Audit Trails

An audit trail is a comprehensive, tamper-evident log of every action taken on a document. It’s what transforms a simple electronic signature into a legally defensible record that can stand up in court.

What is an Audit Trail?

An audit trail is a chronological record that captures:

Who - The identity of each person involved
What - Every action taken on the document
When - Exact timestamps of each action
Where - IP addresses and geographic information
How - Device and browser information

This creates an unbroken chain of evidence from document creation to completion.

Why Audit Trails Are Essential

Legal Foundation

Audit trails provide the legal foundation for electronic signatures under major regulations:

Regulation	Audit Trail Requirement
ESIGN Act	Record of transaction
UETA	Attribution and intent
eIDAS	Identification and authentication
HIPAA	Access logs for PHI
SOX	Financial record integrity

Court Admissibility

In legal proceedings, audit trails provide:

Evidence Type	What It Proves
Identity	Who signed (email, IP, device)
Intent	Deliberate actions were taken
Timing	When each action occurred
Integrity	Document wasn’t altered
Delivery	Notification was sent

Non-Repudiation

Non-repudiation means signers cannot deny they signed. Audit trails establish this through:

Unique signing link - Sent only to signer’s email
Access logging - When link was accessed
Device fingerprint - Browser and device info
IP geolocation - Physical location approximation
Action sequence - Deliberate steps to complete signing

What WPsigner Captures

Document Events

Event	Captured Data
Created	Creator user ID, timestamp, document hash
Sent	Send time, recipient emails
Viewed	View time, viewer identity, IP address
Downloaded	Download time, downloader, IP
Voided	Void time, reason, user who voided
Expired	Expiration timestamp

Signer Events

Event	Captured Data
Email Delivered	Delivery timestamp, email service response
Link Accessed	Access time, IP address, user agent
Document Viewed	View duration, pages viewed
Fields Completed	Each field with timestamp
Signature Drawn	Stroke data, completion time
Submitted	Final submission timestamp
Declined	Decline reason, timestamp

Technical Metadata

Data Point	Description	Purpose
IP Address	IPv4/IPv6 address	Geographic attribution
User Agent	Browser and OS	Device identification
Geolocation	Approximate location	Location verification
Session ID	Unique session identifier	Action correlation
Timezone	Signer’s timezone	Time context

Certificate of Completion

What Is It?

The Certificate of Completion is a human-readable summary of the audit trail, automatically appended to the final signed PDF.

Why It’s Important

Self-contained - All evidence in one document
Readable - Non-technical parties can understand
Comprehensive - Full history at a glance
Portable - Travels with the document forever

Certificate Contents

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
         CERTIFICATE OF COMPLETION
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Document: Service Agreement 2026
Document ID: 7f8c9d2e-1234-5678-abcd-ef1234567890
Status: COMPLETED

DOCUMENT HASH (SHA-256):
a1b2c3d4e5f6789...

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
                  SIGNERS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Signer 1: John Smith (john@company.com)
• Role: Buyer
• Viewed: Jan 15, 2026 10:32:15 AM UTC
• Signed: Jan 15, 2026 10:35:42 AM UTC
• IP Address: 192.168.1.100
• Device: Chrome 120 on Windows 11

Signer 2: Jane Doe (jane@vendor.com)
• Role: Seller
• Viewed: Jan 15, 2026 2:15:22 PM UTC
• Signed: Jan 15, 2026 2:18:03 PM UTC
• IP Address: 10.0.0.50
• Device: Safari 17 on macOS Sonoma

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
                  TIMELINE
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Jan 14, 2026 3:00:00 PM - Document created
Jan 14, 2026 3:05:12 PM - Sent for signing
Jan 15, 2026 10:32:15 AM - Viewed by John Smith
Jan 15, 2026 10:35:42 AM - Signed by John Smith
Jan 15, 2026 2:15:22 PM - Viewed by Jane Doe
Jan 15, 2026 2:18:03 PM - Signed by Jane Doe
Jan 15, 2026 2:18:03 PM - Document completed

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Powered by WPsigner | Verify at: wpsigner.com/verify

QR Code Verification

Each certificate includes a QR code that links to an online verification page, allowing anyone to:

Confirm document authenticity
View the complete audit trail
Verify timestamp validity
Download the original signed PDF

Viewing Audit Trails

In WordPress Admin

Go to WPsigner → Documents
Click on any document
Click the Audit Trail tab
View complete history with all events

In the Downloaded PDF

Open the signed PDF
Scroll to the last page(s)
View the Certificate of Completion
Scan QR code for online verification

Via REST API

GET /wp-json/wpsigner/v1/documents/{id}/audit

Returns JSON with complete audit history:

{
  "document_id": 123,
  "events": [
    {
      "type": "created",
      "timestamp": "2026-01-14T15:00:00Z",
      "user_id": 1,
      "ip_address": "192.168.1.1"
    },
    {
      "type": "viewed",
      "timestamp": "2026-01-15T10:32:15Z",
      "signer_id": 1,
      "ip_address": "192.168.1.100",
      "user_agent": "Mozilla/5.0..."
    }
  ]
}

Legal Best Practices

Document Retention

Industry	Retention Period	Regulation
General business	7 years	General practice
Healthcare	6-10 years	HIPAA
Financial	7 years	SOX
Employment	Duration + 7 years	Various
Government	Varies	Specific regulations

Backup Strategy

Protect your audit trails:

Regular backups - Daily database backups
Off-site storage - Store copies externally
Encryption - Encrypt backup files
Testing - Verify restore capability
Retention policy - Define how long to keep

Access Control

Limit who can view audit trails:

Role	Access Level
Admin	Full access to all audits
Manager	All documents in organization
Sender	Own documents only
Viewer	None (unless explicitly granted)

Audit Trail Integrity

How Integrity Is Ensured

WPsigner protects audit trail integrity through:

Protection	Method
Immutability	Events are append-only, never modified
Timestamps	Server-based, not client-provided
Hashing	SHA-256 hash of event chain
Database	Structured storage with constraints
Signing	Digital signature on completion

Tamper Detection

If someone attempts to modify an audit trail:

Hash chain breaks
Digital signature becomes invalid
Adobe Reader shows “Document has been modified”
Certificate of Completion doesn’t match data

Compliance & Regulations

ESIGN Act Requirements

The ESIGN Act requires:

✅ Record of transaction process
✅ Consent to electronic records
✅ Ability to retain records

WPsigner provides: Complete audit trails fulfill all requirements.

HIPAA Audit Requirements

For healthcare documents:

✅ Access logs (who viewed what, when)
✅ User identification
✅ Automatic logoff (session management)

WPsigner provides: Full access logging with IP and device info.

SOX Compliance

For financial documents:

✅ Document integrity verification
✅ Access controls
✅ Audit trail of all modifications

WPsigner provides: Immutable audit trails with hash verification.

Frequently Asked Questions

How long are audit trails stored?

By default, audit trails are stored indefinitely in your WordPress database. Define a retention policy based on your industry requirements.

Can audit trails be exported?

Yes. Export as:

JSON via REST API
Part of signed PDF (Certificate of Completion)
CSV export from admin panel

What if a signer disputes their signature?

The audit trail provides evidence of:

Email delivery to their address
Link accessed from specific IP
Device information matching their typical device
Specific actions taken (drawing signature, clicking submit)

This evidence typically resolves disputes definitively.

Are IP addresses accurate?

IP addresses are captured accurately, but:

VPNs may mask true location
Corporate networks may show company IP
Mobile networks may show carrier IP

The IP combined with other factors (email, device) establishes identity.

Next Steps

Digital ID - Cryptographic signing
Timestamping (TSA) - Prove when signed
Compliance - Regulatory requirements