How the audit trail works, and why it matters
An electronic signature is only as good as the evidence that it happened. Here is exactly what InkRobin records, why the document hash matters, and what the law requires.
Certificate of Completion
InkRobin · audit record
- Document
- Consulting Agreement
- Completed
- 24 Jun 2026, 16:00 UTC
- SHA-256
- A3F9 21B7 4E0C 88D1 …
Signers
What gets recorded per document
Every document generates a Certificate of Completion with these events. The certificate is attached as an exhibit to the final signed PDF.
- 01
Document created
Timestamp (UTC), sender name and email, document name, SHA-256 hash of the original file.
- 02
Invitation sent
Timestamp, recipient email address, unique signing token (single-use).
- 03
Document viewed
Timestamp, recipient IP address, city and country (from IP), browser user-agent.
- 04
Signature applied
Timestamp, signer name and email, IP address, signing method (typed / drawn / uploaded), field position on document.
- 05
Document completed
Timestamp when all required signatures are collected. SHA-256 hash of the final signed PDF. This hash is what proves the document has not changed since signing.
The document hash: proof nothing changed
Before any signature is applied, InkRobin computes a SHA-256 hash of your document: a 64-character fingerprint unique to the exact bytes of the file. This hash is recorded in the audit trail. The hash of the final signed PDF is also recorded.
If anyone modifies even a single character of the document after signing (adding a clause, changing a number, altering a date), the hash changes. In any dispute, comparing the document hash against the value in the audit trail proves whether the document is identical to what was actually signed.
The law behind electronic signatures
US: ESIGN Act + UETA
The Electronic Signatures in Global and National Commerce Act (ESIGN, 2000) and the Uniform Electronic Transactions Act (UETA, adopted by 49 states + DC) establish that electronic signatures are legally equivalent to handwritten signatures for most transactions. New York uses ESRA instead of UETA, with the same practical effect.
EU: eIDAS Regulation 910/2014
InkRobin produces a Simple Electronic Signature (SES), the baseline tier under eIDAS. SES is admissible as evidence and legally valid for most commercial contracts across all EU member states. Qualified Electronic Signature (QES) under Article 25(2) auto-equals a handwritten signature; InkRobin does not produce QES.
UK: Electronic Communications Act 2000
The UK retains eIDAS-equivalent tiers post-Brexit. InkRobin's SES is valid for standard commercial contracts, employment agreements, NDAs, and service agreements. The UK Law Commission confirmed in 2019 that electronic signatures satisfy legal execution requirements.
What InkRobin is not
InkRobin is not a notary. It does not produce Qualified Electronic Signatures. It cannot be used for wills, certain family-law instruments, or documents that require a Certification Authority-issued digital certificate. For regulated transactions, consult a lawyer.
For jurisdiction-specific detail, see our e-signature legality guide.
Your documents stay yours
Documents are stored encrypted at rest. Signing links use single-use tokens. Each link is unique to one recipient and expires once used or when the document is cancelled.
InkRobin does not read, index, or analyse the content of your documents for any purpose other than rendering them for signing. We do not sell data to third parties.
You can delete a document from your account at any time. Deletion removes the stored file and all associated signing data. The audit trail cannot be recovered after deletion, so download the signed PDF and Certificate of Completion before deleting if you need a permanent record.
Send your first document in three minutes.
No credit card. Five free documents every month, forever. Your signers will thank you.