Pactbound

Help & Support

Everything you need to get the most out of Pactbound.

Getting Started

What is Pactbound?

Pactbound creates tamper-evident evidence bundles for professional handoffs: client transitions, credential transfers, vendor offboardings, and any situation where you need a clear, unambiguous record that both parties agreed to. Every handoff is cryptographically sealed and anchored to the Hedera Consensus Service (a public ledger) so the record exists independently of Pactbound. Even if Pactbound ceased to exist, your evidence bundles would remain verifiable.

How do I send my first handoff?
  1. Click New Handoff from your dashboard and choose a template (or start from scratch).
  2. Add your recipient's email address. They do not need a Pactbound account to receive or acknowledge a handoff.
  3. Attach files, documents, or screenshots: anything you want included in the evidence record. Each file is SHA-256 hashed on your device before upload.
  4. Add any known issues or disclosures. This step protects you: it creates a record that the recipient was informed of existing problems before taking over.
  5. Optionally add credentials. These are encrypted on your device before being stored. The recipient reveals them using a view-limited link.
  6. Review and send. The recipient gets an email with a link to review, acknowledge, and sign off. Once they do, the entire bundle is anchored on-chain.
Does my recipient need a Pactbound account?

No. Recipients receive a secure link by email. They can review files, read disclosures, reveal credentials (within the view limit), and submit their acknowledgment without creating an account. If they want to send their own handoffs in the future, they can sign up: but it's never required to receive one.

What types of handoffs can I create?

Pactbound includes templates for common handoff types:

  • MSP Handoff Kit: full client transition with network docs, server configs, and credential vault
  • MSP Offboarding: client exit with evidence of completed transfer
  • Property Management: management company transition with property documentation
  • Franchise Territory Transfer: territory and asset documentation
  • Bookkeeping Transition: client accounting records and access transfer
  • Custom Handoff: start from scratch with your own sections

Handoffs

What happens after I send a handoff?

The handoff moves through these stages:

  • Sent: the recipient has been notified by email
  • Viewed: the recipient opened the handoff link
  • Acknowledged: the recipient submitted their acknowledgment and signed off
  • Completed: both parties have signed off; the evidence bundle is sealed and anchored on-chain

You can track status in real time from your dashboard. You'll receive email and push notifications at each stage.

Can I add multiple recipients to one handoff?

Yes. You can add multiple recipients with different roles: primary recipient, CC, or witness. Each recipient receives their own email notification. All acknowledgments are recorded independently in the audit trail.

Can I edit a handoff after sending it?

No: and this is by design. Once a handoff is sent, its contents are sealed. Any modification would invalidate the cryptographic hash and break the evidence chain. If circumstances change, you can create an amendment: a new handoff that references and supersedes the original: or revoke the original and create a replacement. Both actions are recorded in the audit trail.

What is a disclosure and why should I use it?

A disclosure is a formal record of a known issue you're informing the recipient about before they take over. For example: a server that needs a license renewal, a firewall with a known configuration issue, or a client with unpaid invoices. Disclosures protect you: they create an immutable record that the recipient was informed. If a dispute arises later, "you never told me about that" is not a viable argument when the disclosure is timestamped and on-chain.

What does 'expiration' do?

Setting an expiration date means the handoff must be acknowledged before that date, or it expires automatically. Expired handoffs are no longer actionable but their records remain intact. This is useful when a transition has a hard deadline: for example, a contract end date.

Can I revoke a handoff?

Yes, if the handoff has not yet been acknowledged. Revocation is recorded in the audit trail and on-chain: it does not erase the record, it adds to it. The recipient will no longer be able to acknowledge a revoked handoff. Use revocation when circumstances change and the original handoff is no longer accurate.

Credentials & Security

How are credentials protected?

Credentials are encrypted on your device before they leave your browser or phone, using AES-256-GCM encryption. The encryption key is split into two halves:

  • One half is stored on Pactbound's servers (encrypted at rest with your organization's master key)
  • One half is delivered to the recipient through the handoff acknowledgment flow

This means Pactbound cannot unilaterally decrypt your credentials. Both halves are required. Even a full compromise of Pactbound's database would not expose credential values.

What is the view limit on credentials?

Each credential has a maximum number of times it can be revealed: you set this when creating the handoff (1, 2, 3, 5, or 10 views). Once the limit is reached, the credential value is permanently destroyed and cannot be recovered by anyone, including Pactbound support. This ensures that credentials are not left indefinitely accessible after the handoff is complete.

What is the breach check?

Before sending, Pactbound checks your credential passwords against the Have I Been Pwned database: a public registry of credentials exposed in known data breaches. This check uses a k-anonymity model: only the first 5 characters of a SHA-1 hash of the password are sent to the API. The actual password never leaves your device. If a breach is found, the credential is flagged so the recipient knows to rotate it immediately.

Can I import credentials from my password manager or RMM tool?

Yes. Pactbound supports credential imports from CSV exports of the following tools:

  • IT Glue
  • Hudu
  • LastPass
  • 1Password
  • Generic CSV (with column mapping)

During handoff creation, go to the Credentials step and select "Import CSV". Choose your format and upload the export file. Credentials are parsed and encrypted on your device: the CSV is never uploaded to Pactbound's servers.

What is TOTP and should I include it?

TOTP (Time-based One-Time Password) is the seed used by authenticator apps like Google Authenticator or Authy to generate 2FA codes. Including the TOTP seed in a credential transfer means the recipient can immediately set up 2FA on their authenticator app without needing to go through an account recovery process. The TOTP seed is stored with the same encryption as the password: it is never stored or transmitted in plaintext.

Verification & On-Chain

What does 'on-chain' mean and why does it matter?

When a handoff is completed, Pactbound submits a SHA-256 hash of the entire evidence bundle: including all files, disclosures, acknowledgments, and metadata: to the Hedera Consensus Service, a public distributed ledger. This creates an immutable, timestamped record that:

  • Proves the bundle existed at a specific point in time
  • Proves the bundle has not been modified since (any change would produce a different hash)
  • Exists independently of Pactbound: anyone can verify it using the free Hedera Mirror Node API or HashScan

This matters when a dispute arises. You are not asking anyone to trust Pactbound's records: you are pointing to a public ledger that neither party controls.

How do I verify a bundle I received?

There are three ways to verify a Pactbound bundle:

  1. Web verifier: go to pactbound.com/verify and upload the .pactbound file. No account required.
  2. Mobile app: open the Verify tab and scan or upload the bundle file. All 5 checks run locally on your device.
  3. Manually on HashScan: go to hashscan.io/mainnet, enter the Hedera topic ID from the bundle, and compare the submitted hash against the SHA-256 hash of the bundle file.
What are the 5 verification checks?

When you verify a bundle, Pactbound runs five independent checks:

  1. Content integrity: every file in the bundle is rehashed and compared against the manifest. A mismatch means a file was modified after the handoff was sealed.
  2. Merkle root: the Merkle tree root computed from all file hashes is compared against the value in the manifest.
  3. Disclosure integrity: the disclosure hash in the manifest is compared against a fresh hash of the disclosure content.
  4. Acknowledgment hash: the acknowledgment record is rehashed and compared against the manifest value.
  5. On-chain proof: the Hedera Mirror Node API is queried to confirm the bundle hash was submitted to the correct topic at the expected timestamp.

All five must pass for a bundle to be considered valid. A partial pass means the bundle may have been partially tampered with: the specific failing check tells you exactly what changed.

What is a Hedera topic ID?

A topic ID (formatted as 0.0.xxxxxxx) is the address on the Hedera Consensus Service where Pactbound's on-chain records are stored. Each organization has its own topic. Every completed handoff results in a message being submitted to that topic containing the bundle hash and a timestamp. You can view all messages on a topic publicly using HashScan.

Billing & Plans

What does each plan include?
PlanSign-offs/moKey features
Free5On-chain verification, email notifications, 1 team member
Starter50Templates, credential vault (3 views), 1 team member, analytics
Pro500Webhooks, API access, custom branding (remove “Powered by Pactbound”), 3 team members
Team2,000Unlimited team members, roles & permissions, shared templates, consolidated org audit
Can I cancel at any time?

Yes. You can cancel your subscription at any time from Settings → Billing. Your plan remains active until the end of the current billing period. After that, your account moves to the free tier: your existing handoffs and evidence bundles remain accessible and verifiable.

What happens to my data if I cancel?

Canceling doesn't delete anything — see the question above. Your account moves to the free tier and your handoffs, evidence bundles, and audit trail stay accessible and independently verifiable. If you want the account itself deleted, that's a separate step from Settings → Organization: accounts with no completed handoffs are deleted immediately, and accounts with completed handoffs can't be self-service deleted because those evidence records are retained permanently — email support@pactbound.com to discuss closure options. On-chain records on the Hedera ledger are permanent regardless: they cannot be deleted and remain independently verifiable forever.

Do you offer refunds?

All fees are non-refundable except where required by applicable law. If you believe you were charged in error, contact support@pactbound.com within 14 days and we will review the situation.

Troubleshooting

My recipient didn't receive the handoff email.

Check these in order:

  1. Confirm the recipient's email address is spelled correctly in the handoff.
  2. Ask them to check their spam or junk folder.
  3. From your dashboard, open the handoff and click Resend notification.
  4. If the issue persists, share the direct handoff link from the handoff detail page: it works without email.
Verification failed: what does that mean?

A verification failure means one or more checks did not pass:

  • Content integrity failed: a file in the bundle was modified after sealing. The bundle should not be relied upon.
  • On-chain proof failed: the Hedera Mirror Node did not return a matching record. This could mean the handoff was not yet anchored (allow up to 10 seconds after completion), or the bundle hash does not match what was submitted.
  • Acknowledgment hash failed: the acknowledgment record was altered after it was sealed.

If you receive a bundle that fails verification and you believe it should be valid, contact support@pactbound.com with the topic ID and bundle file.

I lost access to my account.

Pactbound uses passwordless magic link authentication: there is no password to lose. Go to the sign-in page, enter your email address, and click the link in the email you receive. If you no longer have access to that email address, contact support@pactbound.com with proof of account ownership.

Can Pactbound support access my credentials or handoff content?

No. Credential values are encrypted on your device before upload using a split-key scheme. Pactbound holds one half of the encryption key; the other half is only accessible through the recipient's acknowledgment flow. Neither half alone can decrypt the credential. Handoff file content is encrypted at rest. Pactbound support can view metadata (handoff titles, statuses, timestamps) for account support purposes, but cannot read file contents or credential values.

Still need help?

Email us at support@pactbound.com. We read every message and get back to you as soon as we can.