ESIGN & UETA Compliance

ESIGN and UETA generally consider an electronic signature enforceable when four things are true. NibSign is built to satisfy each one:

• Intent to sign — every signer takes an explicit action (drawing or typing a signature, clicking through fields) before the document is finalised.
• Consent to do business electronically — signers must tick "I agree to use electronic records and signatures" before any signing action is unlocked. The consent timestamp, IP address, and device are captured.
• Association of signature with the record — signatures, initials, and field values are embedded directly into the final PDF and tied to a tamper-evident SHA-256 hash.
• Record retention — the signed PDF and an appended audit certificate (with signer details, IPs, devices, and a full event timeline) are stored in your account and emailed to every party.

Before a signer can place any field, NibSign presents a clear, dismissible consent screen. The signer must:

• See the document title and their own identity (name and email)
• Be offered a clearly-labelled "Download before signing" option
• Tick "I agree to use electronic records and signatures"
• Click "Agree & continue" to record consent

Consent is stored server-side with a timestamp, the IP address of the signer, and the browser user agent — values that cannot be spoofed from the client.

Each signer receives a unique signing URL. The URL is tied to a single signer record and cannot be shared to sign as somebody else. Viewing, downloading, consenting, and signing actions are each recorded with the signer's identity, IP address, and device.

When the last signer completes the document, NibSign generates a single final PDF that contains every signature and field value, plus an appended signature certificate. We compute a SHA-256 hash of the original uploaded file and of the final signed PDF, and we print both hashes on the certificate. Any later modification of the PDF will change the hash and break the integrity of the record.

The certificate appended to every signed PDF includes:

• Document title, file name, and internal reference
• SHA-256 hash of the original document
• Each signer's name, email, signing time, IP address, and device
• The consent timestamp and consent IP for every signer
• A chronological event timeline (viewed, downloaded, consented, signed, completed)
• The ESIGN/UETA disclosure language

As soon as the final PDF is generated, NibSign emails a notification to the document owner and to every signer. The signed PDF (with the embedded audit certificate) is available from each party's dashboard and from the link in the email.

Some categories of document are excluded from ESIGN/UETA or require additional formalities — including, for example, wills, certain family-law documents, court orders, and some notices required by other statutes. NibSign does not determine whether a given document is eligible to be signed electronically in your jurisdiction.

NibSign is designed to support ESIGN and UETA compliant electronic signature workflows. Some document types may require additional formalities. Please consult a legal professional for specific legal advice.