Skip to main content

Evidence Collection

Every time someone signs an agreement in Propper Sign, a set of evidence is collected automatically in the background, no setup required. This evidence is what makes the signature legally defensible: it ties the signature to a specific person, at a specific time, on a specific device.

What Propper Captures

For every action taken on an agreement (sending, viewing, signing, completing), Propper records:

  • Who, name and email address of the person taking the action
  • When, exact timestamp with timezone
  • Where, IP address and approximate location (city/region, not precise GPS)
  • How, which identity verification method they used and whether it passed
  • What they did, the values they entered in fields, the type of signature they used, and how long they spent in the signing session

This evidence is captured across every stage: when the agreement is sent, when each recipient opens it, when they authenticate, and when they sign.

Document Integrity

In addition to recording actions, Propper generates a cryptographic fingerprint of the document at the point of completion. This fingerprint is embedded in the completion certificate. If the document is altered after signing, the fingerprint no longer matches, making any tampering immediately detectable.

What Propper Does Not Collect

Propper Sign does not collect sensitive personal data beyond what is needed for the signing record:

  • No financial details (unless present in the document itself)
  • No health information
  • No precise GPS coordinates

Privacy and Access

Evidence records are only visible to participants in the agreement and authorized members of your organization. Access to audit records is itself logged.

Participants whose data appears in the audit trail have rights under applicable privacy laws, including the right to request a copy of their data or request deletion after the required retention period has elapsed. When personal data is removed, anonymized records may be kept to preserve the integrity of the audit chain.

Retention periods are configured by your organization. Consult your legal or compliance team for guidance on how long to keep records for your specific document types.