How DocuSign uses transaction data and the Certificate of Completion
DocuSign uses transaction data from activities occurring on the DocuSign eSignature service platform to establish a neutral, third-party audit trail that can be used by all parties involved in a transaction, as well as DocuSign, to validate a transaction’s authenticity.
What is transaction data?
Transaction data is metadata about activities, events, and actions that occur in the normal course of users starting, progressing, and completing their digital transaction on the DocuSign eSignature service.
A helpful analogy is when a courier service delivers an envelope from one party to another. The courier service tracks when an envelope is picked up, its progress through distribution centers or airline facilities, and when it’s delivered to the recipient (who may be required to sign for it). This information is available to both parties throughout the process, as well as after the delivery is completed for confirmation or future reference.
Similarly, the DocuSign eSignature service provides a record of activities in support of a customer’s transactions on the platform. This metadata serves multiple purposes, including providing an audit trail if a transaction is ever challenged.
What types of information are included?
Transaction data includes some information provided by the sender (e.g. an email address), as well as information generated by the DocuSign eSignature service (e.g. the date/time of an action), and falls into three general categories:
- Description of the envelope and parties involved, such as recipient names and email addresses, and the method designated by the sender to authenticate a recipient’s identity (if applicable)
- Time of occurrence and key events and actions, such as:
- When an envelope is sent or viewed
- A recipient’s acceptance of the Electronic Records and Signature Disclosure consenting to receive notices electronically
- Status designations indicating if an envelope was declined or voided
- System-level tracking, such as an Internet Protocol (IP) address and other online identifiers and location data
Is transaction data distinguishable from eDocument content?
Transaction data provides limited information about DocuSign envelope activities and doesn’t include the envelope’s associated eDocuments.
eDocuments are encrypted during upload to the DocuSign eSignature service and remain so while stored there. The customer is the eDocument owner, and DocuSign employees can’t access the content within an eDocument. Moreover, the DocuSign eSignature service also applies a tamper-evident seal when a customer downloads their eDocument, helping ensure it isn’t altered after the fact.
How is transaction data used?
There are three primary uses for transaction data: audit trail, objective data, and validity. In support of each of these activities, the DocuSign eSignature service generates a Certificate of Completion, an electronic record that serves as an audit trail and proof of the transaction for all authorized participants, as well as in court, if necessary.
Audit Trail
Transaction data provides an audit trail of the transaction, allowing DocuSign to function as a neutral third party in the event a customer’s transaction is challenged—even if it’s related to the transaction’s very existence. For example, a customer can use the audit trail to confirm who the sender and recipients were and that a document was signed at a specific time.
Objective Data
Customers and all recipients have objective data that confirms envelope delivery and the signing ceremony were completed. For example, the sender can confirm the recipient received the envelope, and the recipient can confirm the envelope was returned to the sender—all via the DocuSign eSignature service.
Validity
By design, the DocuSign eSignature service generates a range of transaction data—including participants, actions, timestamps, and systems-level tracking—that supports the validity of court-admissible electronic signatures.
How is transaction data maintained?
In order to produce an audit trail and provide reference information, the DocuSign eSignature service retains transaction data during the time of a customer’s subscription and after it has ended. DocuSign will continue to protect and secure transaction data even when a customer no longer has a current subscription with DocuSign.
Even if requested by a customer, DocuSign can’t delete or export transaction data from the DocuSign eSignature service due to the need to validate transactions on behalf of a customer or recipient at any point in the future. Moreover, the DocuSign eSignature service isn’t architected to provide this capability.
However, customers may download, save, and print both eDocuments and Certificates of Completion at any time during their subscription period. The sender of an envelope may also purge their eDocuments at any time during their subscription, removing them from the DocuSign eSignature service (after a short queue period).
Where to find additional information
Supplemental information about the Certificate of Completion and a related document called Document History is available in the DocuSign User Guide.