Evidence collection
Propper Sign captures comprehensive evidence for every signing transaction. This evidence is designed to provide legally defensible proof that satisfies the ESIGN Act, UETA, and eIDAS requirements. Evidence is collected automatically — no configuration is required.
Data collected
Identity and authentication
| Data | Description |
|---|---|
| Participant name | Full name as entered when the agreement was configured or when the signer authenticates |
| Participant email | Email address used to receive the signing invitation |
| Role | Signer, approver, or receives a copy |
| Authentication method | Email verification or access code |
| Verification result | Pass or fail, with attempt count |
Access and device
| Data | Description |
|---|---|
| IP address | Captured per action (send, view, sign, complete) |
| Timestamp | UTC with timezone offset for every recorded event |
| Geolocation | City and region derived from IP address (not precise GPS) |
| Browser and OS | User agent string parsed to identify browser, operating system, and version |
IP addresses provide digital location proof that is critical evidence in disputes. They serve as the electronic equivalent of witnessing a physical signature in person.
Document interaction
| Data | Description |
|---|---|
| View timestamps | When each document was first opened by each recipient |
| Tag values | Text entered, checkbox selections, and dropdown choices |
| Signature creation method | Drawn, typed, or uploaded signature image |
| Session duration | Time spent in the signing session |
Cryptographic hashes
SHA-256 hashes prove that documents have not been altered since signing:
- Per-document hash — one hash per document in the agreement
- Combined package hash — a single hash covering the entire agreement package
- Field value hashes — hashes of tag values as entered
Collection timeline
Evidence is captured automatically at each stage of the agreement lifecycle:
- Sent — Sender identity, IP address, and timestamp recorded
- Delivered — Email delivery confirmation logged
- Viewed — Access timestamp, IP address, and device information captured
- Authenticated — Authentication method and verification result recorded
- Signed — Per-signature timestamp, IP address, and tag values captured
- Completed — Final timestamp and package hash recorded
Storage and security
| Property | Details |
|---|---|
| Immutability | Evidence records cannot be modified after creation |
| Encryption in transit | All data is encrypted during transmission |
| Encryption at rest | Stored data is encrypted at rest |
| Redundancy | Multi-region backups |
The retention period for evidence records is determined by your organization's policy. Propper Sign stores evidence for as long as your organization requires. Consult your organization's legal or compliance team for the appropriate retention period for your document types.
Viewing evidence
Navigate to Sign > Agreements > select an agreement > Audit tab, then click on any individual event to view its full evidence details.
Screenshot: Evidence details panel showing action type, participant, timestamp, IP address, and authentication method
Each event detail view shows:
- Action type and description
- Participant name and email
- Timestamp (UTC with timezone offset)
- IP address
- Authentication method and result (for signing events)
Legal standards met
ESIGN Act (United States)
| Requirement | How Propper Sign satisfies it |
|---|---|
| Intent to sign | Explicit sign action with confirmation screen |
| Consent to electronic records | Electronic signature disclosure captured with timestamp |
| Signature-record association | Signature timestamp and document hash tied together |
| Record retention | Evidence stored per organizational policy |
UETA (United States)
| Requirement | How Propper Sign satisfies it |
|---|---|
| Electronic signature attribution | IP address, timestamp, and authentication method link signature to signer |
| Record integrity | SHA-256 document hashes detect any alteration |
| Accessible format retention | Audit trail and certificate available for download at any time |
eIDAS (European Union)
| Requirement | How Propper Sign satisfies it |
|---|---|
| Uniquely linked to signatory | Authentication method ties signature to the verified recipient |
| Capable of identifying the signatory | Name, email, and authentication records included |
| Under sole signatory control | Access controls and authentication enforce exclusivity |
| Detectable tampering | Hash-chained audit trail and document hashes detect any modification |
Privacy and data handling
Data not collected
Propper Sign does not collect:
- Sensitive personal data (race, religion, or health information)
- Financial details (unless present in the signed document content itself)
- Precise GPS coordinates (geolocation is limited to city and region)
Access controls
- Evidence is visible only to participants in the agreement and authorized organization members
- Access to audit records is itself logged
- Retention periods are configurable per organization
GDPR rights
Participants whose data is captured in the audit trail may:
- Request a copy of their evidence
- Request deletion after the applicable retention period has elapsed
- Object to processing
- Export their data in a machine-readable format
When personal data is removed at a participant's request, anonymized audit records (without personally identifying information) may be retained to preserve the integrity of the audit chain.
Related topics
- Audit Trail — View the full event history for an agreement
- Completion Certificate — Download a PDF certificate of the evidence
- Legal Compliance — Regulatory standards and legal framework
- Authentication — Available verification methods for signers