> ## Documentation Index
> Fetch the complete documentation index at: https://docs.clearpolicy.app/llms.txt
> Use this file to discover all available pages before exploring further.

# How attestations work in ClearPolicy

> Learn how ClearPolicy sends attestation requests, what recipients experience on the signing page, and what gets recorded when a request is completed.

An attestation is the record created when a recipient confirms they have read and agreed to a document. ClearPolicy manages the full workflow: sending a request by email, guiding the recipient through a simple completion page, and storing a tamper-evident record of the response. No accounts, apps, or downloads are required for recipients.

## Attestation types

ClearPolicy supports two types of attestation, which you set at the document level and can override per request:

<Tabs>
  <Tab title="Acknowledgment">
    The recipient reads the document and clicks a button to confirm they have read and understood it. This is the simplest form of attestation — one click, no typing required. Use acknowledgments for policies and notices where a confirmed read is sufficient.
  </Tab>

  <Tab title="Signature">
    The recipient reads the document and types their full name as a signature. The typed name is recorded as part of the attestation record. Use signatures when you need a more formal expression of agreement.
  </Tab>
</Tabs>

## How requests are sent

When you send an attestation request, ClearPolicy:

1. Creates a request record linked to the specific document revision and the recipient.
2. Stores the recipient's name and email on the request at the time it is sent.
3. Generates a unique, personal token for that recipient.
4. Sends an email to the recipient containing a link that includes their token.

Each link is specific to one person and one request — it cannot be used by anyone else.

<Note>
  Open requests keep the name and email from when they were sent. If you later edit the person's profile, pending requests still use the original recipient details. Request emails and reminders go to the address on the request, not the person's current email.
</Note>

## The recipient experience

The recipient clicks the link in their email and lands on a public page that shows the document content. The page requires no login. From there, depending on the attestation type:

* For an **acknowledgment**, they click to confirm they have read the document.
* For a **signature**, they type their name into a field and submit.

Once submitted, the page confirms their completion and offers a downloadable receipt.

If the person has other pending document requests, the page also shows those documents in a **Pending requests** section. After the person completes the current document, they can click **Review next document** to continue with another pending request.

If the sender included a [recipient message](/guides/send-requests#add-a-recipient-message), it appears as a highlighted note on the attestation page and in the email, giving the recipient additional context about why they received the request.

If the request has an [expiration deadline](/guides/request-expiry), the attestation page displays a warning banner with the deadline so the recipient knows when they need to complete it. The expiration date also appears in the request details on the page.

<Note>
  Recipients access their attestation page through a personal link only. If they lose the email, you can send them a reminder from within ClearPolicy.
</Note>

## What gets recorded

When a recipient completes a request **online**, ClearPolicy creates an attestation record that captures:

* **Timestamp** — the exact date and time of completion.
* **IP address** — the network address of the device used.
* **User agent** — the browser and operating system information.
* **Signature name** — for signature-type attestations, the name the recipient typed.
* **Document hash** — a cryptographic fingerprint of the document content at the time of signing, used to verify the document has not been altered.

These details form an auditable electronic record that can be downloaded as a receipt with a certificate of attestation.

When a team member records [paper on file](#paper-on-file) instead, ClearPolicy stores the uploaded signed paper copy, the completion timestamp, and which team member recorded it — not the electronic signature fields above.

## Request lifecycle

An attestation request moves through the following statuses:

<AccordionGroup>
  <Accordion title="Sent">
    The email has been delivered to the recipient. They have not yet opened the attestation link.
  </Accordion>

  <Accordion title="Viewed">
    The recipient has opened their personal link and viewed the document.
  </Accordion>

  <Accordion title="Attested">
    The recipient has completed the request. A permanent attestation record has been created.
  </Accordion>

  <Accordion title="Canceled">
    The request was canceled before the recipient completed it. A request can be canceled manually by your team, or automatically by ClearPolicy when a [newer revision supersedes](#superseded-requests) the one the request was sent for.
  </Accordion>

  <Accordion title="Expired">
    The request passed its expiration date without being completed. Expired requests can no longer be completed by the recipient. You can configure requests to expire automatically in your [organization settings](/guides/request-expiry).
  </Accordion>

  <Accordion title="Bounced">
    The request email bounced and could not be delivered to the recipient's inbox.
  </Accordion>

  <Accordion title="Delivery failed">
    The request email could not be sent or was rejected by the recipient's mail provider.
  </Accordion>

  <Accordion title="Complained">
    The recipient or their mail provider marked the request email as spam.
  </Accordion>
</AccordionGroup>

Delivery failure statuses reflect pending requests whose latest email could not be delivered. ClearPolicy pauses reminders for a request while it needs delivery follow-up. Other open requests for the same person are not affected. To try again, open the request, click **Review**, and either retry delivery to the same address or [update the email and resend](/guides/manage-requests#fix-a-delivery-failure).

## Superseded requests

When you publish a new revision of a document and send fresh requests, ClearPolicy automatically cancels any pending requests that were tied to an older revision of the same document for the same person. This keeps your request list clean and ensures recipients only receive the latest version.

For example, if you sent a request for version 1 of a policy and then published version 2 and sent new requests, any still-pending version 1 requests are automatically canceled. The activity log for each canceled request shows "Superseded by a newer revision" so you can see exactly why it was closed.

<Note>
  Only pending requests are affected. Requests that have already been completed, expired, or manually canceled are not changed.
</Note>

## Sending reminders

If a request is still pending, you can send the recipient a reminder email. The reminder delivers the same personal link to their inbox so they can complete the request without searching for the original email. You can also [set up automatic reminders](/guides/reminders#set-up-automatic-reminders) to follow up with recipients on a schedule.

ClearPolicy does not send reminders while a request needs delivery follow-up. See [when reminders are not sent](/guides/reminders#when-reminders-are-not-sent) for how to follow up after a bounce or delivery problem.

<Tip>
  Use reminders to follow up with people who have viewed but not yet completed a request — this is often the most effective nudge to drive completions.
</Tip>

## Paper on file

Electronic completion is the default path: the person opens their link and finishes the request online. When someone cannot or will not complete online — for example wet ink is required, they prefer paper, or they cannot use the link for that step — a team member can still keep a complete record in ClearPolicy.

**Paper on file** means a team member records that they obtained a wet-ink signature or paper acknowledgment on a **pending** request and **uploads the signed paper copy** (PDF or image). A file is always required.

### What happens

1. An authorized team member opens a pending request.
2. They choose **Record Paper Signature**.
3. They upload the signed paper copy and confirm they obtained the wet-ink completion from that person.
4. ClearPolicy marks the request complete for that document revision. Compliance status for that revision updates the same way as an electronic completion (typically **Compliant** when the request is on the latest published revision).
5. Reminders stop for that request. Activity shows **Paper Signature Recorded**.

### How paper differs from electronic completion

|                 | Electronic                                                         | Paper on file                                                      |
| --------------- | ------------------------------------------------------------------ | ------------------------------------------------------------------ |
| Who completes   | The person, online                                                 | A team member records after collecting paper                       |
| Evidence stored | Typed name (for signatures), timestamp, IP, browser, document hash | Uploaded signed paper copy, timestamp, team member who recorded it |
| Download label  | **Download Signed Document** or **Download Acknowledged Document** | **Download Uploaded File**                                         |
| Status note     | Completed online                                                   | **Paper on file**                                                  |
| Certificate     | Electronic attestation certificate included                        | No electronic certificate                                          |

Paper on file is **not** an electronic signature under ESIGN or UETA. Prefer electronic completion whenever it is practical. Use paper on file when you need one place for compliance tracking and the person cannot finish online.

For the step-by-step workflow, see [record paper on file](/guides/manage-requests#record-paper-on-file).

## Downloadable receipts

Once a request is completed **online**, a PDF receipt is available for download. The receipt includes the document content, the attestation details (timestamp, IP address, type), the signature name if applicable, and an electronic certificate of attestation.

For **paper on file** completions, download **Download Uploaded File** to get the signed paper copy your team uploaded. There is no electronic certificate for paper completions.
