Trusted Signatures is a B2B software company that helps organizations prove the authenticity of important PDFs using standards-based organizational verification (OV) seals. We build lightweight tools (CLI, API, Zapier) that let you seal files where they live—no uploads, Adobe-recognized results.

Our mission: Make verifiable documents the default for business—simple, affordable, and ubiquitous.

Publisher applies an organizational cryptographic seal to your PDFs so recipients can confirm origin and detect any tampering directly in Adobe Acrobat/Reader and other PAdES-aware viewers. Your documents never leave your environment—we sign a cryptographic digest, not your file.

What recipients see:

• A green-check trust indicator in Acrobat/Reader with your organization as the signer
• Clear signer/certificate details; optional restrictions on what can change after sealing

Built-in assurances:

• PAdES-compliant sealing with Long-Term Validation (LTV) options
• RFC 3161 timestamping plus embedded OCSP/CRL data for offline verification
• Recognition via Adobe’s AATL and the EU Trusted Lists (EUTL) through our CA partners
• Non-exportable keys protected by FIPS 140-2/140-3 Level 3 HSMs
• DocMDP/Certification profiles to limit post-seal edits (e.g., form-fill only)

How it fits your workflow:

• Integrate via CLI, REST API, or Zapier—no uploads required; drop into CI/CD and back-office processes
• Ideal for invoices, statements, reports, and any PDF that must be provably authentic outside an e-signature flow

By default, Publisher creates PAdES-compliant seals using an organizational certificate issued by an EU Trusted Lists (EUTL) provider (also recognized by Adobe AATL). Enable LTV (--ltv) to embed RFC 3161 timestamps and OCSP/CRL data so documents can achieve PAdES-B-LT/LTA for durable, offline verification.

EU recognition (default): With our default EUTL-issued organizational certificate, sealed PDFs support eIDAS Advanced electronic seals (AdES). When the underlying certificate is a Qualified Certificate for electronic seals, this is commonly described as AdES with a Qualified Certificate (AdES/QC, sometimes “AdESeal-QC”).

Bring-your-own certificate (optional add-on): If your organization prefers to seal with its own EUTL-issued (or Qualified) certificate, we support that—subject to key-protection requirements (e.g., non-exportable keys held in an HSM or via a remote QSCD) and provider integration.

Note: Achieving a Qualified Electronic Seal (QSeal) typically requires QSCD/remote-QSCD onboarding and additional controls. If you need QSeal, we’ll advise on the best path.

We generate and keep signing keys inside certified Hardware Security Modules (HSMs) validated to FIPS 140-3 Level 3. Private keys are non-exportable and all signing occurs inside the HSM boundary. Production access is controlled by role-based IAM, least privilege, and dual control for sensitive operations; credentials are encrypted and rotated, and every key operation is audited and monitored. (Where applicable, our HSMs also carry Common Criteria evaluations, e.g., EAL4+.)

Your documents never leave your environment—we sign a cryptographic digest, not your file.

No. Your PDFs never leave your systems. Publisher seals a cryptographic digest (hash) of the file; we do not receive or store document content or embedded document metadata.

What we log (operational metadata):

• Non-reversible document digest (cryptographic hash)
• The API key used for the request
• Timestamp of the request
• Source IP address

These logs support security, abuse prevention, billing, and troubleshooting. The digest contains no readable content and cannot be used to reconstruct the document.

Privacy & regulatory context:

• GDPR: We do not act as a processor for personally-identifiable data; we only sign a non-reversible digest of your documents’ data (SHA-256). We publish our sub-processors as pertains to account information and logging, but our systems never access your document data or metadata, including filenames.
• HIPAA: Because document content does not transit or reside with us, Publisher is out of scope for PHI content. For covered entities and business associates, we can execute a BAA covering our handling of operational metadata.

Expiry: With LTV (--ltv) enabled, previously sealed PDFs remain verifiable after certificate expiry because the timestamp and revocation evidence are embedded. We renew/rotate our default EUTL/AATL organizational certificate ahead of expiry; new seals use the renewed certificate. No action is required on your side, and existing documents remain valid.

Revocation (hypothetical): If our default certificate were ever revoked, PDFs sealed before the revocation and sealed with LTV would continue to validate based on their time-of-signing evidence. Viewers may indicate the certificate is currently revoked while still showing that the signature was valid at signing time. Documents sealed without LTV may display warnings depending on the viewer and network availability.

PDF size: No imposed limit—Publisher only receives a 256-bit digest regardless of the file size. However, the CLI and Zap process the PDF in memory within your environment, which may create de facto limits based on your system or automation constraints.

Rate limiting: None currently on API keys; we may introduce fair-use rate limits at any time to protect service stability.

There aren’t fixed “plans” to switch. Pricing is pay-as-you-go, and volume tiers are applied automatically based on your usage within each billing-cycle month. Your tier resets at the start of each new cycle, so there’s nothing to change—your invoice simply reflects what you used.

• Billing cycle: anchored to the date you add a verified payment method (your “subscriber” start date)
• No seat licenses or long-term commitments

If you have questions about high volume performance or need specific SLAs, contact us.

We offer three ways to integrate:

• CLI: Cross-platform command-line tool for sealing in scripts, CI/CD, and back-office jobs
• REST API: Call from any language; our docs include sample requests and responses
• Zapier integration: No-code workflows—trigger sealing from tools you already use

Official SDKs: We don’t offer SDKs, and they’re not on our roadmap right now. You should use a PDF SDK (available for any number of languages) to apply the signature and DSS into your PDF, or use our CLI.

Testing/demos: You can create demo API keys against a self-signed certificate we provide so you can test your implementation without incurring usage charges; behavior mirrors production.

Audit & usage visibility: We maintain internal audit logs of sealing operations for security and billing. Once subscribed, you can access a customer-facing usage report in your account. If you need event-level exports, contact us.