Open-source NDA-gated content portal. Sign before you see.
VaultGate lets you share confidential information behind a legally-binding NDA wall. Visitors sign a mutual NDA with a canvas signature, get an access token automatically, and unlock your protected content. No DocuSign. No recurring fees. Your infrastructure, your data, your rules.
Live example: hello-una.ai/investors
- Custom e-signature — Canvas-based signature pad with full ESIGN Act / UETA compliance
- Auto-unlock access — Sign the NDA, get immediate access via JWT tokens
- Return visits — Access codes let signers return without re-signing
- Visitor tracking — Know who signed, when, what they viewed, and how long they spent
- Confidential watermark — Each viewer sees their name watermarked on content
- Scroll tracking — Know if signers actually read the NDA before signing
- Configurable NDA text — Bring your own NDA language (lawyer-reviewed recommended)
- Dark mode by default — Beautiful glassmorphic UI, fully customizable
- Zero dependencies — Vanilla HTML/CSS/JS frontend, no framework required
- Vercel-ready — Serverless API functions deploy in one click
git clone https://github.com/tombudd/vaultgate.git
cd vaultgateEdit vaultgate.config.js:
export default {
brand: {
name: 'Your Company',
tagline: 'Investor Portal',
},
nda: {
companyName: 'Your Company LLC',
companyState: 'California',
companyCounty: 'Your County',
},
notifications: {
adminEmail: 'you@yourcompany.com',
},
deployment: {
baseUrl: 'https://yoursite.com',
},
};# Generate a strong secret
openssl rand -hex 32
# Set as environment variable
export VAULTGATE_JWT_SECRET=your_generated_secretOn Vercel, add this in Settings > Environment Variables.
# Deploy to Vercel
npx vercel --prod
# Or any static host with serverless function supportYour NDA-gated portal is live at yoursite.com/ (or wherever you deploy it).
vaultgate/
├── index.html # Main portal page (NDA gate + content)
├── vaultgate.config.js # All configuration in one file
├── assets/
│ ├── vaultgate.css # Styles (customizable via CSS variables)
│ └── vaultgate.js # Client-side logic (signature, auth, tabs)
├── api/
│ ├── sign-nda.js # Vercel serverless: process NDA signing
│ ├── verify.js # Vercel serverless: validate tokens/codes
│ └── track.js # Vercel serverless: log page views
├── vercel.json # Vercel routing config
├── docs/
│ ├── LEGAL.md # Legal considerations for NDA portals
│ ├── CUSTOMIZATION.md # Theming, branding, and content guide
│ └── API.md # API endpoint documentation
├── examples/
│ └── hello-una-investors.html # Real-world example (ResoVerse)
└── LICENSE # MIT License
Visitor arrives → NDA Gate
↓
Fills in name, email, company
↓
Reads NDA text (scroll tracked)
↓
Checks agreement boxes
↓
Signs with canvas signature pad
↓
POST /api/sign-nda
→ Validates fields
→ Captures IP, timestamp, user agent
→ Stores NDA record
→ Generates JWT token + access code
→ Sends admin notification email
↓
Token set as secure cookie
↓
Portal content unlocked ✓
→ Tabs: Overview, Documents, Metrics, Roadmap
→ Watermarked with signer's name
→ All page views tracked
↓
Return visit? Cookie auto-verifies
OR enter access code manually
| Setting | Type | Description |
|---|---|---|
brand.name |
string | Your company/portal name |
brand.colors.primary |
hex | Primary accent color |
brand.theme |
'dark'/'light' | Color theme |
nda.companyName |
string | Legal entity name in NDA |
nda.companyState |
string | Governing law state |
nda.termYears |
number | NDA duration |
nda.requireAccredited |
bool | Show accredited investor checkbox |
auth.tokenExpiryDays |
number | Token validity period |
notifications.adminEmail |
string | Email for signing alerts |
notifications.webhookUrl |
string | Webhook on NDA sign |
analytics.enableWatermark |
bool | Show signer name watermark |
| Variable | Required | Description |
|---|---|---|
VAULTGATE_JWT_SECRET |
Yes | Secret for signing JWT tokens. Generate with openssl rand -hex 32 |
VAULTGATE_WEBHOOK_SECRET |
No | Secret for webhook signature verification |
VaultGate captures the following for each NDA signing, as required for e-signature enforceability:
- Full legal name
- Email address
- Company / organization
- Canvas signature image (PNG data URL)
- IP address
- Timestamp (ISO 8601)
- User agent string
- Timezone
- NDA version signed
- Whether the full NDA was scrolled/read
- Explicit consent checkboxes (read, agree, accredited)
This meets requirements under the U.S. ESIGN Act and UETA for valid electronic signatures.
Important: The included NDA text is a template. Have your lawyer review and customize it before using with real signers.
The open-source VaultGate handles everything you need for a single portal. For teams and organizations managing multiple portals, ResoVerse offers a premium dashboard at resoverse.tech/dashboard.
| Feature | Free (Open Source) | Pro ($29/mo) | Enterprise ($149/mo) |
|---|---|---|---|
| NDA e-sign portal | ✓ | ✓ | ✓ |
| JWT auth & access codes | ✓ | ✓ | ✓ |
| Custom NDA text & branding | ✓ | ✓ | ✓ |
| Self-hosted on your infra | ✓ | ✓ | ✓ |
| Analytics dashboard | — | ✓ | ✓ |
| NDA PDF export | — | ✓ | ✓ |
| Access revocation | — | ✓ | ✓ |
| CSV/JSON data export | — | ✓ | ✓ |
| Multi-portal management | — | — | ✓ |
| Team access (RBAC) | — | — | ✓ |
| Compliance audit reports | — | — | ✓ |
| SSO integration | — | — | ✓ |
| Priority support | — | — | ✓ |
Learn more at resoverse.tech
- Startup investor data rooms — Share pitch decks, financials, and cap tables behind NDAs
- M&A due diligence — Gated document access for potential acquirers
- IP sharing — Protect trade secrets when collaborating with partners
- Research collaboration — Share unpublished findings under confidentiality
- Regulated industries — Healthcare, defense, biotech document portals
- Client portals — Share confidential deliverables with clients
- Board materials — Distribute sensitive board decks securely
PRs welcome. Please:
- Fork the repo
- Create a feature branch (
git checkout -b feature/amazing) - Commit your changes
- Push to the branch
- Open a Pull Request
MIT License — see LICENSE for details.
Built by ResoVerse — Digital Intelligence & Governance.