Letter e-signatures

1. Open any issued letter → click Request signature.
2. Confirm signer name + email + optional expiry (7/14/30/90 days).
3. System emails the signer a link to /sign/<token>.
4. Track status on the issued-letters list — PENDING → SIGNED / DECLINED / EXPIRED.
5. After signing, download the original letter + the appended audit page (IP, UA, hash, signed-at).

1. Opens the link — no login needed.
2. Reads the rendered letter (HTML, with letterhead + footer).
3. Types name OR draws signature on touch / mouse canvas.
4. Ticks IT-Act §3A consent statement.
5. Clicks Sign now → success page + confirmation email.
6. Can also Decline with optional reason (recorded; no signature captured).

• Each request gets a random 24-byte opaque token (no PII in the URL).
• At issue, we compute SHA-256 of (content + header + footer + signer email + token). At sign-time we recompute — if HR edited the letter in between, we refuse to sign and show a clear tamper warning.
• IP, User-Agent, exact timestamp captured server-side. Not editable post-signing.
• Signature data limit 150 KB (typed text OR canvas PNG data URL).
• HR can Revoke a PENDING signature any time.
• Expiry auto-flips PENDING → EXPIRED on link resolve.

India: §3A & §10A of the Information Technology Act, 2000. EU: eIDAS Regulation (910/2014) — qualifies as an "advanced electronic signature" (AES). US: ESIGN Act (15 U.S.C. §7001). The audit page is part of the signed document and shows up as the last page of any download.