e-sig

Own your signatures.
Verify your vendor.

Every other e-signature vendor asks you to trust them. We ship an MIT-licensed signing SDK, a continuous assurance layer any auditor can inspect, and standards housed at an independent public foundation. If our company disappears tomorrow, your evidence still verifies.

The four layers of the VMV trust stack

Two neutral public-interest institutions on top; two commercial products below. Trust and continuity do not depend on any single company remaining in business.

Public trust

UUAID Foundation

Constitutional charter, custodian of decentralized continuity for autonomous agents. Parent of IAASO. Nonprofit incorporation in attorney review.
Neutral · Independent
Standards

UUAID + IAASO

Identity registry + standards. Every agent gets a durable UUAID, Ed25519-signed credentials from AAUA, and a Polygon-anchored ledger.
Public · Neutral
Assurance

DSalvus

Agent Trust Infrastructure. Fail-CLOSED policy kernel, runtime posture, continuous evidence, monthly signed Assurance Packages.
Commercial · VMVTech
Signing

e-sig / esig-suite

MIT-licensed PDF signing SDK. PKCS#7 + RFC-3161 timestamps + tamper- evident hash chain. UUAID-aware audit; optional eIDAS QES via QTSP partners.
Commercial · VMVTech

Why the vendor architecture matters

Every enterprise-buyer conversation eventually hits the same six questions. Nobody else in the e-signature market has our answer to all six.

What buyers want to know Incumbents (DocuSign, Adobe, PandaDoc) VMV stack
Can I read the signing code?No — closed sourceYes — MIT on GitHub
Can I self-host on my own infra?NoYes — free forever
Continuous evidence between audits?No — annual SOC 2 reportYes — monthly signed Assurance Package
Public verifiability of every agent action?No — vendor-scoped audit logYes — Polygon-anchored via UUAID
Standards owned by a neutral body?No — vendor specYes — UUAID Foundation + IAASO
Trust survives vendor going away?NoYes — Foundation is independent
eIDAS Qualified Electronic Signature?Yes — via QTSPsYes — via QTSP partners

Comparison reflects publicly available offerings as of 2026 and is intended as guidance for procurement conversations, not a marketing claim about named competitors. Check each vendor for current terms.

Every other e-signature vendor asks you to trust them. We ask you to verify us. Every deployment ships with DSalvus continuous assurance, every agent action is anchored to the public UUAID registry, and the standards themselves live at the independent UUAID Foundation. If our company disappears tomorrow, your evidence still verifies.

How enterprises actually buy this

Most Business and Enterprise esig-suite deals include the DSalvus Assurance Package as a bundled add-on ($1,500–$4,000/mo per tenant). It ships as a signed monthly PDF into your compliance drive with everything a SOC 2 or HIPAA auditor needs: control results, runtime posture, agent-action attestations tied to public UUAID identities, evidence manifest with hashes, and dispute-ready envelopes.

For regulated verticals (healthcare, finance, life sciences) we ship the same package with the appropriate compliance overlay — HIPAA BAA, 21 CFR Part 11, PCI DSS — and route qualified signatures via an EU Trusted-List QTSP for eIDAS QES -grade documents.

Common questions

Is the SDK really MIT and staying that way?

Yes. No AGPL relicense, no rug-pulls. The commercial products (DSalvus, Cloud, Business, Enterprise) are how VMVTech makes money — the SDK is not something we can take away.

Does the UUAID Foundation actually exist?

Yes — uuaid.foundation. Constitutional Charter adopted as founding doctrine; formal nonprofit incorporation in attorney review. Registry live at registry.uuaid.org, API at api.uuaid.org, SDK on npm.

What if VMVTech is acquired?

The UUAID Foundation is not a VMVTech asset. Identifier scheme, Trust Registry, and IAASO standards continue independently. Existing esig-suite MIT code continues to work forever. DSalvus commercial obligations transfer to the acquirer.

Can I run this air-gapped?

Yes — Enterprise. On-prem Helm chart + installer. UUAID identity verification degrades to periodic Trusted-List snapshots when no outbound connectivity is available; DSalvus policy kernel is fully local; esig-suite runs standalone.