Tamper-evident signature audit log
Every signature collected through TailoredQuote comes with a full audit trail — browser, device, IP, timezone, e-consent, plus a chronological event timeline. The certificate PDF is SHA-256 hashed for tamper evidence. DocuSign-grade record-keeping built into a tradesperson's quote tool.
Why audit data matters
Most trade quote acceptance is a one-line text or a verbal "yeah go ahead". If the customer disputes what they agreed to, you have nothing. Even a typed signature on a PDF can be questioned — was it actually them, when did they sign, where were they.
The TailoredQuote audit log captures enough metadata around every signature to make disputes one-sided. The customer drew a signature on their phone, at this IP address, at this exact server timestamp, having ticked an e-consent checkbox they explicitly read. The certificate PDF is hashed so any subsequent tampering would be detectable.
What gets captured (Tier A — frontend)
When the customer lands on the acceptance page, the page captures (silently) and POSTs to the server alongside the signature:
- Browser — Chrome, Safari, Firefox, Edge (with version)
- Device type — desktop, mobile, tablet
- Operating system — iOS, Android, macOS, Windows
- Screen size — viewport dimensions
- Language — browser locale (en-GB, en-US, etc.)
- Timezone — IANA name (Europe/London) plus minutes offset from UTC
- User agent string — the full UA
- Signature method — drawn (default), typed, or uploaded
- Legal text version — the version of the e-consent disclosure they accepted (e.g. v1.0)
- E-consent timestamp — client-recorded ISO timestamp at submit
What the server records (Tier B)
The server adds the following at submission time, independent of the browser:
- IP address — captured from x-forwarded-for headers, server-recorded so the customer can't fake it
- Server UTC timestamp — the authoritative timestamp, not set by the customer's device
- Sender IP — your IP when you originally sent the link, recorded at send time
- Sender timestamp — when the link was issued
The event timeline (Tier C)
Every signature has a chronological event log. Each event is an append-only row — never modified, never deleted. Events captured:
- sent — you issued the signature link (server-side, by send-for-signature)
- email_opened — Resend pixel beacon fired (when wired up; future)
- link_clicked — customer landed on the acceptance page
- quote_viewed — customer scrolled through the quote
- signature_started — first stroke on the signature pad
- accepted — they tapped the accept button
- cert_generated — Acceptance Certificate PDF was generated server-side
- cert_emailed — both parties received the certificate email
The Acceptance Certificate PDF
All of the above (Tier A + B + C) is rendered into a multi-page PDF that becomes the legal record. The cert is structured as:
- Header (your brand) + legal framing
- Quote details — supplier, reference, scope, total, created date
- Acceptance record — signer name/email, accepted at, IP
- Embedded signature image
- Audit metadata — every field above
- Sender — your business, IP, sent-at
- Event timeline — chronological signature_events table
- Electronic record & signature disclosure — the full body of the legal text the signer accepted
- Footer + page numbers
SHA-256 tamper evidence
At generation time, the cert PDF is hashed with SHA-256. The hash is stored alongside the file path on the signed_agreements table. The hash is NOT printed on the cert itself (chicken-and-egg — hashing bytes that would contain the hash).
To verify a cert later: re-hash the PDF and compare to the stored hash. If they match, the PDF is unmodified. If not, somebody has edited it. Simple, robust, audit-ready.
Certificate template versioning
The cert layout is versioned. The current template is v2. When we change the layout or content materially, we bump the version. Every cert stamps the template version it was generated under, so you can re-validate against the right template even years later.
Hard rules
- Append-only event log — events are never updated or deleted. The timeline is immutable.
- ON DELETE RESTRICT on signed agreements — you can't accidentally cascade-delete a signed agreement by deleting the parent quote. Belt-and-braces.
- No retroactive edits — once a quote is signed, the live row becomes read-only. Edits are blocked.
- 6-year retention — UK Limitation Act 1980 requires 6-year minimum retention for simple contracts. Signed agreements are not auto-deleted.
Pricing
Audit log + signature certificate is included on every TailoredQuote plan. 14-day free trial.
Frequently asked questions
Browser, device, OS, IP, screen, language, timezone, signature method, e-consent, legal text version, plus a chronological event timeline.
"View timeline" link on every signed agreement, plus the cert PDF itself contains the full audit data.
Yes. SHA-256 hash stored at generation. Re-hash to verify; mismatch means the PDF was modified.
Each cert stamps its template version. Old certs keep their original version forever, so you always know which template they were generated under.
Related
Last reviewed: April 2026
Start free — no card needed
14-day free trial. No card needed. Cancel any time.
Start Free Trial Or try the free demo