Certified sign-off

“But I never approved that.”
Yes, you did. Here's the certificate.

In most feedback tools, approval is a green checkmark that nobody can prove later. In Tack, every approval and A/B decision is a certified electronic signature with evidence both sides can trust — designed transparently, so it protects your client exactly as much as it protects you.

What happens when a client approves

01

The client signs — knowingly

At the moment of approval, your client types their full legal name as a signature and ticks an explicit consent line. No dark patterns, no buried terms: informed consent is what makes an electronic signature worth anything.

02

Tack freezes the evidence

The instant they sign, Tack computes a SHA-256 fingerprint of every approved file (proof of the final version), hashes the entire review conversation, and records the time, IP address and device details — all disclosed to the signer.

03

Both parties get the certificate

A PDF certificate is generated and digitally signed (PKCS#7). The client downloads their copy immediately; yours lives in the project's Approvals tab. Change a single byte of the PDF and the signature breaks.

04

Anyone can verify it

Every certificate has a public verification page. Drop a copy of the PDF and it's hashed in the browser — never uploaded — and compared against the registered fingerprint. Genuine or not, in one second.

What's inside the certificate

  • Certificate ID (e.g. TACK-2026-8441CC) and issue time
  • Project name and the exact decision (approved / changes requested / variant chosen, with the client's reason)
  • Both parties: your identity (personal or agency) and the client's name, email and typed signature
  • SHA-256 fingerprint of every approved file — the “final version” proof
  • A hash of the complete review conversation: every comment, reply and vote
  • Consent text as shown at signing, plus time, IP and device evidence
  • The verification link and instructions

Why “tamper-evident” beats “uneditable”

No PDF on earth is literally impossible to edit. What matters is that editing is detectable: Tack certificates carry a cryptographic signature over every byte. Open one in Adobe Acrobat and the signature panel confirms it's intact — flip a single character and it screams.

On top of that, the certificate's own SHA-256 fingerprint is registered with Tack. The public verification page compares any copy against the registered fingerprint — hashing happens in your browser, the file is never uploaded.

Tack collects signing evidence transparently with the signer's consent, following the practices of e-signature law (ESIGN/UETA, eIDAS). Nothing here is legal advice — for high-stakes contracts, talk to a lawyer.

A/B decisions are signed too

When a client picks Variant A over Variant B, Tack requires a reason and logs the choice with the same evidence and certificate. Six months later, you'll know exactly which direction was chosen, by whom, and why.

Ship the work. Keep the receipts.