Security & Compliance

Enterprise-Grade
Security

Your contracts are protected by bank-level encryption and industry-leading security practices.

AES-256
Encryption standard
99.9%
Uptime SLA
24hr
Backup frequency
0
Data breaches

How We Protect
Your Data

Multiple layers of security to keep your contracts safe

End-to-End Encryption

All data encrypted in transit (TLS 1.3) and at rest (AES-256). Your documents are secure from unauthorized access.

Secure Authentication

Email/password with bcrypt hashing and Google OAuth. Multi-factor authentication coming soon.

Database Security

Row-level security (RLS) policies ensure users can only access their own data. No cross-tenant data leaks.

Infrastructure Security

Hosted on Supabase with 99.9% uptime SLA, automatic backups, and disaster recovery.

Access Controls

Role-based permissions (Owner, Admin, Member, Viewer) with workspace-level isolation.

Audit Trails

Complete logging of signature events, document access, and user actions for compliance.

How Your Data
Stays Secure

From creation to storage, every step is encrypted and protected

1

User Input

You create a document in your browser

2

Encryption

Data encrypted with TLS 1.3 before transmission

3

Secure Storage

Stored in Supabase with AES-256 encryption at rest

4

Access Control

RLS policies ensure only authorized users can access

Security Best
Practices

Industry-standard security measures we follow

Data Protection

  • Encryption at rest (AES-256) and in transit (TLS 1.3)
  • Automatic backups every 24 hours with 30-day retention
  • Data redundancy across multiple availability zones
  • Secure data deletion within 30 days of account termination

Access Management

  • Bcrypt password hashing with salt rounds
  • Session tokens with automatic expiration
  • Role-based access control (RBAC) with workspace isolation
  • API rate limiting to prevent abuse

Network Security

  • HTTPS-only connections (HTTP automatically redirected)
  • DDoS protection and traffic filtering
  • Content Security Policy (CSP) headers
  • Regular security scans and vulnerability assessments

Incident Response

  • 24/7 security monitoring and alerting
  • Incident response plan with defined escalation procedures
  • User notification within 72 hours of data breaches
  • Post-incident analysis and remediation tracking

Compliance &
Certifications

Meeting industry standards and regulatory requirements

SOC 2 Type II

Security, availability, and confidentiality audit

Planned Q4 2026

GDPR Compliant

EU data protection regulation compliance

Active

CCPA Compliant

California Consumer Privacy Act compliance

Active

ISO 27001

Information security management certification

Planned 2027

Security Concerns?

Found a security vulnerability? Please report it responsibly to our security team.

Report Security Issue

Related Information

Privacy Policy

How we handle your data

Terms of Service

Platform usage terms

GDPR Compliance

EU data protection