Trust

Built to satisfy the people who audit you.

Pactivo is built for regulated work — legal, accountancy, property, immigration. Compliance is not a page we wrote after the fact; it is the product. Here is exactly how it holds up.

UK data residency
Documents stored and processed in the UK. GDPR by default.
Tamper-evident audit
SHA-256 chained events, sealed and verifiable on completion.

Compliance tiers under UK eIDAS

Pactivo ships Simple Electronic Signature today, with Advanced and Qualified tiers on a public roadmap.

Live
SESSimple

Intent and consent captured, with a full audit trail. Valid and admissible for the majority of commercial agreements.

Audit trail capture
Optional identity binding
On roadmap
AESAdvanced

Uniquely linked to a verified identity via Certivus, with tamper detection on the signed document.

Certivus identity binding
Document tamper detection
Exploring
QESQualified

Backed by a qualified certificate from a trust service provider — the legal equivalent of a handwritten signature.

QTSP partnership
Qualified certificates
The proof

Every signature carries its own evidence.

The audit trail is not a download you hope never to need. It is a first-class, shareable record — every event timestamped, every device logged, every identity check attached, the whole chain sealed with SHA-256.

Who and when
Timestamps, IPs, devices for every event.
Verified identity
Certivus binding attached, proof one tap away.
Sealed & shareable
A public URL and a signed PDF, tamper-evident.

Security overview

Encryption everywhere
TLS 1.3 in transit, AES-256 at rest. Documents are encrypted per-envelope.
UK data residency
Hosted in AWS London (eu-west-2). No data leaves the UK without your instruction.
Tamper-evidence
Each event is hash-chained. A single altered byte breaks the seal, visibly.
Access control
Role-based access, SSO via Rajoka ID, and a full internal access log.
Retention you control
Set retention per workspace. Export or delete on request, honoured within 30 days.
Responsible disclosure
A published security contact and a 90-day disclosure policy for researchers.

Sub-processors

The third parties that process data on our behalf, in full.

Supabase / AWSDatabase, storage, edge compute
UK (eu-west-2)
CertivusIdentity verification (AML/KYC)
UK
ResendTransactional email delivery
EU/US

“Will it hold up?” is the only question that matters. The audit trail answers it.

A typed name proves a click. A Pactivo signature carries a verified identity, a sealed chain of evidence, and a record you can hand to a regulator without explanation.

Start signing