How Inkseal supports the requirements commonly associated with the US ESIGN Act, UETA and eIDAS (at the simple electronic signature level) — and, just as importantly, what it does not do. Every claim below maps to code you can read in the MIT-licensed source.
What kind of signature Inkseal produces
Inkseal produces simple electronic signatures (SES): a drawn or typed signature embedded into the PDF, backed by a tamper-evident audit trail. It does not produce Advanced or Qualified Electronic Signatures (eIDAS AES/QES) — there are no certificate-based digital signatures and no Qualified Trust Service Provider. There is no Knowledge-Based Authentication (KBA) or government-ID verification: signer identity rests on control of the unique signing link, typically delivered to the signer's email. Inkseal holds no SOC 2, ISO 27001 or GDPR certification and claims none.
Under ESIGN/UETA, simple electronic signatures are broadly enforceable for everyday agreements (NDAs, leases, contracts, internal approvals). Legal sufficiency always depends on your jurisdiction and document type — some documents (wills, certain notarized or court filings, some regulated financial or healthcare documents) have special requirements. Consult a lawyer before relying on any e-signature tool for regulated documents.
How Inkseal maps to the core requirements
1. Intent to sign
Each signer performs explicit, deliberate actions — opening their unique link, drawing or typing a signature into each field, clicking a final complete action — and every one is recorded as a distinct audit event. A signer can also formally decline, recorded with their stated reason.
2. Consent to do business electronically
Before completing, every signer must check an explicit "I agree to sign electronically" box. The server refuses completion without it, and the consent is recorded as its own timestamped audit event with the signer's email, IP address and browser user agent.
3. Association of signature with the record
Signatures are flattened into the PDF itself at the exact placed coordinates, producing a single final file. The audit trail is cryptographically rooted in the document: the hash chain's genesis value is the SHA-256 of the original uploaded PDF, and the completion event records the SHA-256 of the final signed PDF.
4. Tamper-evident audit trail
Every event — created, sent, viewed, consented, each field signed, signer completed, envelope completed, declined, voided — records the UTC timestamp, actor and signer email, IP address and user agent, and is chained with sha256(prev_hash + event). Any modification breaks the chain from that point forward; a one-click Verify recomputes the whole chain and reports exactly where it breaks.
5. Certificate of Completion
Every final PDF has an appended certificate page listing the envelope ID, original document SHA-256, completion time, every signer with their email / consent time / signing time, and the full audit trail with chain hashes.
6. Record retention and copies
The final PDF and complete audit trail are retained in your own database and data directory — you self-host, so retention isn't subject to a vendor subscription lapsing. With SMTP configured, every signer with an email address automatically receives a copy of the completed document.
Honest limitations
- Identity assurance is link-based. Whoever controls the signing link (and typically the email inbox it was sent to) can sign. No 2FA, KBA or ID verification.
- Tamper-evident, not tamper-proof. A database administrator could rewrite the whole chain from genesis; the hash chain proves internal consistency. Archive the completed PDF (which embeds the certificate) somewhere the DB admin can't reach for stronger guarantees.
- No qualified timestamps. Event times come from your server's clock.
- Not QES. If a counterparty or regulation requires eIDAS Advanced or Qualified signatures, Inkseal is not sufficient.
When in doubt about whether a simple electronic signature is legally sufficient for your document and jurisdiction, ask a lawyer.
Try Inkseal — first document free
Run one envelope end to end free, then $59 once for unlimited documents forever. MIT source on GitHub.