Glossary
Platform-wide terms used across Propper Sign, Click, and Locker. Each product also has its own terminology page for product-specific concepts:
A
API Key — A credential that allows external systems, scripts, or integrations to interact with Propper programmatically. API keys are scoped to your organization and authenticate requests to the Propper API. Generated in each product's Settings page. Treat API keys like passwords — never share them or commit them to code repositories.
Audit Log — A tamper-evident record of every significant action taken within your organization across all Propper products. The audit log is immutable — entries cannot be edited or deleted. It is the authoritative record for security reviews, compliance audits, and internal investigations. Accessible at Organization → Audit Logs.
B
Business Plan — The subscription tier that unlocks the full Propper platform, including Locker, advanced Sign features, and AI-powered capabilities. Features not available on lower plans are gated by entitlements that activate when your organization is on the Business plan. See Plans & Pricing for the full comparison.
C
CCPA (California Consumer Privacy Act) — A US state privacy law that gives California residents rights over how their personal data is collected and used. Propper supports CCPA compliance through Data Subject Requests (DSRs) and consent management. Applies to organizations processing data of California residents.
Cryptographic Hash — A unique mathematical fingerprint of a document or record at a fixed point in time. Propper uses SHA-256 hashes throughout Sign, Click, and Locker to detect tampering. If even a single character in a document changes after the hash is generated, the hash no longer matches, making the alteration detectable. See Document Validity & Trust.
D
Data Residency — A setting that controls the physical location where your organization's documents and data are stored. Options are Global (default) and EU (for organizations that must keep data within the European Union for GDPR compliance). Data residency is an org-level setting configured by Propper support — it cannot be changed from the UI. Note: data residency and Data Subject Requests are independent controls.
Data Subject Request (DSR) — A formal request from an individual (the "data subject") exercising their rights under GDPR, CCPA, or similar privacy laws. Common request types are: erasure ("right to be forgotten"), access ("give me all data you hold on me"), and portability ("export my data in a usable format"). Propper processes DSRs at Organization → DSR. Where a legal hold is active on a document, erasure requests are automatically blocked until the hold is resolved.
Digital Certificate — A cryptographic credential issued to Propper that is embedded in finalized documents. The certificate proves the document was processed on the Propper platform and has not been altered since finalization. Visible in the Signatures panel of any standard PDF reader such as Adobe Acrobat. See Document Validity & Trust.
Document Hash — A SHA-256 fingerprint of a document's contents at the moment it was finalized. Included in Sign completion certificates and Click evidence bundles. Can be independently recomputed against the file to verify it is bit-for-bit identical to what Propper processed. See Document Validity & Trust.
E
eIDAS (Electronic Identification, Authentication and Trust Services) — The European Union's legal framework for electronic signatures and digital transactions. eIDAS defines multiple signature levels (Simple, Advanced, Qualified) and is the primary standard for legally binding electronic signatures within the EU. Propper's digital certificates and audit trails are designed to meet eIDAS requirements.
Electronic Signature — A legally binding digital equivalent of a handwritten signature. Under the ESIGN Act, UETA, and eIDAS, an electronic signature has the same legal weight as a pen-and-paper signature provided certain conditions are met (identity verification, consent to sign electronically, and a tamper-evident record). Propper's audit trail and completion certificates are designed to satisfy these conditions.
Entitlement — A plan-level control that unlocks a specific feature or section for your organization. Entitlements are granted by your subscription plan — they are not per-user settings and cannot be configured by your team. Examples: locker.ai.search unlocks AI Search for Locker; locker.ai.chat unlocks AI Chat. If a product section is missing from your navigation, your plan may not include the required entitlement. Contact your account team to check.
ESIGN Act (Electronic Signatures in Global and National Commerce Act) — The primary US federal law that gives electronic signatures the same legal validity as handwritten signatures in commerce. Enacted in 2000. Propper's signing workflows, audit trails, and completion certificates are designed to meet ESIGN requirements.
G
GDPR (General Data Protection Regulation) — The European Union's primary data protection law, governing how organizations collect, store, and process personal data of EU residents. Key rights include erasure, access, and portability. Propper supports GDPR compliance through EU data residency, Data Subject Requests, consent management in Click, and legal hold integration. Applies to any organization handling data of EU residents, regardless of where the organization is based.
L
Legal Hold — A directive that prevents a document from being archived, modified, or deleted, regardless of any retention policy. Used when a document may be needed for litigation, regulatory investigation, or compliance review. Legal holds override all retention rules and remain in effect until explicitly removed by an authorized user. Available in Locker (via Organization → Retention) and referenced in Sign audit records.
M
Member — A user who has been invited to and accepted access to your Propper organization. Members are assigned a role that determines their permissions across all Propper products. Managed at Organization → Members by users with the org_admin role.
O
Organization — The top-level account entity in Propper. All products, documents, agreements, users, billing, and settings live within an organization. Every action in Propper is scoped to an organization — there is no cross-organization access. When you sign up for Propper, you create or join an organization. Referred to internally as "org."
P
Permission — A user-level access control that determines what actions a member can perform within a product. Permissions are bundled into roles and cannot be granted individually. Examples: locker.read (view documents), locker.write (upload documents), sign.send (send agreements). Distinct from entitlements — permissions control what a user can do, entitlements control what features your plan makes available.
Plan — The subscription tier your organization is on. Plans determine which Propper products and features your organization can access. Current tiers are Free, Individual, and Business. Most Locker and AI features require the Business plan. See Plans & Pricing for details.
R
Retention Policy — An automated rule that controls what happens to a document after a defined period of time. A retention policy can be set to archive or permanently delete documents when they reach a certain age. Policies can be scoped to your entire organization, a specific product, a template, or an individual document. Legal holds override retention policies. Configured at Organization → Retention.
Role — A named bundle of permissions assigned to a member. Roles apply across all Propper products — changing a member's role affects their access to Sign, Click, and Locker simultaneously. Available roles:
| Role | Description |
|---|---|
org_admin | Full access to all products and organization management |
legal_author | Creates and manages legal content; read and write access to documents |
compliance_approver | Review-focused; read access to documents and compliance records |
publisher | Focused on Sign and Click workflows; no Locker access |
viewer | Read-only access across products |
support | Time-limited read-only access for Propper support staff; not assignable within your org |
Roles are assigned at Organization → Members by an org_admin.
S
SHA-256 — The cryptographic algorithm Propper uses to generate document hashes and build tamper-evident audit chains. SHA-256 produces a unique 64-character fingerprint for any given input. It is a one-way function — it cannot be reversed — and even a one-character change in the source document produces a completely different hash. Used in Sign completion certificates, Click evidence bundles, and Locker document records.
SSO (Single Sign-On) — An authentication method that lets members sign into Propper using your organization's existing identity provider (such as Microsoft Entra ID, Google Workspace, or a custom SAML provider) instead of a separate Propper password. SSO is configured at the organization level and applies to all products. Configured at Organization → Settings → SSO. See the SSO Setup guides for supported providers.
U
UETA (Uniform Electronic Transactions Act) — A US state law (adopted in most states) that gives electronic signatures and records the same legal standing as handwritten signatures and paper documents in commercial transactions. Works alongside the ESIGN Act. Propper's audit trails and completion certificates are designed to meet UETA requirements.
W
Webhook — An automated HTTP notification that Propper sends to a URL you configure whenever a specific event occurs — for example, when a Sign agreement is completed, a Locker document is uploaded, or a Click session is accepted. Webhooks allow your systems to react to Propper events in real time without polling the API. Configured per product in each product's Settings page. Each request includes a cryptographic signature so you can verify it came from Propper.
WORM Storage (Write Once, Read Many) — A type of storage where data can be written once but never overwritten or deleted before a defined expiry date. Propper stores Click evidence bundles in WORM-compliant storage to guarantee that compliance records cannot be tampered with or removed — even by Propper. This is a key property that makes Click's evidence records suitable for use in legal proceedings.