Statuspage of e-sign: how the audit trail proves a signature

When someone challenges an electronically signed contract, the question isn't 'did they click a button?' It's 'can you prove that specific person signed that specific document at that specific time, and that the document is unchanged?' The audit trail is what answers those questions.

What gets recorded per event

• Timestamp (UTC, to the second): when the document was created, viewed, and signed
• Email address: the address the signing invitation was sent to and that the signer used
• IP address: the network location from which the signing occurred
• User agent: the browser and operating system used
• Geographic location: city and country derived from the IP
• Signing method: typed, drawn, or uploaded signature image

The document hash: proof nothing changed

Before any signature is applied, InkRobin computes a SHA-256 hash of the document: a 64-character fingerprint unique to the exact bytes of the file. This hash is recorded in the audit trail. After signing, the final signed PDF's hash is also recorded. If anyone modifies even a single character of the document after signing, the hash changes. In any dispute, the hash proves the document is identical to what was actually signed.

The Certificate of Completion

InkRobin bundles the entire audit trail into a Certificate of Completion, which is attached as the final pages of the signed PDF. The certificate includes the document hash, the signing events for each party, and the metadata above. It travels with the document. Every copy of the signed PDF contains the proof of how it was signed.

What this means legally

Under ESIGN and UETA, an electronic signature must be 'attributable to a person' and the record must be 'retainable and reproducible.' A signed PDF with a Certificate of Completion containing email, IP, timestamp, and document hash satisfies both requirements. It's not infallible (nothing is), but it's the standard courts apply and what makes e-signatures enforceable.