Audit trail & evidence
QSign keeps two complementary kinds of records.
Signing evidence trail (all signers — web + API)
Section titled “Signing evidence trail (all signers — web + API)”The legally-important trail, captured identically whether a document was created in the web app or via the API:
- ESIGN consent per signer — timestamp, IP address, user-agent at the moment of consent.
- Per-recipient signing record — signed/declined status, signing timestamp, decline reason, signer identity, signing method, IP address, and signing order.
- Finalization evidence — the finalized document hash, seal timestamp, and signature method — the basis of the tamper seal.
- Method-specific logs — for the platform notarization/seal step and the Aadhaar (Protean) gateway exchange.
Operational / activity logging
Section titled “Operational / activity logging”- Web-app users — significant actions (auth, account/admin changes) are written to an activity log with acting user, module, action, detail, IP, and timestamp.
- API users — every metered API call is logged (account, endpoint, method, status, IP, timestamp), and outbound webhook deliveries are logged separately.
All records live in the database; treat the signing-evidence records as the primary legal artifact and retain them per your evidentiary requirements.