Why is the certificate split into so many sections?

The cert is the legal record of acceptance. Each section captures a different aspect of the audit trail (who signed, what they signed, when, from where, on what device, with what consent text). Splitting them out makes verification and dispute resolution easier.

What's the certificate_version field?

The cert layout is versioned. Currently v2. When we change the layout materially, we bump the version. Every cert stamps the version it was generated under, so old certs always reflect their original template.

Where's the file hash printed?

It isn't (chicken-and-egg: hashing bytes that contain the hash). The SHA-256 lives in the database alongside the file path. Re-hash the cert PDF later and compare to the stored value to verify it hasn't been tampered with.

Why does the cert reference the Electronic Communications Act 2000?

It's the UK law that confirms electronic signatures shouldn't be denied legal effect just because they're electronic. The cert references it so the legal framing is on the document itself.

How to read the Acceptance Certificate

Every signed quote on TailoredQuote produces a multi-page Acceptance Certificate PDF. Here's what each section means, why it's there, and how to use it if a dispute ever arises.

What the certificate is

The Acceptance Certificate is the legal record of your customer's acceptance. It's generated server-side at the moment they tap "I accept" on the acceptance page, hashed with SHA-256, and emailed to both parties as a PDF attachment alongside the original quote.

It's deliberately structured like a deposition record, not a marketing document — designed for evidentiary use, not for looks.

Section 1 — Header + legal framing

Top of page 1: your brand at the top, "Acceptance Certificate" title underneath, then a paragraph of legal framing referencing the UK Electronic Communications Act 2000 and confirming this is the customer's electronic acceptance of the quote referenced below.

Section 2 — Quote details

Repeats the quote you sent: supplier (your business name), reference, scope, total, date created. This is the "what was accepted" section. Reading the cert without this would leave the question "accepted what?" unanswered.

Section 3 — Acceptance record

The "who accepted" section:

Signer's typed full name
Signer's email address (matched against the original signature request)
Server-recorded UTC timestamp at the moment of acceptance
Signer's IP address (captured server-side)

Section 4 — Embedded signature

The drawn signature, reproduced as an image (max 200x100pt, with a thin grey border box). Below the image: a label confirming this was drawn by the signer on the acceptance page.

Section 5 — Audit metadata

Fine-grained context for the acceptance event:

Acceptance reference (the unique token ID)
Signature method: drawn / typed / uploaded (currently always drawn)
Browser, OS, device type
Screen resolution
Browser language
Timezone (IANA name + UTC offset)
User agent string
Sent-at timestamp (when you originally sent the link)
Generated-at timestamp (when the cert PDF was built)
Certificate template version
"All times UTC" notice

Section 6 — Sender

The "who sent" section. Captures the same kind of data about you (the issuer) as section 3 captures about the signer:

Your business name
Your name and email
Your IP address at send time
Sent-at timestamp

Section 7 — Event timeline

Chronological log of every event on this acceptance:

sent — you issued the link
link_clicked — customer landed on the acceptance page
quote_viewed — customer scrolled through the quote
signature_started — first stroke on the pad
accepted — they tapped accept
cert_generated — this PDF was built
cert_emailed — both parties received the certificate email

Each event has a UTC timestamp. The whole timeline typically spans 2-15 minutes from "sent" to "accepted", depending on how quickly the customer responded.

Section 8 — Electronic Record & Signature Disclosure

The full text of the e-consent disclosure your customer accepted. Includes:

What they're agreeing to receive electronically
Their right to receive a paper copy if they want
Their right to withdraw consent
Hardware and software requirements
The disclosure's version number (currently v1.0)

Below the disclosure body: the signer's e-consent acceptance timestamp, confirming they ticked the consent checkbox.

Section 9 — Footer + page numbers

Every page footer shows the page number, total pages, certificate template version, and your business name. Page numbers are added in a final pass once total page count is known.

Tamper evidence (the hash)

At generation time, the certificate PDF bytes are hashed with SHA-256. The hash is stored on the signed_agreements table alongside the file path. The hash is deliberately NOT printed on the cert (chicken-and-egg).

To verify a cert hasn't been modified later: re-hash the PDF and compare to the stored hash. If they match, the file is unmodified. If not, somebody has edited it.

Frequently asked questions

Why so many sections?

Each captures a distinct aspect of the audit trail. Splits make verification and dispute resolution easier.

What's certificate_version?

Template versioning. Currently v2. Every cert stamps its template version forever.

Where's the file hash?

In the database, not on the cert. Re-hash the cert later to verify.

Why reference the Electronic Communications Act 2000?

It's the UK law confirming e-signatures aren't disqualified just because they're electronic.

Last reviewed: April 2026

Start free — no card needed

14-day free trial. No card needed. Cancel any time.

Start Free Trial Or try the free demo