Audit trail + public verification
How the hash chain works, what the Certificate of Completion contains, how to verify a signed copy.
The hash chain
Every action on an envelope writes a row to the event log. Each row's SHA-256 hash includes the previousevent's hash, the sequence number, the event type, the timestamp, and a canonical JSON of the payload. Altering any earlier event breaks the chain — visible on the public verify page and detectable by anyone.
Certificate of Completion
When the last recipient signs, we stamp signatures onto the PDF, append a Certificate of Completion page (or pages, for long event logs), re-hash the result, and store it. The certificate lists the envelope ID, both SHA-256 hashes, every recipient with timestamps and method (typed/drawn/uploaded), the full event log, and a link to the verify page.
Verifying a signed copy
Anyone with the envelope ID can visit /verify and paste it in. The page shows the original + signed SHA-256, the audit chain head hash, signer list, and event log. If the chain is intact you get a green banner; if it's been tampered with, a red banner names the broken event.
Still stuck?
Reach out and we'll help within two business days.