A signature is only as strong as the record behind it. This guide covers the three pieces of that record in GingerDocs: the audit log every document carries, the controls on share links, and the verification page anyone can use.
The hash-chained audit log
Every meaningful event in a document’s life — created, sent, viewed, signed, declined, voided — is appended to its audit log with a timestamp and the IP address it came from. The log is append-only: events are never edited or removed.
Each entry is chained to the previous one with a SHA-256 hash, the same construction used in tamper-evident ledgers. Altering any past entry would break the chain for every entry after it, which makes after-the-fact tampering detectable rather than deniable.
Sharing a document securely
When you need to show a document to someone outside the signing flow, create a share link. Each link is a long random token, and you control three guards on top of it:
- Password — the viewer must enter a password you set.
- Expiry — the link stops working after a date you choose.
- Max views — the link dies after a set number of opens.
Downloads and storage
Files are encrypted with AES-256 at rest and TLS in transit, and download URLs are short-lived — they expire five minutes after they are issued, so a leaked link in a chat log or email goes stale almost immediately.
Verifying a completed document
Anyone holding a completed GingerDocs PDF can check it against the platform’s records on the verification page — no account needed. Verification confirms the document matches what the audit log says was signed, which turns "is this the real signed copy?" from an argument into a lookup.