Documents & E-Signatures

Audit Trail & Certificate

What BookYourPTO captures for every signature, the certificate page appended to completed documents, optional cryptographic PDF signing, and who is allowed to view the audit trail.

Audit Trail & Certificate

Every signed document in BookYourPTO carries a complete, tamper-evident record of who signed, when, and from where. This is what makes an electronic signature defensible.

What's captured per signature

For each signature, the system records:

Captured valueWhy it's recorded
Consent timestampProves the signer consented at a specific moment
IP addressNetwork origin of the signing session
User agentDevice/browser used to sign
Signature integrity hashA cryptographic integrity hash of the signature
Signature imageThe drawn signature itself
Signer timezoneSo timestamps display in the signer's local time
Geolocation (lat/long)Physical location at the time of signing

Beyond signatures, every sign, decline, upload, and reminder writes an audit log entry — the full lifecycle of the document is on record.

The certificate page

When a document is completed, a certificate page is appended to the PDF, one entry per signer, containing:

  • The signer's name and email
  • An "acknowledged on" timestamp shown in the signer's own timezone
  • The embedded signature image
Why timestamps use the signer's timezone. A signature dated "9:00 AM" is only meaningful if you know whose 9:00 AM it was. The certificate pins each acknowledgment to the signer's local time so the record isn't ambiguous across regions.

Optional cryptographic PDF signing

Organizations can go a step further and apply cryptographic PDF signing using an organization certificate (P12). This seals the finished PDF so any later modification is detectable by standard PDF readers — not just by BookYourPTO.

Downloading the certified copy

To download a completed document with its certificate page appended, use the with certificate option, which maps to:

GET /api/documents/:id/download?withCertificate=true

A plain download (without the flag) returns the document without the appended certificate.

Who can view the audit trail

The audit trail is sensitive — it contains IP addresses and locations — so visibility is restricted:

GET /api/documents/:id/audit-trail   →   ADMINISTRATOR / EXECUTIVE only
Why admin/exec only. The audit trail exposes IP addresses and geolocation for every signer. Limiting it to administrators and executives keeps that personal metadata out of peer view while preserving it for compliance.

Roles & permissions

RoleView audit trailDownload with certificate
EMPLOYEENoTheir own completed documents
DEPARTMENT_HEADNoAs scoped
ADMINISTRATORYesYes
EXECUTIVEYesYes

Troubleshooting

Error / symptomCauseFix
403 when opening the audit trailAudit trail is admin/exec onlyAsk an administrator or executive to retrieve it
Downloaded PDF has no certificate pageDownloaded without the certificate flagUse the download with certificate option (?withCertificate=true)
Certificate timestamp looks "wrong"It's shown in the signer's timezone, not yoursThis is by design — the certificate pins to the signer's local time
Verification code (DOC-XXXXXX) not presentDocument isn't fully completed yetThe code and certificate are generated only once all signers finish