Each signing-session token expires 30 days after the document is sent. You can override this per-document in the right-hand panel under "Link expiry" — anywhere from 1 day to 365 days.
What happens when a link expires
The signer clicking an expired link sees:
This signing link has expired. Please contact the document sender.
No way around it from the signer's side — expired tokens are rejected at the database level before any signing flow loads.
What you can do
From the document detail page:
- Resend — generates a new token, sends a fresh invitation. Old token is invalidated; the signer must use the new link
- Extend — bumps the expiry without changing the token. The signer's original link starts working again
- Void — terminates the document entirely. All remaining signing sessions invalidate; everyone gets a void notification
Why we expire links at all
Three reasons:
- Forensic accuracy — an audit trail saying "signed 18 months after invitation" is hard to interpret. Time-bounded windows keep the chain readable
- Security — long-lived tokens accumulate risk (forwarded emails, screenshots in cloud backups, phished accounts). Capping at 30 days limits the blast radius
- Workflow hygiene — if a contract still isn't signed after 30 days, something has gone wrong and the originating team should intervene actively rather than passively waiting
For long-running approval chains (e.g., a multi-month real-estate close), bump the expiry to 90 or 180 days at send time.