Understanding document signing terminology. From audit trails to zero-knowledge proofs, find clear definitions for every term you will encounter.
A comprehensive, tamper-evident log of every action taken on a document throughout its lifecycle, including creation, viewing, signing, and any modifications. Signavow's audit trail captures timestamps, IP addresses, user agents, and consent records to produce court-admissible evidence of the signing process. Enterprise customers can export audit trails for integration with GRC platforms.
The unbroken, documented sequence of control over a document from creation through signing to archival. Signavow maintains chain of custody through SHA-256 hashing at upload, tamper-evident storage, and comprehensive audit logging. This ensures that any party — internal auditors, regulators, or opposing counsel — can verify the document's integrity at any point in its lifecycle.
A cryptographic mechanism that provides authentication, integrity, and non-repudiation for signed documents. Unlike simple electronic signatures, digital signatures use public key infrastructure (PKI) to mathematically bind the signer's identity to the document. Signavow employs digital signatures at the Advanced and Qualified tiers to satisfy enterprise security policies.
A legally recognised means of indicating consent or approval on an electronic document, as defined under the eIDAS Regulation and ESIGN Act. Electronic signatures encompass a broad range of methods, from typed names to cryptographically secured digital certificates. Signavow supports all tiers to meet enterprise compliance requirements.
A party who has the legal authority to bind themselves or their organisation by executing a document. In enterprise contexts, signatory authority is typically governed by internal delegation policies and board resolutions. Signavow's role-based access controls help organisations enforce signatory authority rules within the platform.
An individual designated to execute an electronic signature on a document within a campaign. Signers are identified by email address and receive a unique, time-limited signing link. Signavow tracks each signer's journey through the workflow — from invitation through to completion — with full audit logging at every stage.
A traditional handwritten signature applied with ink on a physical document. While wet signatures remain legally valid, they introduce friction in enterprise workflows: printing, couriering, scanning, and physical storage. Signavow enables organisations to transition from wet signatures to compliant electronic alternatives without sacrificing legal standing.
The process by which an authorised individual signs a document on behalf of another person or entity, typically under a formal delegation of authority or power of attorney. Delegated signing is common in large organisations where senior executives authorise others to sign routine documents on their behalf. Signavow captures and records the delegation relationship in the audit trail, ensuring transparency and legal defensibility.
A formal commitment defining the guaranteed levels of service availability, performance, and support response times that Signavow provides to enterprise customers. SLAs typically specify uptime guarantees (e.g., 99.9%), maximum response times for support tickets by severity, and remedies (such as service credits) in the event of non-compliance. Enterprise SLAs are negotiated as part of the contract and subject to regular review.
The ability to rebrand Signavow's signing experience with your organisation's own visual identity — including logo, colours, fonts, and domain name — so that signers see your brand rather than Signavow. White-labelling is essential for enterprises that need a seamless, on-brand experience for external-facing document signing. Signavow's white-label capabilities extend to emails, signing pages, and completion certificates.
An electronic signature that meets the enhanced requirements of Article 26 of the eIDAS Regulation: uniquely linked to the signatory, capable of identifying them, created using data under their sole control, and linked to the signed data such that any subsequent change is detectable. AES provides stronger evidential value than SES without requiring the infrastructure of QES. Signavow implements AES as the default signature level for enterprise workflows.
EU Regulation 910/2014 establishing a legal framework for electronic identification and trust services across the European Single Market. eIDAS defines three tiers of electronic signature — Simple (SES), Advanced (AES), and Qualified (QES) — each with increasing levels of legal presumption and security requirements. Signavow supports all three tiers, enabling enterprises to select the appropriate level for each use case.
The Electronic Signatures in Global and National Commerce Act (2000), the US federal law establishing the legal validity of electronic signatures and records in interstate and foreign commerce. ESIGN, together with UETA at the state level, provides the legal foundation for electronic transaction processing in the United States. Signavow's signing workflow is designed to satisfy ESIGN's consent and record retention requirements for enterprise customers operating in US jurisdictions.
The highest tier of electronic signature defined by the eIDAS Regulation, created using a qualified signature creation device and based on a qualified certificate issued by a Trust Service Provider. QES carries a legal presumption of validity equivalent to a handwritten signature in all EU member states. Signavow integrates with qualified Trust Service Providers to offer QES capabilities for transactions requiring the strongest legal assurance.
A set of rules governing how long signed documents and associated audit data are retained before being securely disposed of. Retention policies must balance legal requirements (some industries mandate minimum retention periods of 5-10 years or more), operational needs, and data minimisation principles under GDPR. Signavow allows enterprise administrators to configure retention policies at the organisation, department, or document-type level.
The broadest category of electronic signature under eIDAS, encompassing any data in electronic form attached to or logically associated with other electronic data, used by the signatory to sign. SES includes typed names, scanned signatures, checkbox consent, and drawn signatures. While SES does not carry the legal presumptions of AES or QES, it is legally admissible and sufficient for the majority of commercial contracts. Signavow supports SES for low-risk workflows where speed and simplicity take precedence.
The capability of an organisation to continue delivering products and services at acceptable predefined levels following a disruptive incident. Signavow's business continuity measures include geographically distributed infrastructure, automated failover, regular backup testing, and documented recovery procedures. Enterprise customers receive business continuity documentation as part of the vendor due diligence process.
The requirement that data is stored and processed within specific geographic boundaries, typically to comply with national data protection regulations or corporate governance policies. Signavow supports data residency requirements by offering region-specific storage options within the UK, EU, and other jurisdictions. This ensures that sensitive documents and personal data never leave the approved geographic region.
The international standard for information security management systems (ISMS), published by the International Organization for Standardization. ISO 27001 certification demonstrates that an organisation has implemented a systematic approach to managing sensitive information, including risk assessment, security controls, and continuous improvement. Signavow's adherence to ISO 27001 provides enterprise customers with independently verified assurance of our security practices.
A security model that restricts system access based on the roles assigned to individual users within an organisation. In Signavow, RBAC enables administrators to define granular permissions — such as who can create campaigns, view audit trails, or manage billing — ensuring that users only access the functionality appropriate to their role. RBAC is essential for maintaining the principle of least privilege in enterprise deployments.
Security Assertion Markup Language — an XML-based open standard for exchanging authentication and authorisation data between an identity provider (IdP) and a service provider (SP). SAML enables enterprise SSO by allowing organisations to authenticate users through their existing identity infrastructure (such as Azure AD, Okta, or OneLogin) when accessing Signavow. This ensures compliance with corporate access policies and provides centralised audit logging.
A compliance framework developed by the American Institute of CPAs (AICPA) that evaluates an organisation's controls related to security, availability, processing integrity, confidentiality, and privacy. SOC 2 Type II certification demonstrates that Signavow's controls have been independently audited and found effective over a sustained period. Enterprise customers frequently require SOC 2 compliance as a prerequisite for vendor selection.
An authentication mechanism that allows users to access multiple applications, including Signavow, using a single set of corporate credentials. SSO eliminates the need for separate passwords, reduces credential fatigue, and enables centralised access management. Signavow supports SSO integration via SAML 2.0 and OpenID Connect protocols.
A cryptographic algorithm that produces a fixed-length digest (hash) from any input data, such that even a minimal change to the input produces a completely different output. Hash functions are fundamental to document integrity verification — Signavow computes a SHA-256 hash of every document at upload and embeds it in the audit trail. Any subsequent modification to the document will produce a different hash, immediately revealing tampering.
An architecture in which a single instance of the platform serves multiple independent customer organisations (tenants), with strict logical separation of data, configurations, and access controls. Multi-tenancy enables Signavow to offer enterprise-grade service at scale while ensuring that each organisation's documents, users, and audit trails remain completely isolated from other tenants.
A framework of cryptographic technologies, policies, and procedures that enables secure electronic communication and digital signature verification. PKI uses asymmetric key pairs — a private key held exclusively by the signer and a public key available for verification — to establish trust in digital transactions. Signavow's signature infrastructure leverages PKI to provide authentication, integrity, and non-repudiation for enterprise document workflows.
A cryptographic mechanism applied to a signed document that makes any post-signing modification detectable. Signavow applies a tamper-evident seal combining the document hash, signature data, timestamps, and audit trail into a verifiable package. If any component is altered, the seal verification fails, alerting all parties to potential tampering. This provides the evidential foundation enterprises need for dispute resolution.