated teams (finance • healthcare • pharma)Teams like yours in regulated industries
"The hash chain saved us during a SOX audit. Regulators verified in 4 minutes without asking for our vendor logs."
— CFO, public fintech
"One platform for HIPAA + FDA 21 CFR 11. Locking the mode removed all the policy drift arguments."
— Head of Compliance, clinical research
"We self-hosted inside our VPC. No data left our perimeter. The PKI is ours."
— CISO, healthcare systems
STUFF FOR NERDS

The real cryptographic details.

Live hash chain tamper testing, consent enforcement, biometric signature simulation, and cross-border compliance logic. These are the actual mechanisms behind the evidence.

LIVE AUDIT CHAIN SIMULATOR
SHA-256 linked • constant-time verified
CHAIN VALID — MATHEMATICALLY SOUND
#0CREATEDAgreement #4821 • 3 signers
PREV HASH
GENESIS
EVENTHASH = SHA256(PREV + PAYLOAD)
000000001b215c3a
CLICK TO TAMPER
#1SENTTo: legal@acme.health • consent enforced
PREV HASH
a7f3c9e2d1b4
EVENTHASH = SHA256(PREV + PAYLOAD)
000000000912baaa
LINK BROKEN
#2VIEWEDIP 10.4.12.88 • 14.2s review
PREV HASH
f2e8b1c4a9d7
EVENTHASH = SHA256(PREV + PAYLOAD)
0000000050e5a1a3
LINK BROKEN
#3SIGNATURE_APPLIEDBiometric: 0.87 pressure • 12.4 px/ms
PREV HASH
9d4a2f1e8c3b
EVENTHASH = SHA256(PREV + PAYLOAD)
000000006255e249
LINK BROKEN
Demo only (toy hash for viz); real production uses SHA-256 + timingSafeEqual + full event-sourced reconstruction (in the platform's hash-chained audit implementation).
ORG-LOCKABLE • ENFORCED BY PLATFORM
Switch compliance mode — see what gets enforced
Approval workflow required
Financial category guard
7-year retention minimum
Dual-control / threshold support
Segregated roles (RBAC)
These rules are implemented in our compliance enforcement layer (see architecture docs) and applied at agreement creation and signing time. Org-level lock prevents accidental downgrade for regulated teams.
CROSS-BORDER DETECTION (SIM)
FromtoSCC / transfer warning — enforce consent timing
LIVE PUBLIC VERIFIER
Input cert ID → instant chain status (ties to real /verify)
GENERATE PUBLIC SIGNING LINK (SIM)
draw here (pointer/mouse/touch)
All simulations tie to the real public /verify endpoint and production audit chain logic. Full self-host details and Docker examples on the Deploy page.
QUESTIONS FROM THE BUYING COMMITTEE
We built for the objections you actually hear.
Does the chain really reconstruct for disputes?
Yes. The event-sourcing + prevHash means you replay the full history. Public /verify shows the same reconstruction anyone can run.
What if we need iOS apps for signers?
PWA today — works in any browser on any device with full biometric capture and consent. Native apps on roadmap; no blocker for regulated workflows.
Is self-host really minutes?
Docker Compose is the GA path. Full checklist and interactive terminal on the Deploy page. Helm + monitoring included.
Why not just use DocuSign Enterprise?
Caps, surprise renewals, vendor-managed logs, and data in their cloud. FlySign gives you unlimited + math you control + self-host sovereignty at lower TCO.
Do open source alternatives suffice?
They are free on infra. They lack the PKI depth, multi-regime org-locked enforcement, biometric evidence, and public cert portal that auditors and counterparties respect.
SOC 2 / ISO status?
In progress for cloud option. For self-host the controls are yours — cryptographic proof + your infra often exceeds generic vendor certs for your risk team.
GET STARTED IN MINUTES

Cloud or self-hosted.
Your data. Your proof.

1. Deploy
cd docker && docker compose up -d

Postgres + Redis + app on 4100.
Health check at /api/health.
2. Configure
One script generates your 3-tier PKI.
Set compliance mode (SOX / HIPAA / FDA).
Lock it at the org level.
3. Send & sign
Upload PDF or use template.
Place fields with snap-to precision.
Public token link for external signers (no account). Biometric capture.
4. Verify
Completed PDF carries cert ID + QR.
Anyone hits /verify or scans.
Full chain reconstruction + exportable certificate.
Primary path is our secure cloud. Full production Docker Compose + Helm also available for self-host. Your keys, your data, your proof — in the cloud or on your infrastructure.
Ready for verifiable evidence?

Book a technical demo with the team that built the hash chain. Or start in the cloud right now.

Cloud or self-hosted. PWA-ready today. Native apps on roadmap.