tawqi3
Talk to us

Security & Trust

Trust posture, in plain language.

We make signature products. The bar for trust is higher than for most SaaS. This page is the public summary; the detailed posture is shared under NDA with prospects under security review.

Foundations

Encryption everywhere

TLS 1.3 in transit. AES-256-GCM at rest. Per-tenant envelope encryption with keys we cannot read for you (and neither can a subpoena to us alone).

Strong identity

WebAuthn passkeys, TOTP, modern password hashing. SAML and OIDC SSO. SCIM provisioning. No password-only accounts on Business and Enterprise.

Hybrid RBAC & ABAC

Roles plus attributes (region, business unit, document class, contract value) — so the same person can have different permissions in different contexts.

Append-only audit

Hash-chained, per-tenant Merkle root, daily anchored to a trusted timestamp authority. You cannot quietly delete history; nor can we.

Regional residency

Pick where your data lives. EU, UK, US, GCC, India, Canada, Australia in v1. Cross-region replication is opt-in, not assumed.

A/B trust separation

Email signatures and agreements share identity and billing — but their data, keys, audit, and event streams are kept structurally apart.

Signature legitimacy

  • Every signed document carries a cryptographic timestamp from a trusted authority.
  • Long-term validity (PAdES B-LT and B-LTA) keeps signatures verifiable after certificates expire.
  • Every completed envelope ships with a self-contained Evidence Bundle that validates offline.
  • Per-jurisdiction trust posture is generated from a single legal matrix maintained by counsel; ad-hoc claims are not allowed.
  • QES is offered only where an accredited Qualified Trust Service Provider is wired in for that signing flow.

For your CISO

Under NDA we share: data flow diagrams, threat model, tenant isolation model, key hierarchy, encryption-key custody, sub-processor list, vulnerability management process, incident response runbook, BCP/DR plan, third-party penetration test summary, and the SBOM for every release.

Request the security packet