Back to help center

Audit trail + public verification

How the hash chain works, what the Certificate of Completion contains, how to verify a signed copy.

The hash chain

Every action on an envelope writes a row to the event log. Each row's SHA-256 hash includes the previousevent's hash, the sequence number, the event type, the timestamp, and a canonical JSON of the payload. Altering any earlier event breaks the chain — visible on the public verify page and detectable by anyone.

Certificate of Completion

When the last recipient signs, we stamp signatures onto the PDF, append a Certificate of Completion page (or pages, for long event logs), re-hash the result, and store it. The certificate lists the envelope ID, both SHA-256 hashes, every recipient with timestamps and method (typed/drawn/uploaded), the full event log, and a link to the verify page.

Verifying a signed copy

Anyone with the envelope ID can visit /verify and paste it in. The page shows the original + signed SHA-256, the audit chain head hash, signer list, and event log. If the chain is intact you get a green banner; if it's been tampered with, a red banner names the broken event.

Still stuck?

Reach out and we'll help within two business days.