Is PDF Verified legally binding?

Yes. PDF Verified signatures comply with the US ESIGN Act, UETA, EU eIDAS regulation, and equivalent eSignature laws in 190+ countries. Every signed document includes a cryptographic SHA-256 fingerprint and a complete audit trail with timestamps and signer hash chain — admissible in court.

How is PDF Verified different from DocuSign?

PDF Verified offers unlimited documents on the $15 Business plan with REST API included. DocuSign charges $40+/user for Business and gates the API behind a $720/month add-on. PDF Verified also includes unique features: public QR verification page on every signed PDF, eStamp designer, AI field auto-detection, and mobile-first signing without requiring an app.

Can I use PDF Verified without a subscription?

Yes. The pay-as-you-go option lets you sign or send one document or envelope for $1.50 without a monthly subscription. Monthly paid plans include a 7-day free trial.

Which file types can I sign with PDF Verified?

Upload PDF, DOCX, TXT, PNG or JPG files. Non-PDF formats are automatically converted to PDF on upload so signers always receive a clean signing-ready document.

How do recipients verify a signed document is authentic?

Every signed PDF includes a QR code on every page. Anyone — even without a PDF Verified account — can scan it to land on a public verification page showing the document status, completion date, SHA-256 fingerprint, and tamper-evidence proof.

Does PDF Verified work on mobile?

Yes — PDF Verified is mobile-first by design. The signing portal uses a native bottom-sheet pattern with touch-optimized canvas signing, sticky CTAs in the thumb zone, and 44px+ touch targets following Apple Human Interface Guidelines. No app download required.

Can I add a company stamp or seal to a document?

Yes. PDF Verified includes a stamp designer for company seals, official seals, approval stamps (APPROVED, PAID, RECEIVED), date stamps, and certified-true-copy marks. Place a stamp on any document like a signature field. On Business plans, the verified stamp library adds auto-incrementing serial numbers, locked metadata, workspace sharing, revocation, and a public QR verification link for every stamp applied.

How do I verify a stamp is genuine?

Each stamp PDF Verified applies mints a unique verification token at /verify-stamp/:token. Scan the stamp's QR code or open the link from the document's audit certificate to see the stamp's name, serial number, the document it was applied to, and whether it has been revoked — so anyone can confirm a company seal or approval stamp is authentic and current.

How do I verify a signature on a PDF is real?

Open the verification page at pdfverified.com/verify and scan the QR code on the signed PDF, paste the verification code, or upload the file. PDF Verified recomputes the document's SHA-256 fingerprint and compares it against the sealed value — if a single byte changed since signing, verification fails. You also see every signer, their timestamps, and the full tamper-evident audit trail. No account is required to verify.

How do I add a digital stamp to a PDF online?

Upload your PDF, open the editor, add a Stamp field, and pick a stamp from your library — a company seal, an APPROVED or PAID approval stamp, a date stamp, or a certified-true-copy mark. The stamp is baked into the sealed PDF with an optional auto-incrementing serial number and a QR code that links to its public verification page. No printer, ink pad, or scanner needed.

What is DPA (Data Processing Agreement)?

A contract between a data controller and a data processor required by GDPR Article 28.

A Data Processing Agreement (DPA) is the contract required by GDPR Article 28 between a controller (you) and a processor (your vendor) that defines the subject matter, duration, nature, purpose of processing, types of personal data, categories of data subjects, and obligations of the parties. PDF Verified provides a pre-signed DPA on every paid plan. For Enterprise customers we also support custom DPA negotiation and signed addenda.

What must be in a DPA

Per GDPR Article 28(3): subject matter, duration, nature, purpose; types of personal data and data subjects; processor obligations (process only on documented instructions, ensure confidentiality, take security measures, engage sub-processors only with consent, assist with data subject rights, delete/return data at end, allow audits).

Sub-processors

A DPA must list sub-processors (vendors of the processor that also touch data) — for PDF Verified that includes Supabase (Postgres + storage), Resend (email delivery), Twilio/WhatsApp Business (messaging), Smile ID (KYC), Stripe + Paystack (billing). The full sub-processor list lives at /legal/dpa.

Cross-border data transfers

When personal data leaves the EU, the DPA must reference SCCs or an adequacy decision. PDF Verified uses 2021 SCCs (Modules 2 and 3) for transfers to non-EU sub-processors.