Most eSignature disputes aren't about the signature itself — they're about proof. Who signed? When? Was it really them? Without a tamper-proof audit trail, you're holding a document that looks valid but crumbles under scrutiny. That's not a theoretical risk. It's the gap that voids contracts.
GoodSign captures the full picture behind every signed document, so if a signature is ever challenged, you have more than good intentions to back it up.
An electronic signature audit trail is a chronological record of every action taken on a document — from the moment it's sent to the second it's completed. "Tamper-proof" means the record is locked and cryptographically tied to the document itself. Any alteration to the document after signing invalidates the audit record, which is precisely the point.
This matters because major eSignature laws — the U.S. ESIGN Act, UETA, and the EU's eIDAS regulation — don't just require a signature. They require evidence of intent, identity, and integrity. A signature without a supporting audit log is legally thin. Courts and compliance auditors expect the full chain of custody.
If you're in legal services, real estate, HR, or any field where contracts carry real stakes, the audit trail is your insurance policy.
Not all audit logs are created equal. Some platforms record only a timestamp and call it done. A meaningful document signing audit log captures every touchpoint in the signing journey. Here's exactly what a compliant audit trail should include — and what GoodSign records automatically.
Signer IP address and device data. Signer IP tracking in eSignature systems ties the signature to a physical location and device. GoodSign captures the signer's IP address and browser fingerprint (browser type, version, operating system) at the moment of signing. This data is critical for proving that a real person, on a real device, took deliberate action.
Email open and access timestamps. Before anyone signs, they have to open the document. GoodSign logs the exact moment the signing invitation email was opened, plus every instance the document was accessed. This creates a sequence of behavior — invitation sent, email opened, document viewed, signed — that demonstrates informed consent.
Field-level timestamps. Every individual signature, initial, or data field gets its own timestamp. If a document requires two signatures on two separate pages, each action is logged independently. This granularity matters when disputes involve partial completion or alleged coercion.
Geographic and session data. Beyond the IP address, GoodSign logs the geographic location associated with the signing session. Combined with device and browser data, this builds a detailed behavioral profile of each signing event.
The completion certificate. When a document is fully executed, GoodSign generates a completion certificate — a standalone summary document containing the full audit log. It includes every signer's name, email address, IP address, browser data, and the timestamp for every action taken. This certificate is delivered alongside the signed document and stored independently, so the evidence exists separately from the contract itself.
The legal enforceability of an electronic signature depends on demonstrating three things: the signer's identity was reasonably verified, they intended to sign, and the document hasn't been altered since signing.
A well-constructed eSignature audit trail addresses all three. IP address and browser data link the signature to a specific device and session. Email interaction logs prove access and engagement with the document. Timestamps establish the sequence of events. The completion certificate ties everything into a single, court-admissible package.
For small businesses, freelancers, and agencies — who often work without dedicated legal teams — this protection is especially important. You may not be able to control whether a client disputes a contract, but you can control how much evidence you have when they do.
This is also why signer IP tracking in eSignature platforms isn't just a technical detail. It's a foundational layer of identity verification that supports the legal standing of every document you send.
Compliance means meeting the minimum bar. Confidence means knowing your documents will hold up beyond the minimum bar.
Plenty of tools will tell you they're ESIGN and eIDAS compliant. Fewer will show you the depth of evidence they actually capture. Before choosing an eSignature platform, ask specifically about what their audit log contains — not just
All rights reserved © GoodSign Limited 2026
2 Stuart St, Ponsonby, Auckland 1011, New Zealand..