Sign It by Flowsta
Sign your work.
Prove it's yours.
Sign any file. Anyone can verify it's yours. No accounts required, no servers storing your work, no platform owns it.
Built for artists, photographers, writers, businesses, and developers.
Find your fit
Who are you?
Tap the one that fits — we'll show you exactly how Sign It helps.
For Artists
Protect your art from unauthorised use
Worried AI scrapers, NFT minters, or content thieves will take your work and claim it as their own? Sign It gives you a public, verifiable record that proves authorship and declares exactly how your work can be used.
Prove you made it first
Every signature is timestamped and recorded publicly. If someone copies your work later, the timeline is on your side.
Tell AI to back off
Declare your AI training policy in the signature itself. Anyone — including AI companies — can read it before using your work.
License on your terms
Pick a Creative Commons or custom license. Allow contact for commercial use without exposing your email.
For Photographers
Stake your claim on every photo you shoot
Sign every file straight out of your editor. Sell prints, license commercially, or release as personal-use only — your terms travel with the file.
Find your photos in the wild
Sign It uses perceptual hashing — even cropped, resized, or recompressed copies can be linked back to your original.
Commercial inquiries, no spam
Anyone wanting to license your photo can contact you through Flowsta. Your email stays private.
Multi-shooter projects
Multiple photographers can sign the same file. Wedding shoots, agency work, collaborations — every contributor on the record.
For Writers, Musicians & Filmmakers
Lock in your authorship from the first draft
Manuscripts, demos, scripts, edits — sign every version as you go. Build a verifiable trail of authorship that holds up long after publication.
Version-by-version proof
Sign drafts, edits and final cuts. Every version timestamped, every contributor identifiable.
Disclose AI use upfront
Declare whether your work is human-only, AI-assisted, or AI-generated. Transparency builds trust with your audience.
Co-author signatures
Co-writers, producers, editors — everyone on the project can sign the same file. Credits become verifiable.
For Business Documents
Sign contracts and approvals — no platform lock-in
Contracts, NDAs, statements of work, board resolutions. Sign It records who signed what and when, on a public ledger nobody can quietly edit.
Multi-party signing
Counter-parties sign the same document. All signatures appear on the same verification page — no chasing PDFs around inboxes.
No vendor between you
Signatures live on a distributed network, not a SaaS database. No subscription cancellation can erase your records.
Tamper-evident
Edit a signed document and the signature breaks. Anyone can verify the file matches what was originally signed.
Verify
Check a File
Drop any file to check if it has been signed. For exact matches, the file is hashed in your browser. For similar file detection, the file is sent to the server for fingerprinting and immediately discarded.
Drop a file here to verify
or click to choose a file
How It Works
Three Steps
Step 1
Sign your file
Drop a file into Flowsta Vault on your desktop, or sign from your dashboard at flowsta.com. Your file is hashed locally and signed with your private key.
Step 2
Stored on DHT
Your signature, metadata, and content rights are committed to a public Holochain DHT. No central server — distributed across the network.
Step 3
Verify anywhere
Anyone can drop the file on this page to check signatures. The file is hashed in the browser — nothing is uploaded. Free, forever.
Features
More Than a Signature
Content Rights
Declare your license, commercial availability, and AI training policy. A machine-readable rights manifest backed by cryptographic proof.
AI Disclosure
Declare whether content was human-created, AI-assisted, or AI-generated. Transparent, verifiable, and attached to the signature.
Integrity Checks
Before signing, Vault scans your file for hidden content — steganography, appended data, invisible Unicode. Results are recorded in the signature.
Multi-Signer
Multiple people can sign the same file. Contracts, approvals, attestations — all parties visible on one verification page.
What else you get
The small print nobody else offers
Find your work in the wild
Perceptual matching catches resized, cropped, recoloured, recompressed and re-encoded copies — not just exact files. Photographers and artists can spot stolen work even after it's been edited.
Public creator pages
Every signer gets a public profile listing all their signed work. Use it as a verifiable portfolio — proof of authorship across your whole catalogue, in one link.
Private contact relay
Anyone interested in licensing or commissioning your work can message you through Flowsta. Your email address is never exposed — they reach you, you decide whether to reply.
Free verification, forever
Anyone can drop a file on our verification page to check signatures — no account, no signup, no rate-limit gating. Your audience can validate your work in three clicks.
Bulk signing
Drop dozens of files at once. Sign a whole shoot, an album, a portfolio drop, a release batch — one click, full content rights applied to every file in the set.
Outlives any platform
Signatures are recorded on a public Holochain DHT, replicated across many nodes. Even if Flowsta itself disappeared tomorrow, your signatures and proofs of authorship would still be verifiable.
For Developers
Add Sign It to your app
OAuth scope, JS SDK, webhooks for sign and revoke events. Drop signing into your platform in an afternoon.
OAuth + JS SDK
Request the sign scope. Call flowstaAuth.sign(file). Done.
Webhooks
Subscribe to sign.created and sign.revoked events. HMAC-signed payloads.
Public verify API
Free, unauthenticated endpoint. Verify signatures from your own backend or browser.
Why Sign It
How it compares to the alternatives
| Sign It | C2PA / Adobe | Blockchain NFT | DocuSign | |
|---|---|---|---|---|
| Cost per signature | Free / paid plans | Tied to Adobe | Gas fees ($1-$50+) | Paid only |
| File hosting | Not stored anywhere | Embedded in file | IPFS/centralised | On their servers |
| Open ecosystem | Yes — anyone can verify | Adobe-led standard | Chain-specific | Vendor lock-in |
| AI training disclosure | Built in | Partial | No | No |
| Multi-signer | Yes | Yes | No (1 mint) | Yes |
| Revocable | Yes | No | No (immutable) | Limited |
| Privacy on verify | Hashed in browser (file only sent for similar-match, then discarded) | Local | Public chain | Server-side |
| Works offline | Yes (Vault) | Yes | No | No |
Comparison reflects typical use cases. Each tool serves valid but different needs.
Questions
Frequently asked
Is my file uploaded when I verify?
Your file is hashed in your browser with SHA-256, and we look for an exact match using just that hash. If no exact match is found, the file is briefly sent to our server to compute a perceptual fingerprint (which finds resized, cropped, or recompressed copies of signed work), then immediately discarded. The bytes of your file are never stored.
Where are signatures stored?
On a public Holochain DHT — a distributed hash table maintained by a network of nodes. There's no central server we could shut down, no database we could lose. Signatures are replicated across the network and can be verified by anyone.
Why not blockchain?
No gas fees, no per-transaction cost, no token speculation, no environmental footprint. Holochain is agent-centric — each user has their own chain — making per-action cost effectively zero. We didn't want signing your own work to require buying crypto.
What happens if I lose my recovery phrase?
Your account can't be recovered — that's the cost of true zero-knowledge. Your existing signatures stay on the DHT (they're already public), but you won't be able to sign new files as the same identity. Back up your 24-word recovery phrase somewhere safe.
Can I revoke a signature?
Yes. Revocation is a separate signed entry that any verifier sees alongside the original. Useful if you signed something by mistake, or if you withdraw consent. The original signature stays visible — revocation is a public statement, not a deletion.
What file types are supported?
Any file. Sign It works on the SHA-256 hash, so it doesn't care if it's an image, video, PDF, .zip, source code, or anything else. Perceptual hashing (for similar-file detection) currently covers images, audio and video.
What's the cryptography under the hood?
Ed25519 signatures (the same scheme used by SSH, Signal, and Holochain itself). Keys are generated from your 24-word recovery phrase via HMAC-SHA256 derivation. Vault holds your private key; the public key is your identity on the network.
How does multi-signer work?
Each signer creates their own signature on the same file hash. All signatures show up on the same verification page. There's no 'document owner' coordinating signers — anyone with the file can add their signature at any time.
Can someone fake my signature?
Only if they have your private key (or your recovery phrase). The signature is cryptographically tied to your public key — anyone who finds someone else's public key can verify their signatures, but only the holder of the matching private key can create new ones.
What does it cost?
Free for Verify (always). Free tier for signing includes 1 signature per month for individuals, 250 per month per developer org. Paid tiers scale up — see Premium pricing for individuals or Developer pricing for orgs.