Help center
E-Signature

E-sign a document

E-signature is built into BopSuite — no DocuSign, no HelloSign, no extra subscription. Available on Practice plan and above.

When to use it

Common use cases that ship with starter templates:

  • Engagement letter — confirming scope, fee, retainer (law + CPA)
  • Retainer agreement — for matters with recurring or trust-fund-style billing
  • Consent to represent — joint-representation acknowledgments
  • IRS Form 8879 — e-file authorization for tax returns

You can also build custom signature templates from scratch.

Sending a document for signature

From a matter → Signatures card → Send for signature.

  1. Pick a template (or "Blank document" for a one-off)
  2. Review the auto-merged fields — your firm name, client name, today's date are pre-filled
  3. Optionally toggle "Requires firm counter-signature" (for engagement letters and retainers — defaults to yes)
  4. Click Send

The client receives an email with a magic link.

What the client sees

The signature page (/sign/[token]) walks the client through a deliberately three-step process to satisfy UETA and the E-SIGN Act:

Step 1 — Consumer Disclosure + Consent

A plain-language panel explains:

  • What document they're signing
  • That they're agreeing to use electronic records
  • That they can request a paper copy
  • That they can withdraw consent for future documents

A required checkbox: "I agree to use electronic records and signatures." The Continue button is disabled until checked.

This is consent, the first of the four UETA pillars.

Step 2 — Read + sign

The full document body renders inline. Below it:

  • Signature pad — toggle between Type and Draw
  • Explicit copy: "By clicking Sign, I am signing this document electronically and agree to be legally bound by it."
  • The Sign button

Clicking Sign captures intent, the second pillar.

Step 3 — Confirmation

A "Successfully signed" panel with:

  • Download link to the signed PDF (long-lived signed URL, valid 1 year)
  • Status that the firm needs to counter-sign (if applicable)

The client also gets an email confirmation with the same download link.

Counter-signing as the firm

If counter-signature is required, the matter's signature card shows the request as Awaiting countersign. From the signature detail page → Counter-sign.

Same canvas (type or draw), same intent capture, no consent step (you're already authed). The PDF re-renders with both signatures + an updated audit page, status flips to Completed, both parties get emails with the final signed PDF.

What's in the signed PDF

The final signed PDF has three parts:

  1. The document body — exactly what the client agreed to, with the signature drawn or typed on the placeholder line
  2. A second signature page if counter-signed
  3. Certificate of Completion (final page) — the audit trail:
    • Both signers' names + emails
    • IP addresses captured at sign time (from the request x-forwarded-for header)
    • User agent strings (browser + OS at sign time)
    • Timestamps for every event: sent, opened, consented, signed, countersigned, viewed-completed
    • The SHA-256 content hash of the rendered document
    • Citation: "This signed record satisfies 15 USC § 7001 (E-SIGN Act) and the Uniform Electronic Transactions Act (UETA)."

The hash is the integrity pillar — anyone can verify the signed PDF wasn't altered after signing by re-hashing the content and comparing.

The four UETA pillars, mapped

UETA pillar How BopSuite satisfies it
Consent Required checkbox + plain-language disclosure on the interstitial
Intent Explicit "By clicking Sign, I am signing electronically" copy + click event captured
Attribution Magic-link to a verified email + IP + UA + signature artifact (typed name or drawn)
Integrity SHA-256 hash of signed content; signed PDF written once and never updated

This is a v1 implementation. It satisfies the 49 states with UETA plus the federal E-SIGN Act for standard intake-style documents (engagement letters, retainers, consents, 8879s).

What this is NOT

For full transparency, here's what's explicitly out of scope in v1:

  • Notarization (RON / IPEN) — separate KYC + state-recognition surface, deferred to v2
  • Multi-party sequential ordering beyond client → firm — also v2
  • ID verification (KBA, biometric, government ID upload as identity proof) — v2
  • Witnesses — uncommon for these document types, deferred
  • HIPAA-grade signing — explicitly out of scope per our policy

If your matter requires notarization or witnesses, send the document through a specialized service for that step and use BopSuite for the rest.

Voiding + resending

The signature detail page has both options:

  • Resend — works on sent and viewed states; regenerates the access token, bumps the expiry +30 days, sends a fresh email. Old link 404s.
  • Void — works at any pre-completed state. Marks the request voided, invalidates the magic link. Old link 404s. Stays in the audit log.

Templates

Settings → Signature templates → manage your firm's reusable docs.

Each template is markdown with merge fields like {{firmName}}, {{clientName}}, {{matterName}}, {{date}}. We ship 4 starter templates per industry. You can clone any of them to customize.

What's next

Back to help center

Was this helpful?

Email us at hello@bopsuite.com with feedback or suggestions.