GetSignedBeta
Request beta
Security & Compliance

Architecture you can reason about.

Legal defensibility rests on cryptographic proof, not access control promises. Every signed document is independently verifiable.

Hash-chain audit trail

Every event is chained: hash_this = SHA-256(hash_prev + event_payload). Tampering with any row breaks every subsequent hash.

Envelope created
SHA-256 hash captured on PDF ingest
#3a2f
Link opened
IP, user-agent, timestamp recorded
#4b1c
Consent recorded
E-sign consent statement accepted
#5d8e
Signature applied
Field coordinates + signature image stored
#6f3a
Sealed
PKCS#7 digital signature applied; hash_final stored
#7c9b

Technical specification

Document hash algorithm
SHA-256
Digital signature format
PKCS#7 / CMS
Audit log structure
Append-only hash-chain
Signer identity assurance
Email OTP (6-digit, 5-attempt lockout)
Jurisdiction coverage
Canada (PIPEDA + provincial ECA), US (ESIGN / UETA)
Document retention default
7 years (per-tenant configurable)
Purge behaviour
PDF blob deleted; audit tombstone preserved
DB audit grant level
UPDATE/DELETE revoked — append-only enforced at DB

Jurisdiction coverage

GetSigned targets PIPEDA-defensible electronic signatures under Canadian law and US ESIGN/UETA. Qualified/eIDAS signatures are out of scope.

Canada — PIPEDAOntario ECAUS — ESIGNUS — UETA

Have compliance questions for your specific use case?

Talk to us →