A signed contract from last quarter shows the counterparty signed from an IP in Singapore. They claim they were in London at the time. The IP is one data point — useful, not conclusive.
What gets recorded
A typical signing platform captures, at each event:
- IP address of the signer's connection. - User agent — operating system, browser, version. - Sometimes geolocation estimated from IP (city-level, not precise). - Device fingerprint in some advanced signing flows.
These are recorded in the audit trail and travel with the signed document.
What IP can and can't tell you
IP addresses identify the network the signer connected from — corporate office, home broadband, mobile network. They don't identify the person.
VPNs, proxies and corporate egress all mask the signer's actual location. An IP in Singapore could be a VPN exit node for someone in London. Treat IP as one circumstantial signal, not as identity proof.
When IP and device matter
For disputed signatures where the signer claims they weren't the one who signed, IP data combined with other signals (the device fingerprint, the time, the typical patterns of that signer) is corroborating evidence.
For regulated industries with stricter identity requirements (financial services, certain government work), platforms supplement IP with phone verification, ID document upload, or biometric checks — strong identity proof rather than circumstantial.
FAQ
Is recording IP a GDPR issue?
IP addresses can be personal data under GDPR. Signing platforms record them under the legitimate-interest basis of evidencing the signature. Document this in your privacy notice if you process signing data.
Can I sign anonymously?
No. The whole point of a signature is attribution. Anonymous signing is a contradiction.
What if a signer uses a VPN?
The IP shows the VPN exit, not the signer's true network. Combined with email verification and device fingerprint, this is usually sufficient identity evidence.
Does Flint record device fingerprints?
Flint records IP and user agent for each signing event, which is standard for the SES level. Heavier device fingerprinting is used for higher-trust signing flows.
IP and device info are corroborating evidence, not identity proof. Flint records both and bundles them into the audit trail.