Content Rights
When you sign a file with Sign It, you can attach a Content Rights manifest — a machine-readable declaration of your terms, backed by your cryptographic signature.
Why It Matters
There's no standardised way for creators to declare terms for commercial use and AI training that is:
- Verifiable — cryptographically signed, can't be forged
- Discoverable — on a public DHT, not buried in metadata
- Machine-readable — AI crawlers and pipelines can check programmatically
- Persistent — not dependent on a single server
Sign It addresses this gap. Your rights declaration is attached to cryptographic proof of authorship.
Fields
All fields are optional. You control what to include at signing time.
License
| Value | Meaning |
|---|---|
| All Rights Reserved | No permissions granted |
| CC0 | Public domain dedication |
| CC BY | Attribution required |
| CC BY-SA | Attribution + ShareAlike |
| CC BY-NC | Attribution + NonCommercial |
| CC BY-NC-SA | Attribution + NonCommercial + ShareAlike |
| MIT | MIT License |
| Apache 2.0 | Apache License 2.0 |
| GPL 3.0 | GNU GPL v3 |
Commercial Licensing
| Value | Meaning |
|---|---|
| Not available | Not open to commercial licensing |
| Open to licensing | Contact me to discuss licensing (via Flowsta relay) |
AI Training Policy
| Value | Meaning |
|---|---|
| Allowed | Free to include in AI training data |
| Allowed with attribution | May train on, but credit the creator |
| Requires license | Must obtain a license before training |
| Not allowed | Do not include in AI training data |
Contact Preference
| Value | Meaning |
|---|---|
| No contact | Do not contact me about this file |
| Allow contact requests | I'm open to messages via Flowsta's blind relay |
Contact Relay
When a signer sets "Allow contact requests", the verification page shows a Contact signer button. The requester fills in their name, email, purpose, and a message. Flowsta relays this as an email to the signer.
Privacy guarantees:
- The signer's email is never exposed to the requester
- The API returns the same response whether the signer exists or not (prevents enumeration)
- Rate limited: 3 messages per hour per IP
- The signer decides whether to reply
What It Does NOT Do
- It's not DRM — it doesn't prevent copying or training
- It's not legally binding by itself — but a signed, timestamped, publicly verifiable declaration is strong evidence in disputes
- It doesn't enforce compliance — but it makes terms clear and discoverable
Example
A photographer signs a photo with:
Intent: Authorship
AI Content: None
License: CC BY-NC 4.0
Commercial: Open to licensing
AI Training: Requires license
Contact: Allow contact requestsThis means: "I created this photo without AI. You can share it non-commercially with attribution. For commercial use or AI training, contact me to arrange a license."
Anyone verifying the file sees this declaration, backed by the photographer's cryptographic identity.