Collecting Signatures
How customers sign waivers and how to track submission status.
When Customers Sign
Customers can sign waivers at two points:
- During checkout — if the booked activity requires a waiver, the customer is prompted to sign before completing their booking
- At check-in — staff can send a waiver link or have the customer sign on-site
You can also send waiver links proactively using email or SMS templates with the {{waiver_link_booking:<waiver-uuid>}} variable, which generates a signing link pre-linked to the customer's booking.
Sending Waivers
You can send a waiver signing request email directly from the dashboard in two ways:
From a Booking
- Open the booking and go to the Waivers tab
- Click the Send Waiver button
- Select which waiver to send from the dropdown
- Check the recipients — the booking customer is pre-selected, and any guests with email addresses are also listed
- Click Send Waiver
The signing link in the email will automatically include the booking reference (reservationKey), so the signed waiver is linked to the booking.
From the Waiver Page
- Navigate to Dashboard > Waivers and open a waiver
- Click the Send Waiver button in the action bar
- Search for a customer from your CRM, or manually enter an email address
- Add one or more recipients and click Send Waiver
This is useful for sending waivers outside of a booking context — for example, sending a general liability waiver to a group organizer before they book.
Automated Sending via Workflows
You can also automate waiver delivery using the Send Waiver Sign Request workflow action. For example, automatically send a waiver signing request when a booking is confirmed.
Signing Process
- The customer opens the waiver (via checkout or a direct link)
- They read the terms and conditions
- They fill in any required fields
- They sign using their finger (mobile) or mouse/trackpad (desktop)
- The signed waiver is stored securely
What Happens at Submission
When a customer submits a signed waiver, the system:
- Captures the submission data including all field values, the signature image, and signer identity
- Records forensic metadata including IP address, user agent (browser), and a browser fingerprint
- Builds an audit trail logging when the document was opened, when each field was interacted with, when consent was checked, and the exact submission timestamp
- Generates a signed PDF of the completed waiver with all field values, signatures, and audit information embedded
- Hashes the document using SHA-256 to create a tamper-evident record (both the submission data and the PDF file itself are hashed)
- Stores the PDF securely in cloud storage with the storage location recorded
- Links to the booking and customer if a booking reference or customer match is found
- Emails a copy to the customer if the "Email Copy to Customer" setting is enabled on the waiver
- Creates or updates a customer profile if "Capture Signer as Customer" is enabled, using the signer's name, email, and phone
Submission Data Recorded
| Field | Description |
|---|---|
| Data Hash | SHA-256 hash of the submitted form data for integrity verification |
| File Hash | SHA-256 hash of the generated PDF file |
| Fingerprint | Browser fingerprint of the signing device |
| IP Address | The signer's IP address at time of signing |
| User Agent | The signer's browser and device information |
| Signer Identity | The name(s) of the person(s) who signed |
| Emails | Email address(es) provided on the waiver |
| Phones | Phone number(s) provided on the waiver |
| Metadata | Additional form metadata (JSON) |
| Metadata Hash | Hash of the metadata for integrity |
| Storage Location | Where the signed PDF is stored |
| Booking | The linked booking (if applicable) |
| Customer | The linked customer profile (if applicable) |
Counter-Signature Required Waivers
If a waiver has Require Counter-Signature turned on, the flow above is paused after step 8. Specifically:
- The submission is created and the customer-signed PDF is generated and stored exactly as usual.
- The customer's "Email Copy to Customer" email is deferred — it does not fire on submit.
- The submission lands in a Pending Counter-Signatures queue on the waiver's dashboard page.
- An admin or user with the
waivers:approvepermission must counter-sign (or reject) the submission before the customer receives anything.
When the operator counter-signs, a separate "both-signed" PDF is generated containing the customer's signature plus an appended counter-signature page, and that PDF is what the customer receives via the deferred email. The original customer-only PDF is preserved untouched as the legal record of customer consent at the moment of signing.
See Counter-Signatures for the full reference and the Counter-Sign a Waiver how-to for the operator workflow.
CAPTCHA Protection
The waiver signing page uses Cloudflare Turnstile to prevent automated or fraudulent submissions. Customers must complete the CAPTCHA challenge before submitting their signed waiver.
Tracking Submissions
From the booking detail view, you can see:
- Whether the required waiver has been signed
- When it was signed
- A link to download the signed copy
From Dashboard > Waivers, you can see all submissions with filtering by:
- Date range
- Activity
- Completion status
Each waiver also tracks a submission count and unread count so you can quickly see how many new signatures have come in.
Downloading Signed Waivers
Signed waivers are stored securely and can be downloaded as PDF files:
- From the booking detail
- From the waiver submissions list
- From the customer profile
The PDF includes the complete waiver text, all filled fields, the digital signature image, signer identity information, and a full audit log showing the document timeline (opened, fields filled, consent checked, submitted).