Announcing Legal Signing 4.0

Karl  •    —   7 min read

Legal Signing for Gravity Forms version 4.0 will be available July 10th, 2024 via auto-update and for download from the Downloads page.

Version 4.0 sees us introduce some pretty significant infrastructure changes to how the product works behind the scenes that will improve performance significantly in the short term and allow us to provide even better value down the line.

With this version, we’ve fully migrated to our new API server setup, some of which you’ve already been taking advantage of for about a month or so prior to this release.

4.0 also introduces some very important updates to flow of the product that brings us fully in line with Simple eiDAS compliance in the EU!

Let’s break some of the main points down below.

Better performance, stability, and scalability

In April, we completed a move from our previous managed WordPress host to our new self-managed setup using DigitalOcean and SpinupWP.

Previously, both, and the Fillable PDFs API server where PDFs are generated, were being hosted on the same system. This worked well most of the time, but did add a bit of overhead to the performance of the API (and by extension the form submissions on your site(s)), as well as occasionally introducing the potential for outages of the API when we made site updates.

Now, our website and the API server are hosted separately. This alone introduces a demonstrable boost in PDF generation time performance, which in turn speeds up the overall form submission on your site(s) where you’re using Fillable PDFs.

Everything is much faster now, whether it be PDF generation (which improves your form submission time), uploading/editing your templates, loading of template page images in the visual mapper, or even accessing our website to review your licenses or our other product offerings.

Everything is also much more reliable and stable now. While our past uptime was extremely good, the Fillable PDFs API would occasionally be taken down for brief periods when we, or our host, made updates to our website hosted on the same system. These instances were infrequent and often brief, but we knew we could do better with this new setup.

And tied into all of the above (and some more fun stuff below), our setup is much more scalable to our specific needs. It is difficult with a managed WordPress host to find a hosting package that very specifically meets our needs for processing PDF generations through the product without either going overkill in another direction. Now, we have a lot more control over the various aspects of your hosting setup and can increase things individually as we monitor load on the system as we continue to grow.

As a tease for the future, these infrastructure changes will also allow us to implement a Previewer field in a future major version, something we’ve wanted to add for a while, that would allow form submitters to see a live(ish) preview of the document that will be generated with data from the form updated on the fly prior to actual final generation of the PDF.

Previously the rate limiting at our host was a big roadblock for implementing this, but under our new setup, we can now tackle it from a technical perspective. We are aiming to drop a release including the Previewer field later this year.

Legal Signing API Regions

With Legal Signing 4.0 and our server changes documented above, we’ve also implemented the ability to choose specific regions where your PDFs will be generated.

Until now, all PDF generation ran through our API server that is hosted in the United States. This often does not work to meet the needs of customers outside of the US that can’t have their data leaving their region’s borders.

When setting up Legal Signing, you’ll now have the option between choosing between an API server based in the United States or one in the European Union to handle your PDF generation.

All licensing data will still pass through and ping our main site based in the United States, regardless of the region you select, but nothing tied to the actual PDF generations will leave the region you select.

Further to the scalability point mentioned in the first section above, our new hosting setup allows us to easily spin up new regions in the future. So while we only are offering API server regions for the US and the EU currently, we are open to adding more. If you have a specific region you’d like to see added please drop us a line with your request.

We, however, can’t guarantee a specific region you request will be added in the future. We’d like to add a few more, but which regions we add in the future will be a combination of requests from customers and internal decision making factors. Demand from custom submitted region requests will carry the most weight.

There are a couple of things to keep in mind here with this:

Stronger First Signer Verification and eiDAS Compliance

With 4.0 we’ve introduced a major change to the overall signing flow. From now on every signer will have the requirement of verifying their email address by accessing a URL sent to their signer email address.

This was already the case for additional signers in signing workflows, as they are always sent an email notification to their signer email with a unique signing link to access the form, verifying their identity and email.

Now with 4.0, the first signer in a workflow will be required to do something similar. After initially submitting the form and kicking off the signing workflow, the first signer will now be sent an email notification to verify their identity that contains a URL they will need to access. Once that URL sent to them is accessed, their signature will be fully verified.

All signers accessing a signing session using our Document Hub block will also by default have to verify their identity and enter the signing session via email. In this case, we’ve added a block level setting to disable this and revert back to the original block behavior, but we would strongly recommend leaving it on as it only adds more authority to the validity of the eventual generated signed document.

Note: The above change to the block won’t impact existing implementation of the block to best ensure initial backwards compatibility, it is only toggled on by default for new instances of the block you add. We would still recommend always having it enabled, however.

This overall change to signer verification is necessary predominantly to bring us in line with eiDAS compliance in the EU, but it will also give a boost to the validity of signatures and signer identity for our customers outside of the EU.

While something like this isn’t technically a requirement under US e-signature law to be compliant, it is one of those things where more evidence is always going to help your case better should a signature be challenged later down the line.

Trust us, even customers outside the EU will want this change in the long run. With things like this it is always best to think about it more in the sense of compliance is the minimum criteria you need to hit. Anything additional, like this change, you can do to go beyond compliance is always going to help you in the long run overall.

With this additional verification and our server changes allowing you to process data in the EU, rather than the US, EU customers can rest easy knowing they are compliant with their governing body’s e-signature laws.

Note: Just like with individual states in the US, individual countries in the EU may have their own specific e-signature laws, we can’t speak to those directly I’m afraid. It would be your responsibility to run our compliance page past a local legal representative with knowledge of your specific locality’s e-signature laws to get a firm answer.

Release Notes