The legal framework: ESIGN Act and UETA
The ESIGN Act (15 U.S.C. § 7001 et seq.) and UETA (adopted in 49 U.S. states) establish that electronic signatures are legally equivalent to handwritten signatures for most contracts and documents, provided:
- The parties have agreed to conduct transactions electronically.
- The electronic record accurately reflects the agreement.
- The electronic signature is associated with the signer.
- The record can be retained and reproduced by all parties.
Docuplete's document sessions satisfy all of these requirements by design.
How Docuplete satisfies the legal requirements
Intent to sign
The signer receives a unique tokenised link, is presented with the document, and explicitly acts to apply a signature — satisfying the intent requirement.
Association of signature with the record
The signature event is recorded in the session audit trail, which stores the signer's IP address, device fingerprint, OTP verification event, and timestamp — associating the signer with the signed record.
OTP identity verification
Before signing, Docuplete sends a one-time code to the signer's email address. The signer must enter the correct code to proceed. This confirms they control the email address and creates a verified identity record — going beyond the minimum ESIGN Act requirements.
RFC 3161 trusted timestamp
Every Docuplete signature event receives a trusted timestamp from an independent TSA authority under RFC 3161. This is a cryptographic record of exactly when the document was signed — independently verifiable and not alterable by any party.
SHA-256 tamper detection
A SHA-256 hash of the completed PDF is recorded at the time of signing and stored in the audit trail independently of the document. Any subsequent modification to the PDF — even a single byte — produces a different hash, making post-signing alteration detectable.
Retained record
Signed documents are stored in Docuplete's submission bank and can be downloaded at any time. The audit trail is stored independently of the document and is accessible for the duration of the account.
Where electronic signatures may not apply
The ESIGN Act excludes certain document types from electronic signature validity. Electronic signatures are generally not valid for:
- Wills, codicils, and testamentary trusts
- Court orders and court filings (in most jurisdictions)
- Notices of termination of utility services
- Notice of default, acceleration, or foreclosure of a mortgage or deed of trust
- Notices of cancellation or termination of health or life insurance benefits
- Documents accompanied by notices of recall of a product posing a risk to health or safety
For the document types most relevant to Docuplete users — client intake forms, financial planning questionnaires, retainer agreements, KYC/AML forms, insurance applications, employment documents, and consent forms — electronic signatures are valid and enforceable.
State law note: While UETA has been adopted in most states, always verify that your specific document type and jurisdiction do not have additional requirements (such as notarization or witness signatures) beyond an electronic signature.
The Docuplete signing certificate
Every Docuplete signed document includes a signing certificate page appended to the PDF. The certificate records: session ID, signer email (OTP-verified), signing timestamp (RFC 3161), IP address, device fingerprint, and SHA-256 hash of the completed document. This page serves as the legally defensible audit record in the event of any dispute.
Questions about e-signature compliance?
Talk to us about your specific use case and jurisdiction.