SignCore started as a question we kept hearing from non-legal customers of our other products: "how do we keep track of every contract we have signed, and the ones we forgot we signed?" Most contract software is built for in-house legal teams. SignCore is built for the founder, the operator, and the finance lead who needs the answer in 30 seconds.
We took it from a single Figma board to a live SaaS used by SMBs across Europe: design, engineering, infrastructure, and operations, all in-house.
The brief
The first conversation lasted forty minutes. The brief that came out of it was a single page:
- Make every contract findable in under five seconds.
- Surface every key date (renewals, terminations, payment milestones) before they bite.
- Use AI where it actually helps, and confirm every action with a human before anything irreversible.
- Ship in under four months, with a small team.
The unspoken constraint was the real one: this had to be a product an operator could use without a tutorial. No legal jargon, no configuration screens that punish you for clicking the wrong toggle.
The build
We started with the document. A contract is a strange object: a legal instrument, a workflow trigger, a search target, and a memory aid, all at once. We built the data model around that, not around a CRUD admin panel.
The stack settled fast: React on the front, a Go API layer (Gin), PostgreSQL 16 as the source of truth, and a dedicated Go AI microservice running analysis asynchronously via Redis Streams. The model never auto-commits anything. Every extracted obligation, renewal date, or counterparty becomes a proposed action that a human confirms.
The AI assists; the human commits. That single sentence shaped half the architecture.
Confidence as a first-class field
Every extracted field carries a confidence score and a source pointer back to the exact paragraph in the source PDF. Low-confidence fields get flagged for review; high-confidence ones still need a human click to commit. This is the part that operators tell us they trust the most.
Engineering notes
SignCore runs on a deliberately small infrastructure footprint: a single VM, Caddy as the reverse proxy, and the frontend served globally from Cloudflare Pages. AI analysis runs in a dedicated Go microservice that receives jobs via Redis Streams, fetches the document from S3-compatible storage, and runs four parallel calls to the OpenAI Responses API covering basics, payments, deliverables, and clauses.
- Contract status transitions enforced by a server-side state machine; freeform status writes are not possible.
- Every query is scoped to
company_idat the repository layer; tenant isolation is structural, not a convention. - Audit log as an append-only table: every action ever taken in the system can be replayed.
- Auth covers sessions, CSRF, TOTP-based MFA, and WebAuthn, with no third-party identity provider required.
The result
SignCore is live and growing. Customers tell us the moment they decided to keep paying was the first time the system warned them about a renewal four weeks out. The product is not the AI; it is the calendar entry that the AI puts there.
How we work on it now
We continue to operate SignCore as part of an ongoing partnership. The same engineers who designed the core system maintain it; the same designer who shaped the original UX still owns the design system. Continuity is the feature.