1. Getting Started
  2. Document lifecycle

Default document lifecycle

  • Signature order is created: When you create a signature order with createSignatureOrder you send along document blobs with it, upon receiving it we validate it and then double-encrypt it and store it on Azure servers.
  • Signatory signs: Whenever a signatory needs to sign a document we download and decrypt it to show it to the user, once the user signs we embed the signatory evidence (usually eID claims returned by Criipto Verify) inside the PDF and seal it with Criiptos AATL certificate. After sealing the PDF we then again double-encrypt it and store it on Azure servers, ready for the next person to sign.
  • Signature order is closed: Upon closing a signature order we apply a final document timestamp to the PDF to ensure that the data inside is valid for multiple years. You should always request document blobs as part of the close response as this is the last time they will be available. After closing the documents will be deleted from Criipto servers.

You can download your document from the Criipto Signatures API at any point up until after closeSignatureOrder is called.

Auto-expired and cancelled signature orders also have their documents automatically deleted.

Encryption and storage

Documents are stored in Azure Datacenters in Europe, documents are always double encrypted, both by an Azure-managed key and by a non-Azure, fully EU-owned HSM. This protects the documents from any outside access to personal data, in accordance with Schrems-II.

Extended lifecycle

If you wish to extend document lifetime so that it exists on Criiptos servers beyond closeSignatureOrder you can send {retainDocumentsForDays: [number 1-7]} as input to closeSignatureOrder. The documents will then stay available on the signature order until the configured amount of days has passed where at which point they will be deleted from Criiptos servers.

To ensure the highest protection of personal data you must make sure to clean up signature orders as soon as you can verify you have securely stored documents on your own servers, you can do so by calling the cleanupSignatureOrder mutation. The cleanupSignatureOrder is idempotent. If you are ever in a situation where you are uncertain about whether the clean-up mutation succeed, it is better to try it again than not doing anything.

# Query
mutation examplesCloseSignatureOrder(
  $input: CloseSignatureOrderInput!
) {
  closeSignatureOrder(input: $input) {
    signatureOrder {

      documents {

      signatories {
# Variables
  "input": {
    "signatureOrderId": "[]"
  "retainDocumentsForDays": 1