ProposalKit.io
← Back to Home

How signing works

When a client accepts a ProposalKit.io proposal, both sides walk away with the same contract. This page explains what's in it, what isn't, and why.

What's signed

The signed document contains the proposal as it stood the moment the client pressed accept — every section, every price, every number, plus both signatures:

  • the content (sections, pricing, terms, anything you put in the proposal);
  • the client's signature, with their typed name, title, and timestamp;
  • the sender's signature, if one was added before sending;
  • a cryptographic fingerprint — the payload hash — that stamps all of the above.

The hash is the seal

The payload hash is a 64-character fingerprint of the signed content. Change a single character, a single dollar sign, a single pixel of the logo, and the hash changes completely. Both copies of the signed PDF carry the same hash, so each side can verify the other hasn't altered anything: if the hashes match, nobody touched the record after signing.

The audit trail

Alongside the contract, ProposalKit.io records an audit trail of the signing event. Most of it is on both copies:

  • when the client first opened the proposal and when they last viewed it;
  • when they accepted, and the payload hash at that moment;
  • the client's IP address and browser (their own footprint — evidence they signed).

One piece of the audit trail lives only on the sender's side: the sender's own IP address and browser at the time they pre-signed. The client's downloaded PDF omits it.

Why that difference exists

The sender is the operator of the service. Their network footprint is internal operational data — useful for the sender's own records, not meaningful as contractual evidence for the client. Leaving it on every PDF sent to every prospect would mean leaking the sender's home or office IP address to strangers by default.

It's the same reason a shop's receipt shows your signature on the card slip but not the cashier's home address: the counter- party's personal details aren't part of the contract.

If there's a dispute

Both sides hold a PDF of the same contract with the same hash. Either PDF can be verified against the record stored in ProposalKit.io. If the sender needs to produce the full audit including their own signing IP, they can — it's retained on their account. The client doesn't need it to prove what they agreed to.

Questions

If anything here is unclear or you'd like a specific detail added, email [email protected].