Certified sign-off
“But I never approved that.”
Yes, you did. Here's the certificate.
In most feedback tools, approval is a green checkmark that nobody can prove later. In Tack, every approval and A/B decision is a certified electronic signature with evidence both sides can trust — designed transparently, so it protects your client exactly as much as it protects you.
What happens when a client approves
01
The client signs — knowingly
At the moment of approval, your client types their full legal name as a signature and ticks an explicit consent line. No dark patterns, no buried terms: informed consent is what makes an electronic signature worth anything.
02
Tack freezes the evidence
The instant they sign, Tack computes a SHA-256 fingerprint of every approved file (proof of the final version), hashes the entire review conversation, and records the time, IP address and device details — all disclosed to the signer.
03
Both parties get the certificate
A PDF certificate is generated and digitally signed (PKCS#7). The client downloads their copy immediately; yours lives in the project's Approvals tab. Change a single byte of the PDF and the signature breaks.
04
Anyone can verify it
Every certificate has a public verification page. Drop a copy of the PDF and it's hashed in the browser — never uploaded — and compared against the registered fingerprint. Genuine or not, in one second.
What's inside the certificate
- Certificate ID (e.g. TACK-2026-8441CC) and issue time
- Project name and the exact decision (approved / changes requested / variant chosen, with the client's reason)
- Both parties: your identity (personal or agency) and the client's name, email and typed signature
- SHA-256 fingerprint of every approved file — the “final version” proof
- A hash of the complete review conversation: every comment, reply and vote
- Consent text as shown at signing, plus time, IP and device evidence
- The verification link and instructions
Why “tamper-evident” beats “uneditable”
No PDF on earth is literally impossible to edit. What matters is that editing is detectable: Tack certificates carry a cryptographic signature over every byte. Open one in Adobe Acrobat and the signature panel confirms it's intact — flip a single character and it screams.
On top of that, the certificate's own SHA-256 fingerprint is registered with Tack. The public verification page compares any copy against the registered fingerprint — hashing happens in your browser, the file is never uploaded.
Tack collects signing evidence transparently with the signer's consent, following the practices of e-signature law (ESIGN/UETA, eIDAS). Nothing here is legal advice — for high-stakes contracts, talk to a lawyer.
A/B decisions are signed too
When a client picks Variant A over Variant B, Tack requires a reason and logs the choice with the same evidence and certificate. Six months later, you'll know exactly which direction was chosen, by whom, and why.