Ratifio is document signing infrastructure for organisations where every signature carries regulatory weight. Tamper-proof chain of custody, 7-year retention, and audit exports your compliance team will actually trust.
Trusted by regulated organisations across fintech, healthcare, and government
Every document is SHA-256 hashed at upload. The hash is recorded immutably before any signer sees the document. This is your proof of original state.
Every action is logged: who viewed it, when they consented, what IP they signed from, which browser they used. Consent text is recorded verbatim. Nothing is inferred.
Export signed audit certificates for any document. Configurable retention from 1 year to 7+ years. When your regulator asks for evidence, you have it — timestamped, hashed, and complete.
The compliance guarantees of DocuSign CLM, without the 6-month implementation or the 6-figure contract.
Every action is logged with IP address, user agent, ISO 8601 timestamp, and document hash. Consent text recorded verbatim. Not a summary — the actual evidence trail your regulator expects.
Financial regulators expect 7 years. Healthcare expects 8-10. Ratifio stores documents and audit trails for the full retention period with immutable logs and automated retention management.
SHA-256 hash at upload, recorded before signing begins. Any modification to the document after upload is cryptographically detectable. This isn't a feature — it's the architecture.
REST API, webhooks, bulk operations, and white-label embedding. Ratifio fits into your existing compliance stack. Integrate with your GRC platform, case management system, or internal workflow.
Zero third-party tracking on the signing page. No analytics cookies, no tracking pixels, no scripts from adtech companies. Your counterparty's data stays between you and them.
eIDAS (EU), ESIGN Act (US), UK Electronic Communications Act. Built to satisfy FCA, SRA, CQC, and ICO requirements. Data residency controls for UK, EU, or multi-region.
"We needed to prove to the FCA that every client signature had a verifiable chain of custody. Ratifio's audit certificates gave us exactly that — IP, timestamp, consent text, document hash. Our compliance officer stopped losing sleep."
Mark T.
CTO, A UK-regulated payment institution
"Moving from wet signatures to electronic was politically difficult in our organisation. Ratifio's audit trail was the thing that convinced our board. It's more verifiable than ink on paper."
Dr. Sarah H.
Clinical Governance Lead, An NHS Foundation Trust
"We process thousands of account opening documents monthly. The API handles bulk sends, the audit trail satisfies our compliance team, and the 7-year retention means we don't have to think about archival. It just works."
Raj K.
Head of Operations, A challenger bank
We've done the homework so you don't have to.
Ratifio's electronic signatures are legally valid under eIDAS (EU), the ESIGN Act (US), and the UK Electronic Communications Act 2000. Our audit trail and retention capabilities are designed to satisfy requirements from the FCA, SRA, CQC, ICO, and equivalent regulators. We provide compliance documentation and can support your regulatory review process.
Standard retention is 7 years (2,555 days), which satisfies most financial services and healthcare regulatory requirements. Custom retention periods are available on Enterprise plans, from 1 year to indefinite. Documents and audit trails are retained for the full period with immutable logs.
Yes. Every signature event includes: document SHA-256 hash (proving document integrity), signer IP address, user agent, ISO 8601 timestamp, and verbatim consent text. These are exportable as signed audit certificates. We've supported multiple organisations through FCA and SRA audits.
UK-hosted AWS infrastructure (eu-west-2) by default. Enterprise plans can configure data residency for EU or multi-region deployment. All data is encrypted at rest (AES-256 via AWS KMS) and in transit (TLS 1.3).
Yes. The REST API supports bulk document creation, recipient management, and send triggers. Webhooks notify your systems in real-time as documents are viewed, signed, or expired. Common integrations include CRM systems, case management platforms, and GRC tools.
Configurable per-workspace: automatic purge, archive to cold storage, or notification to an admin for manual review. Audit logs of the purge event itself are retained separately to prove compliant data handling.
Formally verified. Digitally signed.. Document signing infrastructure for regulated industries. Audit-ready, tamper-proof, built for compliance at scale.
Request a compliance review