Every document. Timestamped. Sealed. Legally admissible.
SealDoc adds a cryptographic proof layer to every document: RFC 3161 timestamps from an EU-qualified TSA, chain of custody, and a Legal Evidence Pack ready for court or audit.
What is an RFC 3161 timestamp?
Like a notary stamp, but cryptographic and EU-qualified.
An RFC 3161 timestamp is a cryptographic proof that a specific document existed at a specific point in time and has not been altered since. SealDoc submits a hash of your document to an EU-qualified Time Stamping Authority (TSA), which signs the response. The result is embedded in your Evidence Pack and can be independently verified by any party.
Why it matters: if a document is ever disputed in court or during a regulatory audit, the timestamp proves it existed before the dispute arose and has not been tampered with since.
# Timestamp a sealed document
POST /api/jobs
{
"timestampRfc3161": true,
"generateEvidencePack": true
}
# Response includes:
# - PDF/A-3 with embedded RFC 3161 token
# - Signed by an EU-qualified TSA
# - Tamper-evident since the moment of sealing # Place a document on Legal Hold
PUT /api/jobs/{id}/legal-hold
# The document is now frozen:
# - Cannot be deleted or modified
# - Audit event logged with timestamp
# - Remains until hold is explicitly released Legal Hold
Freeze a document so it cannot be deleted or modified, even by administrators.
When you need it
One API call: PUT /api/jobs/{id}/legal-hold with a reason field. The hold is logged to the tamper-resistant audit trail and blocks all deletion or modification requests until explicitly released.
Retention categories
SealDoc enforces retention: documents cannot be deleted before their retention period expires.
| Category | Period | Applicable law | Countries |
|---|---|---|---|
| OPERATIONAL_1Y | 1 year | Internal policy / best practice | EU-wide |
| BUSINESS_7Y | 7 years | Commercial law / tax regulations | NL, DE, BE, FR, PL, CZ |
| ARCHIEFWET_20Y | 20 years | Archiefwet / public records law | NL (government bodies) |
Legal Evidence Pack: what is inside
One ZIP file, ready for court submission, tax audit, or regulatory inspection.
- PDF/A-3 document (ISO 19005-3)
- Audit trail: who, what, when, IP address
- RFC 3161 timestamp certificates
- Manifest hash-chain v2.0
- Ready for: court submission, tax audit, regulatory inspection
GDPR compliance layer
Art. 17: Right to erasure
DELETE /api/jobs/{id}/data removes all blobs and database rows. The audit trail entry is preserved (required by law) but the document content is gone.
DELETE /api/jobs/:id Art. 20: Data portability
GET /api/tenant/export returns a full ZIP of all your data: documents, audit trail, metadata. No vendor lock-in.
GET /api/tenant/export Art. 28: Data processing agreement
A DPA is available on request. Contact privacy@sealdoc.eu.
qSeal: eIDAS Qualified Electronic Seal (coming soon)
A qualified electronic seal (qSeal) provides the strongest legal presumption of integrity and origin under EU law. SealDoc infrastructure is ready. We are launching when the first enterprise customers need it.
Interested in qSeal for your organization? Get notified when it launches.
Notify me when qSeal launches