An audit trail is the difference between a signature you can prove and one you cannot. It is the backbone of legal admissibility for electronic documents -- and one of the main reasons eSignatures are often more reliable than paper.
An audit trail is a chronological, tamper-proof record of every action taken on a document. From the moment you create an envelope to the final signed PDF, every event is logged with precise timestamps, IP addresses, and contextual data.
Think of it as a security camera for your documents. You cannot go back and change what happened -- the record is permanent. This is what gives electronic signatures their legal weight, and in many cases makes them more provable than traditional wet signatures.
With a paper signature, you can prove the document was signed. With an electronic audit trail, you can prove who signed it, when they signed it, where they were, what device they used, and that the document has not been modified since. This level of evidence is simply not available with paper.
PDF uploaded, fields placed, recipients added
Creator email, timestamp, document hash (SHA-256)
Signing invitation dispatched to recipient
Recipient email, delivery method (email/SMS), timestamp
Signing email confirmed delivered to inbox
Delivery confirmation from SendGrid, timestamp
Recipient opened the signing link
IP address, user agent, geolocation, timestamp
Recipient filled in required fields
Field names and values, timestamp
Recipient applied their electronic signature
Signature image hash, IP address, geolocation, timestamp
Recipient completed all required actions
IP address, geolocation, browser, device, timestamp
All recipients have signed
Final document hash, completion timestamp
Every event is recorded with a UTC timestamp accurate to the millisecond. This proves the exact sequence of events and when each action occurred. Timestamps are generated server-side and cannot be manipulated by the signer.
The signer's IP address is captured at each event. SignAndGo resolves this to a geographic location (city, state, country). This provides evidence that the signature came from a specific location -- useful for fraud detection and disputes.
The user agent string identifies the signer's browser, operating system, and device type. This adds another layer of identification and can help establish that the signer used their own device.
A SHA-256 hash of the document is recorded at creation and after signing. If even a single byte changes, the hash changes. This provides mathematical proof that the document has not been tampered with since signing.
Audit trails are the foundation of legal admissibility for electronic signatures.
The Evidence Act 1995 (Cth) and state equivalents provide for the admissibility of electronic records. Key requirements:
When the validity of an electronic signature is challenged, courts consider:
Every completed envelope in SignAndGo includes a downloadable audit certificate -- a standalone PDF that documents the complete signing process.
Open the completed envelope from your dashboard.
Click the "Audit Trail" or "Download" button.
Select "Audit Certificate" to download the PDF.
Store the certificate with the signed document for your records.
An audit trail is a chronological record of every action taken on a document throughout its lifecycle. It includes who created the document, when it was sent, when each recipient opened and signed it, their IP addresses, and geolocation data. This record is tamper-proof and provides legal evidence of the signing process.
Yes. Under the Evidence Act 1995 (Cth) and equivalent state legislation, electronic records are admissible as evidence. The audit trail provides the authentication and reliability evidence needed to prove the document was signed by the named party.
Yes. SignAndGo provides a downloadable audit certificate for every completed envelope. This PDF document contains the complete chronological record of all events, IP addresses, timestamps, and geolocation data associated with the document.
SignAndGo retains audit trail data for the lifetime of your account and for a minimum of 7 years after account closure, in line with Australian record-keeping requirements. You can also download audit certificates at any time for your own records.