Overview/Compliance Disclosures

Compliance Disclosures

Last updated: January 1, 2026 · Version 1.0

I. Electronic Signature Disclosures (ESIGN / UETA)

The following disclosures are provided in accordance with the Electronic Signatures in Global and National Commerce Act (ESIGN Act, 15 U.S.C. § 7001 et seq.) and the Uniform Electronic Transactions Act (UETA).

Consent to Electronic Records and Signatures

By initiating a signing ceremony on this platform, you consent to: (a) conducting the subject transaction by electronic means; (b) the use of electronic signatures to bind you to the terms of any agreement you sign; and (c) receiving all required disclosures, notices, and records electronically. You may withdraw this consent at any time before completing a signing ceremony without penalty, at which point the session will be voided.

Right to Paper Copy

You have the right to request a paper copy of any record. To obtain one, download the evidence bundle (ZIP) from the signing ceremony completion screen, print the enclosed certificate.json and agreement.json files, and retain them for your records.

Hardware / Software Requirements

To access and retain electronic records from this Service, you need: a modern web browser supporting Web Crypto API (Safari 17+, Chrome 116+, Firefox 117+, Edge 116+); the ability to save files in JSON and ZIP format; optionally, software capable of reading ZIP archives.

II. TCPA / OTP Consent Disclosure

If OTP delivery via SMS or email is enabled for your session, by initiating OTP delivery you consent to receive one automated message at the contact method provided. Message and data rates may apply. This consent is transaction-specific and does not constitute consent to future marketing communications. Reply STOP to any SMS to opt out. For assistance, contact us at docs.unykorn.org.

III. Regulatory Framework & Compliance Tags

The Doc Intelligence Engine incorporates design principles from the following regulatory and technical frameworks. Compliance tags are included in certificate payloads for machine-readable audit purposes.

ESIGN UETA SEC-17A4 SOC2 GDPR-ART9 CCPA RFC8785
  • ESIGN Act (15 U.S.C. § 7001) — Electronic signature validity for interstate commerce
  • UETA — State-level electronic transaction uniformity
  • SEC Rule 17a-4 — Electronic records retention and WORM/audit trail requirements (advisory alignment)
  • SOC 2 — Security, Availability, and Confidentiality trust service criteria (architectural alignment)
  • GDPR Article 9 / CCPA — Data minimization principles applied to session design
  • RFC 8785 (JCS) — JSON Canonicalization Scheme for deterministic hashing
  • Ed25519 (RFC 8032) — Edwards-curve Digital Signature Algorithm
  • IPFS / Content Addressing — SHA2-256 multihash for immutable document anchoring

IV. Governance Tiers

Sessions and certificates are tagged with Governance Tier metadata indicating the assurance level applied at execution time.

TIER 0Standard

SHA-256 hash integrity only. No OTP verification. Suitable for informational agreements, pilot programs, or low-risk transactions where speed is prioritized over identity verification.

TIER 1Enhanced

OTP-verified session + Ed25519 certificate signing + JSZip evidence bundle. Appropriate for NDAs, term sheets, LOIs, consulting agreements. Certificate is time-stamped and machine-verifiable.

TIER 2Institutional

All Tier 1 controls + IPFS-anchored CID for immutable ledger proof. Designed for subscription agreements, side letters, regulatory filings, and any scenario requiring independent third-party verification of prior existence.

V. Cryptographic Architecture Disclosure

  • Signing Algorithm: Ed25519 (RFC 8032) — 256-bit security, 64-byte signature
  • Hash Function: SHA-256 (FIPS PUB 180-4) — 256-bit output
  • Canonicalization: RFC 8785 (JSON Canonicalization Scheme) — deterministic key-sorted UTF-8 serialization
  • Key Storage: Cloudflare KV (AES-256 encrypted at rest, Cloudflare-managed)
  • Key Generation: Web Crypto API — generateKey({name: "Ed25519"}, extractable, ["sign", "verify"])
  • OTP Security: 6-digit CSPRNG, SHA-256 hashed at rest, 300-second TTL, 5-attempt rate limit, timing-safe compare
  • IPFS Anchoring: Kubo v0.39.0, multipart/form-data POST to local RPC, SHA2-256 CID v1

The authoritative Ed25519 system public key is published at public-key.html and verifiable programmatically at /api/public-key.

VI. No-Advice Disclaimer

Nothing in this Service, its documentation, or any certificate generated by it constitutes legal, financial, securities, tax, or investment advice. From The Hart Trading LLC is not a law firm, broker-dealer, investment adviser, or regulated financial institution. All parties to any agreement generated through this Service are solely responsible for obtaining independent professional advice appropriate to their circumstances.

VII. Data Sovereignty

Data processed by the Service resides on Cloudflare infrastructure, which operates globally distributed edge nodes. By using the Service, you consent to processing in jurisdictions where Cloudflare operates. IPFS-anchored content is distributed across the public IPFS network by design and is not subject to geographic data controls once published.

Privacy Policy → Terms of Service → Security Architecture → Back to Overview