An audit trail records everything that happens to a signed document — who signed, when, from where, and what they agreed to. Learn how tamper-evidence works and why it's essential for legal compliance.
When you sign a paper contract, the physical document is your evidence. When you sign electronically, the audit trail is your evidence — and it's more detailed, more reliable, and harder to challenge than any piece of paper.
This guide explains what an audit trail records, what "tamper-evident" means technically, and why the audit trail matters for legal disputes, regulatory compliance, and general peace of mind.
What an audit trail records
A complete e-signature audit trail captures every meaningful event in a document's lifecycle:
Before signing
- Document created (timestamp, creator name and IP)
- Document uploaded or generated
- Signer invited (timestamp, signer email address)
During signing
- Document link opened (timestamp, signer's IP address, browser, operating system, and device type)
- Each page viewed
- Each field completed
- Signature applied (timestamp, signer name, and the cryptographic data linking the signature to the document)
After signing
- Document finalised and locked
- Completion notification sent
- Signed PDF downloaded
Every event in this log is timestamped to the second in UTC. The result is an unambiguous timeline of exactly what happened, in what order, and from where.
What "tamper-evident" means
A document is tamper-evident if any modification to it after signing can be detected. Signvoy implements this using a cryptographic hash.
Here's how it works:
-
When a document is finalised, Signvoy runs a cryptographic hash function (SHA-256) over the PDF content and the audit log. This produces a fixed-length "fingerprint" of the document — a unique string of characters.
-
This hash is recorded in the audit certificate and is also embedded into the signed PDF's metadata.
-
If anyone subsequently modifies the PDF — adds text, changes a signature date, alters a number — the hash of the modified file won't match the original hash stored in the certificate.
-
Anyone can verify the document by running the same hash function on the PDF they received and comparing it to the hash in the certificate. A match proves the file is unchanged. A mismatch proves it was altered after signing.
This is the same mechanism used by banks, governments, and software companies to verify file integrity. It doesn't rely on trusting any single party — the math is independently verifiable.
What's included in the Signvoy audit certificate
Every Signvoy signed document ships with a completion certificate appended as the final page of the PDF. It contains:
- Document ID (a unique identifier for this signing envelope)
- Document title and a hash of the original unsigned document
- Each signer's:
- Full name (as entered)
- Email address
- IP address
- User agent (browser and OS)
- Timestamp of each signing event
- Signature image
- The cryptographic hash of the finalised document and audit log
- Signvoy's platform certificate (proving the document was processed by Signvoy)
This certificate is embedded in the PDF so the evidence travels with the document — you don't need to log into Signvoy to access it.
Why it matters for legal disputes
If a signed contract is ever challenged, the audit trail is your primary evidence. Courts and arbitrators look for:
- Proof of delivery — did the signer receive the document? (Signvoy records the email delivery and the link open event)
- Proof of review — did the signer actually look at the document before signing? (Page-view events are recorded)
- Proof of identity — who signed? (Email address, IP address, and device fingerprint)
- Proof of intent — did the signer intend to sign? (The act of completing the signature field, plus the electronic signature consent disclosure)
- Proof of integrity — is this the same document that was signed? (Cryptographic hash)
A Signvoy audit trail provides documented evidence for all five.
Regulatory compliance
Certain industries require a detailed audit trail as a matter of law or regulation:
- ESIGN Act / UETA — both require that electronic records be capable of retention and accurate reproduction
- HIPAA — healthcare organizations must maintain audit logs of who accessed and signed records
- SOC 2 Type II — a common enterprise compliance framework that includes audit trail requirements for access to sensitive data
- eIDAS — Advanced Electronic Signatures (AdES) under eIDAS require the signature to be linked to the signed data so any change is detectable
Signvoy's audit trail is designed to satisfy all of these requirements out of the box.
How long are audit trails retained?
On all Signvoy plans, signed documents and their audit trails are retained for a minimum of 7 years. Business plan customers can configure extended retention to 10+ years for regulatory requirements.
Frequently asked questions
Can I access the audit trail without Signvoy?
Yes. The audit certificate is embedded in the signed PDF itself. You can open it in any PDF reader — the certificate is the last page. The hash verification can be done independently using any SHA-256 hashing tool.
What if Signvoy goes out of business?
Because the audit certificate is embedded in the PDF and the hash is independently verifiable, you don't need Signvoy's servers to prove a document's integrity. The evidence is self-contained.
Is the audit trail admissible in court?
Electronic records produced by reliable systems are generally admissible under US federal and state evidence rules. The Federal Rules of Evidence treat business records kept in the regular course of business (including electronic records) as admissible. The specific admissibility depends on jurisdiction and circumstances — consult your legal counsel if you're preparing for litigation.
Can a signer claim they didn't sign?
It's possible to claim, but difficult to sustain. The audit trail records the email address the link was sent to, the IP address and device used to open it, and the specific time of each signing event. Repudiating a signature requires explaining how the link was accessed and the signature completed without the signer's involvement.
Every Signvoy document includes a full audit trail automatically. Start signing for free — no configuration needed.
Stop chasing signatures
Join thousands of teams using Signvoy to close deals, onboard clients, and sign contracts — faster.
No credit card · Free forever plan · 14-day Pro trial
