Compliance & Legal Validity
DocsAutomator's e-signature solution is designed to meet international standards for electronic signatures, ensuring your documents are legally binding across jurisdictions.
Overview
ESIGN Act
United States
Compliant
UETA
United States
Compliant
eIDAS (SES)
European Union
Compliant
GDPR
European Union
Compliant
United States
ESIGN Act
The Electronic Signatures in Global and National Commerce Act (ESIGN) is a federal law that grants electronic signatures the same legal status as handwritten signatures in the United States.
Key Requirements
Parties must demonstrate intent to sign
Consent to conduct business electronically
Association of the signature with the record
Record retention and reproducibility
How DocsAutomator Complies
Intent to Sign: Signers receive a unique, secure link via email and must actively click to access and complete their signature fields
Electronic Consent: By accessing the signing portal and completing fields, signers demonstrate consent to electronic transactions
Signature Association: Each signature is embedded directly into the PDF document with a complete audit trail linking the signer to the record
Record Retention: All signed documents and comprehensive audit logs are securely stored and available for download at any time
UETA
The Uniform Electronic Transactions Act (UETA) provides consistent rules for electronic transactions at the state level, adopted by 49 U.S. states.
Key Requirements
Electronic records must be attributable to a person
Records must be capable of retention
Parties must be able to obtain copies
How DocsAutomator Complies
Attribution: Every signature is linked to the signer via email address, IP address, browser information, and timestamp
Retention: Signed documents are stored securely in cloud storage with no automatic deletion
Accessibility: Signers and document owners receive the completed PDF via email and can access it through the dashboard
European Union
eIDAS (Simple Electronic Signatures)
The eIDAS regulation (Electronic Identification, Authentication and Trust Services) establishes a legal framework for electronic signatures across all EU member states. DocsAutomator provides Simple Electronic Signatures (SES), which are legally valid for most business documents.
Signature Levels Under eIDAS
Simple (SES)
Electronic data attached to other data, used to sign
Supported
Advanced (AES)
Uniquely linked to signatory with cryptographic security
Not supported
Qualified (QES)
Created by a qualified device with a qualified certificate
Not supported
How DocsAutomator Complies with SES
Electronic Form: Signatures are captured digitally and embedded into the PDF document
Signatory Link: Each signer accesses their unique signing session via a secure, time-limited token
Timestamp: All actions are recorded with server timestamps in the audit trail
Data Integrity: Original document hash (SHA-256) is stored to detect any tampering
GDPR
The General Data Protection Regulation (GDPR) governs the collection, processing, and storage of personal data for EU residents.
Key Requirements
Lawful basis for processing personal data
Data minimization principles
Right to access and deletion
Secure data storage and transfer
How DocsAutomator Complies
Lawful Basis: Personal data is processed based on contractual necessity (completing the signature request)
Data Minimization: We only collect information essential for the signing process: email, name, signature, and audit data
Data Subject Rights: Document owners can delete signing sessions and associated data upon request
Security: All data is encrypted in transit (TLS) and at rest via our cloud infrastructure
No Third-Party Sharing: Signer data is not sold or shared with third parties for marketing purposes
Security Measures
Beyond regulatory compliance, DocsAutomator implements robust security measures to protect your documents and data.
Audit Trail
Every e-signature session maintains a comprehensive, tamper-evident audit trail that records:
Session creation and document generation
Email invitation delivery timestamps
When each signer accessed the signing link
IP address and browser information for each action
Individual field completion timestamps
Session completion and PDF finalization
Document Integrity
SHA-256 Hashing: A cryptographic hash of the original document is generated and stored, allowing verification that the source document was not modified
Certificate of Completion: Every signed document includes an automatically generated certificate page showing all signers, their signatures, and completion timestamps
Access Control
Secure Tokens: Each signer receives a unique 256-bit cryptographically random access token
Time-Limited Access: Signing links expire after a configurable period (default: 30 days)
Rate Limiting: Protection against brute force attacks on signing endpoints
Infrastructure Security
Encryption in Transit: All communications secured via TLS/HTTPS
Cloud Storage: Documents stored on Google Cloud infrastructure with enterprise-grade security
Database Security: MongoDB Atlas with encryption at rest and network isolation
Certificate of Completion
Every document signed through DocsAutomator automatically includes a Certificate of Completion page that serves as evidence of the signing process. This certificate contains:
Document title and completion timestamp
List of all signers with their names and email addresses
Visual reproduction of each signature
Unique session identifier for audit reference
Frequently Asked Questions
Last updated