Is SignThem legally binding?

Yes. SignThem signatures are legally binding under the U.S. ESIGN Act, UETA, and eIDAS (EU). Every signed document includes a full audit trail with timestamps and IP addresses.

Do recipients need a SignThem account?

No. Recipients can sign documents directly from their email without creating an account. Only the sender needs a SignThem subscription.

Can I cancel my subscription?

Yes, anytime. When you cancel, you keep full access until the end of your current billing period. No hidden fees or penalties.

All documents are encrypted with 256-bit AES encryption in transit and at rest. We never share or sell your data.

What is included in the audit trail?

SignThem records every action: envelope creation, document upload (with SHA-256 hash), recipient additions, email delivery, document viewing (with IP and user agent), signature application, and completion.

Is SignThem HIPAA compliant?

SignThem supports HIPAA-compliant workflows with encryption, audit trails, and access controls. A Business Associate Agreement (BAA) is available for healthcare organizations.

Compliance & Audit Trail

Every signature on SignThem is legally binding, cryptographically verifiable, and backed by a complete audit trail. Compliant with ESIGN Act, UETA, and eIDAS.

Legal & Regulatory Compliance

ESIGN Act (USA)

Electronic Signatures in Global and National Commerce Act. Federal law that gives electronic signatures the same legal weight as handwritten signatures.

UETA (USA)

Uniform Electronic Transactions Act. Adopted by 49 states. Ensures electronic records and signatures are not denied legal effect.

eIDAS (EU)

Electronic Identification, Authentication and Trust Services regulation. SignThem supports Simple Electronic Signatures (SES) and Advanced Electronic Signatures (AdES) under eIDAS.

HIPAA Compatible

SignThem's audit trail, access controls, and encryption support HIPAA-compliant document workflows when combined with a BAA.

256-bit AES Encryption

All documents are encrypted at rest with AES-256. Data in transit is protected with TLS 1.3.

PKI Digital Signatures

Every signed document includes a PAdES-compliant digital signature using X.509 certificates for long-term validation.

Complete Audit Trail

Every envelope generates an immutable audit trail. Here is what gets recorded:

Envelope created - timestamp, creator IP, user agent

Document uploaded - file hash (SHA-256), page count, file size

Recipient added - name, email, signing order

Envelope sent - timestamp, email delivery status

Envelope viewed - timestamp, recipient IP, user agent, geolocation

Signature applied - timestamp, signer IP, field coordinates, signature image hash

Envelope completed - timestamp, final document hash

Signed PDF downloaded - timestamp, requester identity

Audit trail data is stored separately from documents and retained for the lifetime of your account. Export available in JSON format via API.

Security Infrastructure

Document Integrity

SHA-256 hash computed on upload. Any modification after signing is cryptographically detectable.

Tamper-Proof Audit Trail

Every action is logged with timestamp, IP address, and user agent. Audit events are immutable.

Access Controls

Signing links are single-use tokens with configurable expiration. Optional access codes for additional verification.

Two-Factor Authentication

2FA available for account access. Protects against unauthorized envelope creation.

Data Residency

Documents stored in US data centers. Custom data residency options available for enterprise plans.

API Key Security

Scoped API keys with tenant isolation. Keys can be rotated without downtime.

PKI Digital Signatures

How It Works

Every signed document includes a cryptographic digital signature using the PAdES (PDF Advanced Electronic Signatures) standard. This is in addition to the visual signature stamp.

Document hash computed using SHA-256
Hash signed with X.509 certificate (RSA-2048)
RFC 3161 timestamp from trusted TSA
Signature embedded in PDF per ISO 32000-2

What This Means

Anyone can verify a signed PDF independently - open it in Adobe Acrobat, Foxit, or any PDF reader that supports digital signatures.

If the document is modified after signing, the digital signature becomes invalid. This provides mathematical proof of document integrity.

Documents remain verifiable years from now. The timestamp proves when the signature was applied, even if the signing certificate expires.

Frequently Asked Questions

Are electronic signatures legally binding?

Yes. Under the ESIGN Act (USA) and UETA, electronic signatures are legally equivalent to handwritten signatures for virtually all business documents. In the EU, eIDAS provides the same legal framework.

What documents cannot be signed electronically?

Most business documents can be e-signed. Exceptions vary by jurisdiction but typically include wills, certain family law documents, court orders, and UCC filings. Consult legal counsel for your specific use case.

How long is the audit trail retained?

Audit trail data is retained for the lifetime of your account. After account deletion, data is retained for 30 additional days before permanent removal. Enterprise plans offer extended retention.

Can I export audit trail data?

Yes. Audit events are available via the API in JSON format. Each envelope has a dedicated audit endpoint that returns the complete event history.

Is SignThem suitable for regulated industries?

SignThem's encryption, audit trails, and access controls support compliance requirements for healthcare (HIPAA), financial services, and legal. Contact us for a BAA or custom compliance review.

Secure, Compliant eSignatures

Start signing documents with a complete audit trail and legal compliance built in.

Get Started Security Details