Privacy Policy
Cryptosign is designed to minimize data exposure. This page explains what the app does locally in your browser and what it does not send anywhere.
No server-side signing or verification
Key generation, signature creation, and signature verification occur locally in your browser through WebAssembly. Files and keys do not need to be uploaded to a server for the app to work.
Private keys remain under your control
The private signing key stays inside the local passkey or authenticator on your device and is never exported by Cryptosign.
Static site delivery
The website can be delivered as a static application. Hosting providers may still record standard access logs, but the cryptographic workflow itself is not designed around centralized processing.
No account requirement
Cryptosign does not require a user account to generate keys, sign a document, or verify a signature. The goal is to keep the trust model simple and infrastructure-light.
User responsibility
You are responsible for safeguarding access to the device or authenticator that holds your passkey and for distributing your public key through a channel your clients can trust. Losing access to that passkey means losing the ability to sign as that identity.
Integrity scope
Signature verification proves whether the provided file matches the signed digest for the supplied public key. It does not prove who published the public key unless you distribute that key through a trusted channel.