Documents you can prove — data that never leaves home.
DocsNG is built for organisations where a document has to be legally trustworthy and the data behind it can't go to someone else's cloud.
Five layers of assurance
1 · Qualified electronic signatures
PAdES-B-B and PAdES-B-LTA, plus Advanced (AdES), Qualified (QES) and organisational electronic seals (QSeal) aligned to eIDAS. Choose the assurance level your regulation requires.
2 · Long-term validation (LTV)
Revocation data and document timestamps are embedded so a signature remains verifiable for years — even after the signing certificate expires. Refresh validity before it ages out.
3 · Keys you control
Sign with a local certificate, Google Cloud KMS, Azure Key Vault or a PKCS#11 HSM. Bring your own key and bring your own HSM — private keys never leave the provider, and never leave your boundary.
4 · Independent verification
Anyone can confirm signer identity, timestamp, signature level and integrity through a verification portal or API — no trust in DocsNG required. Export a signed evidence package as a certificate of authenticity.
5 · Tamper-evident data
Beyond the PDF, the underlying record carries per-record integrity and a hash-chained, append-only audit log — so the data itself is provably intact, not just the rendered document.
6 · Data residency & sovereignty
Run entirely inside your boundary — on a VM, in Docker, or fully air-gapped with no outbound calls. Your database, keys and documents stay with you.
A document you can prove — and protect
This NDA was generated from a Word template, signed with an advanced electronic signature and encrypted at rest. The signature is long-term-valid (PAdES-LTV), the underlying record is tamper-evident, and everything was produced inside your own boundary.
Designed for regulated environments
DocsNG is built to help you meet document-trust and data-protection obligations. Certification status depends on your deployment and configuration.
eIDAS
Signature tiers and qualified timestamping aligned to the EU eIDAS regulation.
PAdES / PDF/A
ETSI PAdES signatures and archival PDF/A output for long-lived records.
GDPR-ready
Self-hosting keeps personal data in your jurisdiction; synthetic data for testing.
PDF/UA
Accessible, tagged PDF output for public-sector requirements.
Secure by construction
DocsNG follows a documented 2026 threat model and a governed development lifecycle. Security controls are versioned, scanned and gated in CI.
- SAST, dependency & secret scanning on every change
- Least-privilege identities and scoped API keys
- Per-owner and per-tenant authorisation of every record
- Pinned dependencies and reproducible builds
- Encryption at rest for sensitive settings and keys
✓ Security gates
Build & format · Tests & coverage
SAST (Semgrep) · Secret scan (Trufflehog)
Dependency & image scan (Trivy)
Deploy → smoke tests → human approval
Talk to us about your compliance needs
Whether it's eIDAS qualified signatures, an air-gapped install or a data-residency requirement — we'll map DocsNG to your obligations.
