How can I create a case file with sensitive data?

By enabling sensitive data feature for case files, Penneo will not send out emails containing documents as attachments. Instead, links will be sent.

However, if you have email encryption enabled (experimental), Penneo is able to send the encrypted emails containing the attachments.

If sensitive data is enabled for the case file, then access control is enabled by default for the signers and can't be disabled.

How can I make the signers authenticate themselves before viewing documents for signing?

This can be done by enabling access control feature for the signers. Enabling it means that when Penneo sends out signing links, users will have to authenticate themselves using their eID before they go to the signing page.

You can also specify the Social Security Number of VAT Identification Number to specify who gets to access the documents.

Note: Access control is only related to emails containing signing links.

When using the API, access control can be enabled for the signing request for the signer.

How can I allow the signers to sign without an EID i.e. sign with a mouse?

Penneo supports both digital signatures (using an EID) and electronic signatures (sign using a mouse). The electronic signatures are considered a weaker way to sign but can be enabled for the signers, only if access control feature is disabled. You cannot enable both the access control and insecure signing at the same time.

When using the API, touch signatures can be enabled using the enableInsecureSigning flag for the signers (more specifically the signing requests).

What happens when a user is removed from a customer?

Removed users are still able to log into their accounts and access the documents that they have sent out and signed. However, they lose the rights to send out new case files or validations.

It is possible to transfer the ownership of the case files that belong to the customer (i.e. all case files created by the users of the customer). This feature is enabled on a customer level. If you like to get this enabled, please write to [email protected].

How is the ownership of case files transferred when a user is removed?


Transfer of ownership is disabled by default

If you want that data is transferred for the users being removed from the company, then make sure that this feature is enabled. This can be done from the company's admin interface.

When a user is removed from a company, all folders for the user being removed are copied to the administrator and the case files belonging to the customer are moved to the copied folders.

This can be better explained with an example:

CustomerAcme Inc
AdministratorJohn ([email protected])
User being removedJane ([email protected])

When John removes Jane, he should see the following folders:

Transferred -> [email protected] -> All of Jane's folers

The folders will only contain the case files that Jane sent on behalf of Acme Inc or she signed that were sent by another user of Acme Inc. Jane will be able to access all other case files.

Furthermore, any folders shared with Jane that contain a case file belonging to Acme Inc will be unshared.

Why aren't the copy recipients getting any emails when the case file is completed?

This can happen if you are using the sensitive data feature for the case files. The reason is that at the moment, we don't have the functionality to specify Social Security Number or VAT Identification Number for copy recipients if we have to send senstive documents to them. This feature will be implemented at some point in the future.

However, when the copy recipient can't be sent the email, the creator of the case file should get a notification about it.

What are registered letters?

Note: Registered letters is a new functionality and we'll be making changes based on customer feedback. We would love to hear from you in case something doesn't work as expected.
Registered letters are a way to send documents to recipients in a secure manner. They are basically just case files that are created using special case file types.

Registered letters can be used if you want to make sure that specific recipients get the documents (by enabling access control and specifying a social security numbers for the signers).

How to enable registered letters?

You should be able to create a registered letter as follows:

  • Go to the Penneo archive
  • Click on 'Create New'
  • Click on 'Registered Letters'

If you don't see the option for registered letters, please contact [email protected] and we'll enable this for you.

How can I send registered letters using the API?

Sending registered letters using the API is exactly like sending any other case file. The difference is that you must use a case file type that describes the different documents that need to be sent out. If you don't have this case file type created for your account, please contact [email protected].

How does Penneo handle deleted case files?

When a case file is deleted, it goes to the recycle bin. From there it can be restored or force deleted. This can happen in 2 ways:

  • Users delete the case file themselves
  • Based on the customer's data deletion policy, Penneo deletes and force deletes the case files

Once the case file has been deleted for all the users i.e. case file creator and signers, Penneo anonymizes the data and hard deletes it. Once the data is anonymized or hard deleted, it cannot be recovered.

Shown below is the case file life cycle:


Join our API newsletter to be notified on the latest API updates

To ensure you are always up to date with any API changes, we invite you to sign up for our API newsletter.

Find the signup form at the link below - and remember to share it with other relevant stakeholders in your company!

Sign up for Penneo's API Newsletter