The audit trail is the real product
The drawn signature is theater. The thing that wins disputes is the audit trail — the immutable record of who did what, when, and from where. When an agreement is challenged, the audit trail is the evidence that establishes attribution and integrity.
What a defensible trail captures
- Identity signals. Email verification, access codes, and where used, identity-document or knowledge-based checks.
- Timestamps. Server-side, UTC, on every event — sent, viewed, signed, completed.
- IP address and device. Captured at each signing event, not just at completion.
- Document fingerprint. A cryptographic hash of the exact bytes the signer saw and agreed to.
- Event sequence. The full ordered history, including reminders, delegations, and declines.
Why hash chaining matters
A single hash proves a document hasn't changed. A hash chain proves the sequence of events hasn't been altered. Each event record includes the hash of the previous event, so changing any entry breaks every link that follows it. This is the difference between "we logged some events" and "we can prove the log is intact."
If an audit trail can be edited after the fact without leaving a trace, it isn't evidence — it's a guess with a timestamp.
Tamper-evidence vs. tamper-proof
No system is truly tamper-proof. The realistic and defensible standard is tamper-evident: any modification is detectable. A verifiable hash chain lets a third party independently confirm that the record is intact, without trusting the vendor's word for it.
The test to apply
Ask one question of any signing platform: Could I hand the audit trail to opposing counsel's expert and have them independently verify it? If the answer is no, the trail is a liability, not an asset.