
Prepare a controlled share
Choose the documents, recipient, purpose and expiry. Three-factor access, watermarking, audit logging and revocation apply to each share.
Explore controlled sharingInstead ofEmail
1Bridge Vault lets Beneficial Owners & Controllers store sensitive identity, financial, and corporate documents once, then securely share controlled, watermarked access with the Regulated Firms that need to review them.
Beneficial Owners
& Controllers
1Bridge
Regulated Firms
controlled access
Separate vaults (workspaces) for personal KYC, portfolio companies, and SPVs — one password.
The Problem
Regulated Firms have a duty to request sensitive identity, ownership, and financial information during onboarding and diligence. Those requests are legitimate. They usually arrive by email, WhatsApp, or shared folders, and the copies end up in places you do not control.
Anyone under document review faces the same pattern: sensitive identity and financial records sent through channels never designed for controlled sharing.
Your assistant needs to update a source-of-wealth declaration for the lawyers. Again. Third time this month. Same documents, different thread, no version control.
A regional bank needs proof of address. Your accountant wants ID. Documents scatter across email threads, living forever in five different inboxes you do not control.
NDAs and vendor agreements go through DocuSign or email PDFs. You trust the platform's audit log, not independent proof. The signed copy has no watermark, and no independent way to prove what was actually executed.
1Bridge Vault complements enterprise KYC platforms by handling the dozens of ad-hoc document requests that come through informal channels, the ones that do not justify a full compliance workflow.
Who It Is For
Owner side
Founders, directors, UBOs, controllers, investors, authorised signatories, property buyers, and expats are repeatedly asked to prove identity, ownership, authority, and source of funds. 1Bridge gives them one controlled way to share sensitive documents.
Explore Owners & ControllersFirm side
Law firms, accountants, auditors, banks, corporate service providers, and onboarding teams need sensitive documents to onboard clients, complete diligence, and evidence reviews. 1Bridge gives clients a safer way to share documents with your team.
Explore Regulated FirmsInside 1Bridge
Prepare document access, track recipient copies, delegate operations, and sign contracts from one encrypted vault.

Choose the documents, recipient, purpose and expiry. Three-factor access, watermarking, audit logging and revocation apply to each share.
Explore controlled sharing
Every view receives a unique watermark reference. The same reference appears in the access record, so the owner can trace a copy and revoke future access.
See the recipient workflow
Delegates prepare requests and review audit metadata. The owner retains the keys and approves document access.
Read about delegation
A SHA-256 hash chain records each signing stage. Owner-finalized contracts receive an OpenTimestamps proof that anyone can verify against Bitcoin.
Explore contract signingTrust Model
Most services ask you to trust the provider with your files. 1Bridge is built so that trust is not required: no one can read your documents without your approval.
The guarantee is enforced by cryptography rather than by a stated policy.
Encrypted in your browser before upload. We only store ciphertext.
Never transmitted. Key derivation happens entirely in your browser.
KEK, DEKs, and LSKs exist only in browser memory. Never persisted server-side.
One-time codes sent directly to vendors. Never stored, never logged.
We cannot read your documents, delegates work only with metadata, and every vendor access is logged and watermarked. The only party that has to be trusted is you.
Use Cases
Banks and PSPs request identity, address, source-of-funds, and ownership documents. They often arrive as email attachments instead of controlled access.
Founders, directors, UBOs, and signatories send identity, authority, and company records through WhatsApp and shared folders.
Audit teams request sensitive personal, company, and financial records that scatter across inboxes and local downloads.
Property purchases require identity, bank statements, income, tax, and source-of-funds evidence forwarded in email chains.
Residency, banking, and tax workflows require repeated sharing of passports, proof of address, and financial evidence.
Investors and founders provide ownership charts, source-of-wealth materials, and corporate records through ad hoc channels.
How We Compare
1Bridge sits between informal channels and enterprise platforms. It gives you more control than plain file storage and more proof than standard e-sign.
Ad-hoc KYC requests through email and WhatsApp vs structured sharing.
Google Drive, Dropbox
WeTransfer
Persona, Onfido
Google Drive, Dropbox
Best for
General file sharing
WeTransfer
Best for
One-time file transfers
Best for
Secure KYC sharing + signing
Persona, Onfido
Best for
Full compliance workflows
Platform audit logs vs independent Bitcoin-anchored proof.
DocuSign, Dropbox Sign
Informal signing
DocuSign, Dropbox Sign
Best for
Standard business e-sign
Informal signing
Best for
Quick informal agreements
Best for
Attested confidential contracts
Note on e-sign platforms: DocuSign and Dropbox Sign encrypt data in transit and at rest, but process readable documents on their servers to apply signatures. Their audit trails are platform-controlled. 1Bridge keeps ciphertext on the server and adds OpenTimestamps proof anyone can verify at /verify.
Under the Hood
The same four components underpin both sharing and signing.
Argon2id key derivation, AES-256-GCM document encryption, ciphertext-only storage.
Visible and invisible watermarks on every view and download, with public verification.
OpenTimestamps anchors the SHA-256 of executed contracts to the Bitcoin blockchain.
Teammates run sharing and signing workflows without access to plaintext or keys.
FAQ
Security and privacy questions answered honestly.
Yes. Create named vaults (workspaces) under one account. One password derives keys for all your vaults. Documents, team delegates, and audit trails stay isolated per vault.
1Bridge Vault is designed for Beneficial Owners & Controllers who personally handle document requests from Regulated Firms. You own the vault and control all access. Optionally, you can delegate to team members (like ops or legal) who can create share requests and manage workflows, but they never see your documents, encryption keys, or vendor secrets. Only you can approve shares and generate the cryptographic material needed for vendor access.
No. Delegates (team members) can create share requests and manage sharing workflows, but they never have access to your documents, encryption keys, or vendor secrets. They work with metadata only. Only you, as the vault owner, can approve share requests and generate the cryptographic material needed for vendor access.
There is no password recovery. Your vault password is never transmitted to our servers; it is used locally to derive your encryption keys. If you lose it, your documents cannot be recovered. This is a deliberate security choice: it means even we cannot access your documents under any circumstances. We recommend using a password manager.
Vendors must complete a three-step verification: (1) They receive a share link, (2) They verify their email address via a one-time passcode (OTP), and (3) They enter a one-time vendor secret that was sent directly to them. Only after all three factors are verified can they view documents.
Yes, and every download is tracked and watermarked with the vendor's details, timestamp, and a unique reference ID that appears in your audit log. Watermarks are single-use and can always be traced back to the vendor that first accessed the document. Images and PDFs both receive visible and invisible watermarks. Each watermark includes a verification link you can check at any time.
No watermarking system is foolproof. Determined users can screenshot documents or attempt to remove watermarks with image editing tools. However, watermarking creates a strong deterrent and provides accountability through the audit trail. Each watermark is unique and single-use, meaning if a document is shared without authorization (even via screenshot), it can always be traced back to the vendor that first accessed it. The audit log records every view and download with unique reference IDs, regardless of whether the watermark is later removed.
Yes. You can create signing requests for PDFs, place signature fields, and collect vendor signatures with recorded electronic consent. In dual-signing mode, the owner counter-signs after the vendor. The fully executed PDF is watermarked, hash-chained, and when the owner finalizes, anchored to Bitcoin via OpenTimestamps with a downloadable verification certificate.
When an owner counter-signs a contract (dual-signing mode), 1Bridge computes the SHA-256 hash of the final watermarked PDF and anchors it to the Bitcoin blockchain using OpenTimestamps. Anyone can verify the document independently at /verify without trusting 1Bridge. Vendor-only signing completes the contract but does not trigger blockchain attestation.
The vault supports identity documents (passport, national ID, driver's license), proof of address, source-of-funds and source-of-wealth materials, ownership evidence, company records, director and signatory documents, and PDF contracts for signing. These are the documents most commonly requested by Regulated Firms during onboarding, diligence, banking, legal, audit, and transaction workflows.
Yes. You or your delegates can revoke any share link instantly. Once revoked, the vendor's access stops immediately, even if they still have the link and vendor secret. Revocation is logged in your audit trail.
Documents are encrypted with AES-256-GCM. Encryption keys are derived from your vault password using Argon2id. Each document has its own random encryption key (DEK), wrapped with your master key (KEK). Share links use HKDF-SHA256 to derive wrapping keys from one-time vendor secrets.
No. 1Bridge is a controlled document-sharing layer, not a KYC, AML, DMS, CRM, or compliance system. It helps Beneficial Owners & Controllers share sensitive documents with your team more safely, complementing the systems you already use for onboarding and diligence.