01 / Events
Sent · viewed · signed · declined · expired
Every state change a document goes through is logged with a precise timestamp. If the signer opens the email, opens the document, scrolls, signs, or declines, you have the record.
Security & compliance
Same legal compliance as DocuSign. Less cost. Your brand.
The legal validity of a digital signature comes from compliance with the ESIGN Act and UETA, not from which vendor delivered it. Here’s exactly what SignIQ does to meet that standard.
The standard, plainly stated.
⚖
ESIGN Act (federal)
The Electronic Signatures in Global and National Commerce Act (2000) gives electronic signatures the same legal weight as handwritten ones for most U.S. business transactions. SignIQ meets the ESIGN requirements: intent to sign, consent to electronic records, association of the signature with the record, and record retention.
⚖
UETA (state-level)
The Uniform Electronic Transactions Act covers e-signature validity at the state level. Adopted by 49 states. SignIQ’s signing flow captures the elements UETA requires for enforceability, signer authentication, intent, and a tamper-evident record.
What we log on every envelope.
Every signing event is captured with a timestamp and IP address. The trail is tamper-evident: any alteration to the signed document or its metadata after completion is detectable.
02 / Identity
Signer authentication
Email-based access at minimum. SMS one-time passcode (OTP) verification on Standard. The audit trail captures the authentication method used for each signer.
03 / Intent
Consent capture
Signers explicitly consent to electronic records before signing. The consent itself is logged. Required by ESIGN.
04 / Document
Tamper-evident record
Once a document is fully signed, SignIQ generates a Certificate of Completion that includes signer identities, timestamps, IP addresses, document hash, and event log. Any modification is detectable.
How we protect what you send.
Encryption in transit
All connections use TLS 1.2 or higher. Document uploads, signing sessions, and API calls are encrypted end-to-end.
Encryption at rest
Documents and metadata are encrypted at rest using AES-256. Encryption keys are managed via a managed KMS service.
Access controls
Role-based permissions at the team level (admin / sender / viewer on Standard). Least-privilege access internally. Background checks for staff with production access.
Backups & durability
Documents and audit trails are backed up across availability zones. Our retention policy preserves signed records and their proof certificates for the lifetime of your account.
Where we are. Where we’re going.
Honest status: we don’t fabricate compliance badges. Below is what is true today, and what’s on the security roadmap.
ESIGN Act compliant
UETA compliant
Tamper-evident audit trail
TLS 1.2+ in transit
AES-256 at rest
SOC 2 Type II, In progress
HIPAA (Roadmap)
eIDAS Qualified (Roadmap)
FedRAMP (Future)
What buyers ask before signing up.
Yes, for U.S. business transactions, SignIQ signatures meet the ESIGN Act and UETA standards. The same standards make DocuSign signatures enforceable. Specific document types (wills, certain real-estate notarizations, court filings) have additional requirements; check with counsel for those edge cases regardless of vendor.
When the last signature lands, SignIQ generates a Certificate of Completion: signer identities, timestamps, IP addresses, document hash, full event log. Any later alteration to the document or metadata changes the hash, which makes tampering detectable.
U.S. cloud infrastructure, encrypted at rest. Our subprocessor list is available on request and via our DPA. See the DPA
Roadmap items, not currently certified. If one is a hard requirement for your evaluation, talk to sales, it informs prioritization.
Yes. Signed documents and Certificates of Completion are exportable as PDFs at any time. Audit logs export to CSV. The API exposes the same data programmatically for Standard tier.