Legal & Compliance

Aadhaar eSign

The Tools pillar offers Aadhaar eSign for legally-valid digital signatures on Indian documents. This page explains the legal basis, how the flow works, and what data Teravu stores.

What is Aadhaar eSign?

Aadhaar eSign is an electronic signature service that uses an Aadhaar-linked OTP or biometric to authenticate the signatory and apply a digital signature to a document. eSign signatures are legally valid under the Information Technology Act, 2000 (Second Schedule, as amended) and the eSign Online Electronic Signature Service guidelines issued by MeitY.

eSign carries the same legal weight as a physical signature for most document types in India, including contracts, applications, affidavits, and will drafts (as a first step — a will also requires physical witnesses).

Authorised provider

Teravu uses an eSign service provided by a MeitY-authorised Certifying Authority (CCA) that holds a valid licence to operate under the IT Act 2000. We do not operate a Certifying Authority ourselves.

The CCA generates and applies the digital certificate. Teravu passes the document hash to the CCA, the user authenticates (OTP to Aadhaar-registered mobile), and the CCA returns the signed document. At no point does Teravu see or store your Aadhaar number or biometrics.

What data we store (and do not store)

What Teravu stores

  • The signed document (if you save it to Vault)
  • A signing event log: document name, timestamp, CCA transaction reference, and your Teravu user ID
  • The document hash (for verification purposes)

What Teravu never stores

  • Your Aadhaar number (only the last 4 digits may appear on the certificate — this is generated by the CCA, not stored by us)
  • Your biometric data
  • The OTP sent to your Aadhaar-registered mobile
  • The private key used to sign (held by the CCA)

Opt-in only — never the default

Aadhaar eSign is always opt-in. We never pre-select it or apply it silently. You choose eSign explicitly for each document. Documents can be downloaded unsigned or signed with a non-Aadhaar signature alternative.

The sign flow requires a two-step confirmation before the OTP is sent to your Aadhaar-registered mobile: (1) you review the document, (2) you confirm you want to apply an Aadhaar eSign. There is no dark pattern, no pre-checked box, no auto-proceed.

Verification

Any signed document can be verified offline using the CCA-generated digital certificate embedded in the PDF. Standard PDF signature verification tools (Adobe Acrobat, DigiLocker Verify, the NIC DSC verify tool) can confirm the signature against the CCA's root certificate.

Teravu also provides an in-app verification flow: upload a signed PDF and we verify the certificate chain without requiring the original document source.

What eSign is not valid for

  • Negotiable instruments (cheques, promissory notes) — excluded by the IT Act.
  • Powers of attorney (require physical stamp and notarisation in most states).
  • Wills — eSign can be used as a supporting step but a will requires physical witnesses and may require probate; consult a lawyer.
  • Trust deeds and documents requiring compulsory registration under the Registration Act, 1908.

Compliance references

Legal basis: Information Technology Act, 2000 — Section 3A and Second Schedule

Guidelines: MeitY eSign Online Electronic Signature Service Guidelines (2015, as updated)

Provider licensing: Certifying Authority licenced by the Controller of Certifying Authorities (CCA), MeitY

Aadhaar usage: Compliant with UIDAI eSign Service Standards; Aadhaar number never stored by Teravu

DPDPA 2023: The eSign transaction log is personal data; handled per our DPDPA compliance page

← All compliance pagesDigiLocker integration