IP addresses and browser User Agent strings are stored for each signature/submission - those are the only measures for 'non-repudiation' currently available.
but i think it doens't differ from other mainstream SaaS solutions - if you read through their terms of services - they put 'non-repudiation' liability on users of their services
From my research this has 0 legal validity, at least in germany in regards to the EU eIDAS. They are just smoke and mirrors for companies to make them "feel" secure but without cryptographic ensurances (Advanced Electronic Signature) or TLS like Signed Cryptography (Qualified Electronic Signature) this is just as legally binding or not binding as an E-Mail
> just as legally binding or not binding as an E-Mail
Which is legally binding. In Germany most contracts are free-form contracts (Formfreiheit) and only need declarations of intent in the form of offer and acceptance. This can be a handshake or even a head shake.
Yeah, it’s not like in the spirit of the law you can perform your part of the contract and then get away with saying “I never agreed”.
In the US, we have a federal law that covers electronic contract signing. I believe it’s part of the UCC? (I’m not an attorney, and that area isn’t one I practice with in tech either.)
but i think it doens't differ from other mainstream SaaS solutions - if you read through their terms of services - they put 'non-repudiation' liability on users of their services