Agreements that
hold.
Pacta is the document signing platform built for teams that take agreements seriously. eIDAS-grade cryptographic signatures, long-term verifiability, a developer-first API, and the compliance posture your auditors will sign off on — without the legacy enterprise sticker shock.
Trusted infrastructure, end to end
Product
Everything you need to ship
agreements at scale.
Pacta replaces the patchwork of e-signature tools, audit spreadsheets, and brittle integrations with one platform that does the whole job — and a clean API to wire it into yours.
Cryptographic signatures
Every signature is a CAdES / PKCS#7 cryptographic envelope, not a JPEG of someone's name. Pair with a Time Stamp Authority and Long-Term Validation, and signatures stay verifiable for decades — even after issuing certificates expire.
Smart templates
Convert your master agreements once. Reusable templates with form fields (signature, initials, text, date, checkbox, dropdown), conditional sections, and recipient-aware variables. Version-controlled so the right template ships every time.
Multi-party workflows
Sequential, parallel, or hybrid signing orders. Approvers, observers, and CC recipients with distinct permissions. Auto-reminders, deadlines, and decline-with-reason flows — wired into the same audit trail.
Embedded signing
Drop the signing experience directly into your product with a few lines of code. White-labeled iframe or our React SDK, presigned tokens, full event hooks. Your customers never leave your domain.
Per-tenant branding
Each team or business unit ships its own logo, sender domain, footer, and signing-page theme. White-label without the enterprise upcharge — and without forking. Configure from the admin UI in two minutes.
Immutable audit trails
Every view, signature, field change, and recipient action is recorded with timestamp, IP, and authenticated identity. The audit certificate is embedded in the signed PDF — not stored separately to be lost.
Developers
Built API-first, not
API-also.
Every product surface in Pacta is built on the same public API that you use. No internal-only endpoints, no second-class SDK. Ship signing into your app in an afternoon.
REST + JSON
A clean, versioned REST API. Predictable resources, idempotent retries, cursor-paginated lists, structured error envelopes.
Per-team API tokens
Scoped tokens by team, environment, and permission. Rotate without downtime. Usage logged on every request.
Webhooks for everything
document.sent, document.viewed, document.signed, document.completed, document.declined — fanout with HMAC signatures and at-least-once delivery.
Embedded signing
Drop signing into your product with presigned recipient tokens. Fully white-labeled, full event hooks back to your app.
// Send a contract for signature
const res = await fetch('https://sign.pacta.ink/api/v2/documents', {
method: 'POST',
headers: {
'Authorization': `Bearer ${PACTA_API_KEY}`,
'Content-Type': 'application/json',
},
body: JSON.stringify({
title: 'Master Service Agreement',
templateId: 'tpl_msa_v3',
recipients: [{
name: 'Jane Smith',
email: 'jane@acme.co',
role: 'SIGNER',
}],
meta: {
subject: 'Please sign your MSA',
timezone: 'America/New_York',
},
}),
});
const { documentId, signingUrl } = await res.json(); webhook.received →
document.completed delivers the signed PDF, audit certificate, and
recipient field values to your endpoint with HMAC-SHA256
signature verification.
Use cases
Built for the documents
that actually matter.
Lending agreements that close in minutes, not days.
Loan agreements, FRPAs, KYC packets, vendor disclosures. Wire signing into your underwriting pipeline so funded contracts go from approval to executed in a single API call. Per-merchant branding keeps your borrower experience on-brand.
- Per-tenant white-label for partner originators
- Webhook events into your loan management system
- Audit trail your auditors actually accept
Vendor onboarding without the email chains.
Hotel partnership agreements, supplier contracts, multi-property NDAs — all routed through reusable templates with pre-filled tenant data. Multi-language support for cross-border deals.
- Multi-party sequential workflows
- Reusable templates per property or partner type
- Mobile-first signing for field teams
Internal documents your team will actually use.
NDAs, MSAs, contractor agreements, internal sign-offs. Replace the DocuSign sprawl with one platform your ops team controls — and your finance team approves.
- Bulk send for company-wide documents
- Scheduled reminders and decline-with-reason flows
- Cost predictable across the org, not per-seat
Offer letters out the door the same hour.
Offer letters, employment agreements, equity grants, onboarding paperwork. Templated, branded, and routed to the right approver chain — without HR spending an afternoon on every hire.
- Conditional fields based on role, location, salary band
- Signed PDF auto-filed to your HRIS via webhook
- Compliant audit trail for employment law review
Security & Compliance
Built so your auditors
sign off, not push back.
Pacta is engineered for the same scrutiny that fintech, health, and regulated industries apply to their core production systems. Below is the actual surface — no marketing-flavored vagueness.
eIDAS Advanced Electronic Signatures
Signatures are uniquely linked to and identify the signer, are created with sole-control means, and are bound to the document such that any tampering is detectable. Same legal weight as ink in the EU, UK, and most major jurisdictions.
CAdES / PKCS#7 cryptographic envelope
Signed documents are wrapped in the IETF-standardized signature format, embedding the signer certificate chain, signing time, and document hash inside the PDF itself.
Long-Term Validation (LTV)
OCSP and CRL revocation data is captured and embedded at signing time. Documents stay verifiable decades later — even after the issuing CA goes offline or certificates expire.
Time Stamp Authority (TSA) integration
RFC 3161 trusted timestamps from configurable TSA endpoints, anchoring every signature to a verifiable point in time independent of system clocks.
AES-256-GCM encryption at rest
Every document and PII payload encrypted with authenticated encryption. Key rotation supported. TLS 1.3 enforced for all client and webhook traffic.
Granular RBAC + scoped API tokens
Per-team and per-organization roles, scoped API tokens with permission boundaries, recipient-level access controls. SAML / OIDC SSO available on the Enterprise tier.
Immutable audit certificates
Every action is recorded with timestamp, source IP, user agent, and authenticated identity. The audit log is embedded in the final PDF — not stored separately to be lost or forged.
Compliance posture
GDPR-aligned data handling. SOC 2 Type II audit in progress. AATL trust anchor pathway available. HIPAA Business Associate Agreement on the Enterprise tier (roadmap).
Pricing
Pricing built for
every stage.
Transparent tiers, no surprise per-envelope fees, no procurement gauntlet to scale up. Annual discounts and volume pricing available on Business and Enterprise.
Starter
forever
For individuals testing the platform.
- 5 signature requests per month
- Up to 3 reusable templates
- Email-based signing
- Standard audit trail
- Community support
Pro
per user / month
For small teams shipping agreements weekly.
- 100 signature requests per user
- Unlimited templates
- Per-tenant branding
- Webhook events
- Standard support (24h)
Business
per user / month
For growing teams with developers in the loop.
- Unlimited signature requests
- Full REST API + webhooks
- Embedded signing
- Multi-party workflows
- Bulk send
- Priority support (4h)
Enterprise
tailored to scale
For regulated industries and global rollouts.
- Everything in Business
- SAML / OIDC SSO
- On-premise deployment option
- Custom SLA + dedicated CSM
- SOC 2 documentation package
- AATL trust-anchor onboarding
All plans include eIDAS-grade signatures, immutable audit trails, AES-256 encryption, and the same security posture. The difference is volume, branding, API access, and support.
Ship your first contract
this afternoon.
Stand up your team, pull in your master agreement, send your first signed PDF in under ten minutes. No procurement call, no sales gauntlet, no per-envelope nickel-and-diming.