Sign a PDF together, without a server in the middle.

Why this exists

Every e-signature platform wants you to upload your contract, your signers' email addresses, and your signature image to their database — and pay per envelope for the privilege. The contract you signed last year is sitting in someone else's S3 bucket, indexed by your account. If you cancel, the audit trail goes with them.

DocSign is the small alternative. Your PDF never leaves your tab. Each signer gets a private, end-to-end-encrypted peer link. When everyone has signed, the finished document carries the audit log inside it — yours forever, no subscription required.

How it works

You open /bay/docsign/, drop a PDF, set the number of signers, and drag signature zones onto each page. The app hands you one secure link per signer.

Each link is bound to a unique 4-word passphrase. The signer opens it, their browser derives an encryption key from the passphrase via PBKDF2 (600,000 iterations), and joins a private WebRTC room with your tab. The PDF streams to them encrypted; they draw or upload their signature, and the placement comes back the same way.

Your tab merges each submission into the canonical PDF as it arrives, but holds it locally. Other signers see only the unsigned original — they never see each other's signatures while signing is in flight. Once the last zone is signed, your tab embeds an audit log (signer names, timestamps, SHA-256 of the original PDF) and broadcasts the finished document to every signer at once.

Privacy in one paragraph

The PDF and every signature image move directly between browser tabs over WebRTC DataChannels, encrypted with AES-256-GCM keys derived from the per-signer passphrase. The signaling tracker (used only to find the other tab) never sees encrypted payloads. The only persistence is your local IndexedDB, so a refresh resumes your session — but no copy of the document, the signatures, or the audit log ever reaches a Powerful Matter server.

What happens if I close the tab mid-flow?

The session is restored from your IndexedDB on the next visit — same PDF, same zones, same passphrases. Signers' links keep working as soon as your tab is back online. They don't need to do anything; the WebRTC tracker re-announces every 30 seconds and reconnects automatically.

Are these signatures legally binding?

DocSign produces visible-signature PDFs with an embedded audit log (signer identities, timestamps, original-document hash). That meets the bar for typical commercial agreements where the parties trust each other and a documented signing event is required. It is not a qualified electronic signature under eIDAS — that requires a regulated trust service provider, which is by design out of scope for a no-server tool.

What if a signer is on a phone?

The signing flow works on touch devices — the canvas covers most of the viewport so there's room for an actual arm-motion signature. Marking signature zones (the initiator step) is more comfortable on a tablet+ screen.

What if my PDF is sensitive?

It never leaves your browser. The signaling tracker (which both tabs use to find each other) sees only the room ID hash, not the document. The PDF and every signature image are AES-256-GCM-encrypted with a key derived from the per-signer passphrase before they cross the wire.

Can a signer share their link with someone else?

Yes — there's no identity binding beyond "you have the passphrase". The per-signer link is the credential. Hand out links the way you'd hand out a one-time meeting code. If someone forwards their link, the recipient signs in their slot, and the signer name in the audit log is whatever name you (the initiator) wrote when setting up the session.