Built like a vault.
Honest about the locks.
Every primitive here is documented, audited, and reproducible. Hash-chained logs you can verify in a single command. Watermarks that are baked, not bolted on. And the things browsers cannot do — like prevent screenshots — we tell you we cannot do.
Visitor email gate + OTP
Every visitor verifies their email via a one-time code before any file loads. We hash the code with SHA-256 and store only the hash in KV with a 10-minute TTL. The plaintext exists only in the email Resend sends.
Per-visitor watermarking
Live viewer overlays the visitor’s email + IP fingerprint + UTC timestamp diagonally across every page at 8% opacity. Downloads are re-stamped server-side with pdf-lib; an invisible fingerprint is also embedded in the PDF metadata so a cropped leak is still traceable.
E-signature (ESIGN Act + eIDAS)
Owners can countersign their own document or request signatures from visitors. Each signed PDF ships with an audit certificate (document SHA-256, IP fingerprint, UA fingerprint, timestamp, audit-chain hash). Simple Electronic Signature under US/EU law.
Hash-chained audit log
Every privileged event (view, download, NDA sign, kill-switch) appends a row with prev_hash + sha256(payload). Each row is also signed with Ed25519 over chain_hash. Tamper with any byte and verification fails for every row after it.
Kill-switch
A single click writes the space’s JWTs into a KV revoke set and broadcasts a revoke frame via the space’s Durable Object. Active viewers are disconnected immediately; their viewer blanks.
What we don’t do
We do not prevent screenshots. No browser tech reliably can. What we do is raise the cost of leakage and identify the leaker via watermarking + audit trail. We say this on the homepage because investors trust honesty.
Vulnerability disclosure
We follow a 90-day coordinated disclosure policy. Email security@deckshare.ai (PGP key linked from /.well-known/security.txt). No legal action against good-faith research. Hall-of-fame credits at /security/hof.