Signatures are burned in, not overlaid. Every version is hashed and preserved.
When a signature is applied to a document, IUSign permanently burns the signature into the PDF's raster layer using PyMuPDF. The resulting PDF is re-hashed with SHA-256, creating a new version.
When a signer submits their signature, the signature image is positioned on the PDF.
PyMuPDF renders the page at 300 DPI, embedding the signature, signer name, timestamp, and IP into the raster layer.
The flattened PDF is saved as a new version (v2, v3, ...) with a SHA-256 hash.
The previous version is preserved — the last 10 versions are always accessible.
Each version's hash is recorded in the audit trail.
PDF flattening via fitz (PyMuPDF): page.insert_image() + page.set_rotation() + doc.save() with incremental=False.
Signature appearance includes: signature image (scaled), signer name (font: Helvetica 10pt), timestamp (ISO 8601), IP address.
SHA-256 hash computed via hashlib.sha256(file_bytes).hexdigest() after flattening is complete.
Version metadata stored in envelope_versions table: { envelope_id, version_number, file_path, sha256_hash, created_at, created_by }.
Many e-signature platforms overlay signatures as separate PDF annotations. These can be removed, moved, or modified by any PDF editor. IUSign's flattening approach renders the signature into the PDF's content stream — it becomes part of the document's visual content.
The last 10 versions are retained per envelope. This balances audit completeness with storage efficiency. Each version has its own SHA-256 hash.
Create your free account and send your first document in under 3 minutes.
Get Started Free