FAQs: Audit Trails in BoldSign

BoldSign’s audit trails deliver a secure, tamper-evident chronicle of every interaction with your documents, from creation to completion. This ensures unbreakable transparency, regulatory compliance, and ironclad legal enforceability for your eSignatures.

Below are clear answers to frequently asked questions:

1. What is an audit trail in BoldSign, and why is it essential?
   An audit trail is a chronological, tamper-proof PDF log of all document actions from sending to completion. It includes IDs, user details, timestamps, IPs, devices, and cryptographic hashes for integrity checks. It proves signature authenticity, ensures compliance with ESIGN, UETA, HIPAA, GDPR, and eIDAS, and defends against disputes or audits.
2. How can I access the audit trail for my documents?
   With a BoldSign account: After all signers complete their actions, go to the My Documents page, locate the document, open its context menu, and select Download audit trail.
   Without an account (as a recipient): A completion email includes either the audit trail attached or a link to view and download it from the View Document page.
3. What specific details does the BoldSign audit trail record?
   • Document details: ID, type, name, status, title, signing order, page count, and timestamps for sending and completion.
   • Sender and recipient info: Names, emails, IP addresses, and devices.
   • Authentication: Identity verification method used.
   • Signature type: Typed, drawn, or uploaded image.
   • Timestamps: Exact dates and times for each action.
   • User activity: Who viewed, signed, or reassigned the document, and when.
     For full details, see our article: What information does the audit trail document contain?
4. Are BoldSign audit trails admissible as evidence in court?
   Yes. Fully compliant with ESIGN, UETA, HIPAA, GDPR, eIDAS, and SOC 2, they use cryptographic hashes and timestamps for non-repudiation. Courts accept them as equivalents to wet-ink signatures.
5. How do BoldSign audit trails prevent tampering and fraud?
   Every action is logged immutably with hashes. Post-signing changes invalidate seals and trigger alerts. Anomalies like mismatched IPs or unauthorized access are flagged. Pair with identity verification for stronger proof and faster dispute resolution.
6. Can I download a signed document combined with its audit trail?
   Yes. Enable Combine Audit Trail in Branding settings. When enabled, the audit trail is automatically merged below the signed document in a single PDF upon download. If not enabled, the signed document and audit trail must be downloaded separately.
7. How do audit trails enhance e-signature security in BoldSign?
   Audit trails enhance security by creating an unbreakable chain of custody. They use AES 256-bit encryption, real-time activity logging, and tamper-evident seals to maintain document integrity. These records confirm delivery, access, and signing actions. For example: Viewed via iOS at IP 192.0.2.1 at 14:32 UTC.
8. When is the audit trail available, and what about completion alerts?
   The audit trail is generated in real time but becomes fully downloadable only after the document is completed. Once completed, BoldSign sends an email to the sender, signers, and CC recipients with the signed document attached. By default, the audit trail PDF is also included. If the total file size exceeds 5MB, the email will contain a secure link for viewing and downloading instead.
9. Does BoldSign support audit trails for signer authentication or verification?
   Yes. BoldSign’s audit trail records the authentication or verification methods used for each signer. This includes email verification, SMS-based one-time passwords, access codes, and ID verification. Each event is logged with the corresponding timestamp, method, and signer details, and is included in the audit trail to support compliance in regulated industries.
10. Can audit trails be customized for international use?
    Yes. Admins can enable Audit Log Localization in the Business Profile. When a signer’s language is set, completed audit trails include both English and the signer’s language.
11. How do BoldSign audit trails support regulatory compliance?
    They align with ESIGN and UETA (U.S.), eIDAS (EU), HIPAA (health), GDPR (privacy), and SOC 2 (security). Exports include consent records and hash proofs. Updates ensure ongoing adherence.
12. What if I spot suspicious activity in an audit trail?
    Check for red flags (for example, hash mismatches, unusual IPs). Contact support via chat or ticket for analysis. Revoke and re-send with verification enabled. Turn on anomaly alerts in settings.
13. How long are audit trails retained in BoldSign?
    Audit trails are stored in the cloud and remain accessible unless the document is permanently deleted by all parties. If the sender deletes it permanently, recipients retain access for 30 days before permanent removal.
14. Can audit trails be customized in BoldSign?
    Audit trails follow a fixed format for legal compliance, but you can customize them by adding your own legal terms and selecting a preferred time zone. These options are available in the branding settings and will appear in the audit trail when the customized brand is used.
15. Is the audit trail available to all parties involved?
    Yes. After completion, all parties with document access can view or download the audit trail. This ensures transparency and accountability.
16. What happens to the audit trail if a document is deleted?
    If a document is permanently deleted in BoldSign, whether manually or through an automatic deletion policy, its audit trail is permanently removed and cannot be recovered. To ensure compliance and maintain records, you should download both the signed document and the audit trail PDF before deletion, or set up automatic backups by integrating BoldSign with cloud storage services such as Google Drive, OneDrive, or Dropbox.
17. Does BoldSign store audit trails securely?
    Yes. BoldSign stores audit trails in secure cloud environments that use encryption and comply with industry standards for data protection and privacy.
18. Can I use audit trails for internal audits or compliance checks?
    Yes. They provide a clear, chronological record ideal for internal audits, regulatory compliance, and quality assurance.
19. Can BoldSign audit trails include multiple languages?
    Yes, BoldSign audit trails can display two versions in different languages: the signer’s preferred language, set by the sender, and the original English version. This ensures the signer can review the document in their chosen language while preserving an unaltered English copy for security and fraud prevention. For more details on localizing audit trail, check our article on How to enable audit log localization in BoldSign?
20. Which API actions and events are recorded in the audit trail?
    BoldSign audit trails capture all document-related events, including those triggered via the API. These include sending, viewing, reassigning, authentication steps, signing through embedded signing links, and completion of the embedded signing process. Each event is logged with timestamps, IP addresses, device details, and cryptographic hashes to ensure security and compliance.
21. Can I add my custom legal terms and conditions to the audit trail?
    Yes. You can add your own legal terms by configuring Branding Settings. Once applied, these terms appear in the audit trail PDF alongside standard compliance details, ensuring your organization’s policies are clearly reflected. For more details on adding custom legal terms, check our article: How to add your custom legal terms to the audit trail?.