Digital Signatures
Collect legally binding electronic signatures from clients.
Digital Signatures
Gatherly allows you to collect legally binding electronic signatures on documents, with full compliance to eIDAS (EU) and ESIGN Act (US) regulations.
How It Works
Legal Validity
Electronic signatures collected through Gatherly comply with:
EU Electronic Identification and Trust Services Regulation
US Electronic Signatures in Global and National Commerce Act
Audit Trail
Each signature includes:
| Data | Description |
|---|---|
| Timestamp | Exact date and time of signature |
| IP Address | Client's IP at time of signing |
| Verified email address of signer | |
| User Agent | Browser and device information |
| Consent | Recorded consent to sign electronically |
| Document Hash | SHA-256 hash for tamper detection |
Signature Field Types
Configure different field types on your documents:
| Type | Description |
|---|---|
| Signature | Primary signature capture (draw or type) |
| Initials | Initial fields for document sections |
| Date | Auto-filled or manual date entry |
| Text | Custom text input fields |
| Checkbox | Agreement checkboxes |
Configuring Signature Fields
When setting up signature items:
- Upload the PDF document
- Click Configure Fields
- Navigate to the page where the field should appear
- Drag and drop the field type onto the document
- Position and resize as needed
- Configure field properties:
- Required or optional
- Custom label
- Field dimensions
Client Signing Experience
When a client signs a document in the portal:
- They view the document with highlighted signature fields
- They can zoom and navigate through pages
- For each field, they:
- Draw their signature (using mouse, trackpad, or touch)
- Or type their signature
- After signing all required fields, they review and confirm
- They receive a confirmation and can download the signed document
Signature Certificates
Each signed document generates a certificate with:
Document Information
- Original document hash (SHA-256)
- Signed document hash
- File name, size, and page count
- Signature field locations with coordinates
Signer Information
- Name and email
- IP address
- Timestamp (RFC 3161 compliant)
- Consent record
Cryptographic Verification
- PKCS#7 digital signature
- Certificate chain
- Timestamp Authority (TSA) token
Timestamp Authority (TSA)
Signatures include RFC 3161 compliant timestamps from trusted authorities:
- DigiCert (production)
- Sectigo (standard)
- Sectigo Qualified (eIDAS-compliant, EU Trust List)
- GlobalSign (production)
This provides independent proof of when the document was signed.
Verification
Automatic Verification
Each signed document can be verified to confirm:
- Document hasn't been tampered with (hash comparison)
- Signature is cryptographically valid
- Timestamp is authentic (TSA verification)
- Consent was properly recorded
Verification Report
Generate a verification report showing:
- All verification checks performed
- Pass/fail status for each check
- Certificate details
- Signer information
Manual Verification
Signed PDFs can also be verified using:
- Adobe Acrobat (shows signature validity)
- Any PDF reader with signature support
Certificate Export
Export signature certificates for your records:
- PEM format - Certificate file
- PKCS#7 (.p7s) - Full signature data
All exports are logged in the audit trail.
Best Practices
- Finalize documents first - Ensure the PDF is final before requesting signatures
- Clear field placement - Position signature fields where signers expect them
- Include descriptions - Help clients understand what they're signing
- Keep copies - Download and store signed documents for your records
- Use timestamps - Always enable TSA for legal compliance