Every other e-signature tool is a walled garden: if the vendor disappears, the proof disappears with it. ProofLeaf is built the opposite way. If ProofLeaf shut down tomorrow, every document you've signed would remain independently verifiable — forever, by anyone, with no ProofLeaf account and no ProofLeaf servers.
Every finalized PDF carries its own evidence: a full audit-trail page (signers, consent, IP, location, timestamps), a SHA-256 content fingerprint, and — when enabled — an embedded PAdES cryptographic signature. None of this requires contacting ProofLeaf to read or check.
On completion we email every party a .zip containing the signed PDF, an OpenTimestamps proof, an offline verification page, a machine-readable audit record, and a Certificate of Evidence. Keep that file anywhere. It is everything needed to prove the document, with zero dependencies on us.
An open-source, MIT-licensed verifier re-computes the hash, validates the embedded signature, and checks the Bitcoin anchor — entirely offline, auditable by anyone:
npx @proofleaf/verify signed.pdf proof.ots
The document's hash is anchored into the Bitcoin blockchain via OpenTimestamps. Anyone can confirm that anchor against public block explorers using the open OpenTimestamps client. This is a decentralized proof-of-existence — not an RFC-3161 or qualified electronic timestamp — and it does not rely on ProofLeaf existing.
An honest note on trust
The hash and embedded signature prove a document has not been altered since signing. ProofLeaf's default signing certificate is self-signed: it proves integrity, while trusting who the signing authority is still means trusting ProofLeaf — exactly as disclosed in the product. The independent checks above do not.