CalmSign
Security

Security you can verify yourself

Every CalmSign document is protected by cryptographic hashing and a complete audit trail. Nothing is hidden.

Cryptographic seal

How we protect every document

1

Document signed

When the signer completes their signature, we capture their identity, device, IP address, and a precise timestamp.

2

Hash generated

A unique SHA-256 fingerprint of the entire document is computed. This hash is mathematically unique to the document's exact contents.

3

Seal applied

The hash, signature, and metadata are embedded in the document. Both parties receive an identical, sealed copy.

Signed document
SHA-256 hash
9f86d081884c7d659a2feaa0c55ad015
Sealed
Tamper detection

Any change breaks the seal

SHA-256 produces a completely different hash if even a single bit of the document is changed. There's no way to alter a CalmSign document without the tampering being detected.

Original
sha256:9f86d081884c7d659a2feaa0c55ad015
Modified (even one character)
sha256:60303ae22b998861bce3b28f33eec1be
Verified — seal intact
Document hash
9f86d081884c7d659a2feaa0c55ad015
Tampered — seal broken
Recomputed hash
60303ae22b998861bce3b28f33eec1be
Audit trail

Every action is recorded

CalmSign logs the full lifecycle of every document: creation, delivery, viewing, signing, and verification. Each event includes a timestamp, IP address, and device information.

Precise timestamps
Down to the second, in UTC
Signer identity
Name, email, IP, and device fingerprint
Exportable certificate
Download a standalone audit report for legal use
Audit trail
Service_Agreement.pdf
Document created
28 Mar 2026, 10:12:44 UTC
Sent to signer
28 Mar 2026, 10:15:02 UTC
Opened by signer
28 Mar 2026, 14:28:19 UTC
Signed by Jordan Mitchell
28 Mar 2026, 14:32:07 UTC
82.132.13.37 · Chrome / macOS
Seal verified — intact
28 Mar 2026, 14:32:09 UTC
Integrity checking

Tamper detection built in

Every signed document carries a SHA-256 seal over an immutable snapshot. CalmSign verifies that seal automatically and surfaces any tampering — backed by a full audit trail of who signed, when, from which IP and device.

Seal verified automatically
Snapshot hash matches — unaltered
Signer Jordan Mitchell
Signed 28 Mar 2026, 14:32 UTC
IP / Device 82.132.13.37 · Chrome
SHA-256 seal
9f86d081884c7d659a2feaa0c55ad015

Our data practices

Encrypted in transit & at rest

Data is encrypted in transit and at rest using industry-standard TLS and AES-256, so documents stay protected on the wire and in storage.

No third-party tracking

We don't embed third-party analytics or tracking scripts in the signing experience. Your signers' data stays between you and them.

Privacy by default

CalmSign is designed with privacy by default. We collect only what's needed for the signature process and nothing more.

Your documents, your control

Delete your documents anytime. When you delete, we remove the document from our systems entirely — no residual copies.

Start signing securely

Every document is tamper-proof from day one. Free to start.

Create free account