Every feature is built with one goal: protecting your sensitive documents while making them easy to send and track.
We use the same encryption standard as the Malaysian banking system. Your documents are encrypted before they leave your device and can only be decrypted by your intended recipient.
The gold standard used by governments and banks worldwide. Each file gets a unique encryption key.
Not even TrustNvelope can read your documents. Encryption happens in your browser, decryption in the recipient's.
Even if a future key is compromised, past communications remain secure. Each session uses unique keys.
Algorithm: AES-256-GCM (Galois/Counter Mode)
Key Exchange: ECDH with Curve25519
Hashing: SHA-256 for integrity verification
Key Storage: Keys are never stored on our servers. They're derived from recipient's private key.
Compliance: Meets requirements for Malaysian Personal Data Protection Act (PDPA) Section 9 on Security.
You upload document → encrypted in browser with unique key
Only encrypted data sent to our servers
Recipient verifies identity with 2FA code
Document decrypted in recipient's browser
Zero knowledge left on our servers
When did they open it? From where? Did they download it? Our blockchain-inspired audit trail creates an unbreakable chain of custody.
{
"event_id": "evt_9k3m2n1p",
"action": "ENVELOPE_OPENED",
"timestamp": "2024-01-15T09:23:45.123Z",
"envelope_id": "env_7x8y9z",
"recipient": "client@lawfirm.my",
"ip_address": "124.13.xxx.xxx",
"location": "Kuala Lumpur, MY",
"device": "Chrome 120 / Windows 11",
"verification": "2FA_SMS",
"previous_hash": "0x7d8f3a2e...",
"current_hash": "0x3b5c9e1a..."
}
Each event is cryptographically linked to the previous one, making tampering immediately detectable.
Under Malaysian Evidence Act 1950 (Act 56), electronic records with proper audit trails are admissible as evidence. Our system is designed to meet:
🇲🇾 Malaysian lawyers trust us: "The audit trail provides the evidentiary weight needed for court proceedings. Every timestamp is verified against Malaysia's national time server."
Compliant with Malaysian Digital Signature Act 1997. Three ways to sign, all legally binding.
Use mouse, touchpad, or finger on mobile. We capture biometric data (speed, pressure points) for additional verification.
Type your name and choose a font. Combined with 2FA verification, this meets legal requirements for electronic signatures.
Upload an image of your wet signature. Our system verifies and timestamps it.
| Method | Legal Status | Best For |
|---|---|---|
| Draw + 2FA | ✅ High | Contracts, NDAs |
| Type + 2FA | ✅ High | Sales agreements |
| Upload + 2FA | ⚠️ Medium | Internal approvals |
*Demo only. Real signatures are encrypted and timestamped.
| Feature | Standard Email | TrustNvelope |
|---|---|---|
| End-to-End Encryption | ❌ | ✅ AES-256 |
| Proof of Delivery | ❌ | ✅ Timestamped |
| Read Receipts | ⚠️ Unreliable | ✅ Forced |
| Digital Signatures | ❌ | ✅ Legal-grade |
| Audit Trail | ❌ | ✅ Immutable |
| File Size Limit | 25MB (typical) | Up to 1GB |
| PDPA Compliance | ❌ | ✅ Built-in |
Join hundreds of Malaysian businesses already on the waitlist.
Get Early AccessNo credit card required. Launching Q2 2024.