Signer Management

Crove documents can be signed by one person or many. The People tab on the document detail page is where you manage who fills the document, in what order, and how the system reacts when one of them hands the task off to a colleague.

Adding a respondent

1. Open the document detail page
2. Click the People tab
3. Click Add
4. Enter the respondent's email
5. Pick the role (matches the roles defined on the source template, defaults to default for single-party templates)
6. Crove generates a unique authToken and a fill URL of the form /fill/{authToken} — copy it, or send it via the invitation flow described below

Each respondent gets their own auth token so their fill link is isolated. Sharing or forwarding a link gives the recipient access to that respondent's seat — see Delegation below for the supported way to hand off.

Sending an invitation

The Add respondent flow only creates the seat — it doesn't send an email. To invite via email:

1. Click Invite on a respondent row (paper-plane icon)
2. The default template-level invitation email is rendered with the document name, your name as the sender, and a Sign document button linking to their fill URL
3. Crove tracks delivery + opens via an embedded pixel

You can also resend the invitation later (Resend) or send a reminder (Remind) from the same row.

Automated reminders

Chasing signatures by hand gets old fast. On any document's People tab there's an Auto-remind pending signers card with a toggle and a cadence picker. When on, Crove emails every pending respondent automatically — once per cadence window — until they either complete the form or you turn the toggle off.

Four cadences are allowed: every 1 / 3 / 7 / 14 days. These are the values our UI exposes; anything outside that range is rejected by the server, so you can't accidentally set a 1-minute cadence from the API and spam respondents.

How the cadence is measured:

• If a respondent has never been reminded, the clock starts from when they were added to the document.
• If they have been reminded before (manually via the Remind button, or by the auto-reminder itself), the clock resets from that timestamp.
• Respondents who submitted or whose link is expired are skipped.
• Respondents with no email on file are skipped — there's nothing to remind against.

The job runs once a day at 09:00 UTC, so expect reminders to land during each respondent's morning. Every automated reminder is logged to the audit log as a respondent.reminded event with actorType: system, so compliance reviews can tell automated reminders apart from ones your team fired manually.

Signing order (sequential)

By default, all respondents can fill in parallel. To enforce a sequence:

1. On the source template, open People & roles
2. Toggle Signing order on
3. Drag roles into the desired sequence
4. Save

Then on documents created from that template, each respondent's signingOrder integer reflects their position. Crove's behaviour:

• Only the respondent at position 1 receives an initial invitation
• When they submit, the next-in-line is automatically invited
• Repeat until everyone in the sequence has signed
• The document transitions to completed after the last submission

A respondent's signing order is shown on the People tab as a small numbered chip next to their name in the timeline. Rows sort by signing order ascending — parallel respondents (signingOrder = 0) sink to the bottom.

Per-respondent timestamps

The People tab shows a footnote under each respondent:

• last opened {date} — they viewed the fill page but haven't submitted
• submitted {date} — they completed their portion

Use this to spot stalls — "Acme has been at the open state for 4 days, time to remind."

Delegation

A respondent who's not the right person can forward their signing task to a colleague without you having to intervene. The Delegate button is on the public fill page next to Submit.

Delegating (as a respondent)

1. Open the fill link
2. Click Delegate (forward arrow icon)
3. Enter the new email
4. Optionally add a note ("Sales handles all NDAs")
5. Click Delegate

What happens:

• A new respondent row is created for the delegate, carrying the original respondent's role + signingOrder so the chain still works
• The original respondent's link expires immediately
• The delegate receives an email: "<from> delegated this to you: <document name>" with a fresh fill URL
• Two audit events fire so the chain is traceable:
  • respondent.expired with reason: "delegated" on the original
  • respondent.invited with reason: "delegated_from" on the delegate

Why this is safer than just forwarding the email

• The delegate's link is separate — Crove knows who actually signed
• The original link stops working — no risk of a duplicate submission
• The audit trail records the delegation, including the delegator's note — so for compliance you can prove the chain of custody

When delegation is blocked

Crove rejects the delegation request if:

• The fill link is already expired
• The respondent has already submitted (nothing to hand off)
• The new email matches the current respondent's email (no-op)

In each case the dialog shows a specific error.

Removing a respondent

To remove a respondent who hasn't submitted yet:

1. Open the document
2. People tab
3. Kebab on the respondent row → Remove

This deletes the respondent record. Their fill link stops working immediately. Submitted respondents cannot be removed — that would corrupt the audit trail.

If you've sent an invitation that you regret, removing the respondent doesn't recall the email — it just makes the link non-functional. To explicitly tell the recipient to ignore it, follow up with a personal note.

Email tracking

When Crove sends an invitation email, the body includes a 1×1 transparent pixel pointing to:

GET /api/track/email/{invitationId}

When the recipient's email client renders the message, the pixel fires. We mark the invitation as opened (with the first-open timestamp — re-fetches don't overwrite the original time) and the respondent's last-open is updated.

The pixel is a no-cache GIF served straight back even if the DB update fails — so a tracking outage never shows a broken image in someone's inbox.

Privacy notes:

• Crove only records that the email was rendered — we don't read its content or interact with anything else
• Many corporate email clients pre-fetch the pixel server-side (so an "open" doesn't always mean a human looked at the message), and image-blocking clients miss opens entirely
• Use opens as a directional signal, not a proof of delivery

Internal comments

The Comments tab on the document detail page is your team's private back-channel for that document. Use it for:

• "Pinged legal — waiting on word before sending"
• "Wrong amount in §3, will void and re-issue"
• "@finance — flag this one for end-of-quarter reconciliation"

Comments are always private:

• Never shown to respondents
• Never embedded in the PDF or audit trail
• Never sent in any email Crove fires

You can post up to 4,000 characters per comment. Hit Cmd/Ctrl + Enter to post. Authors can delete their own comments; workspace admins (admin or owner role) can delete anyone's — useful for cleanup when teammates leave.

Audit chain

Every signer action produces an audit row visible on the document's Activity tab and in the audit PDF. The events to know:

For the delegation flow specifically, both respondent.expired (on the original) and respondent.invited (on the delegate, with reason: "delegated_from") appear so you can reconstruct the hand-off later.