Data Security of e-signatures

The security of your data is our top priority

How we ensure your data protection

ISO 27001  

SignRequest is ISO 27001 certified. The ISO 27001 certification is a global standard for information security. With this certificate, SignRequest shows its commitment to information security. You can review our certificate and statement of applicability here.

GDPR

SignRequest is GDPR compliant. The General Data Protection Regulation is a regulation in EU law about data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA areas. Review our data processing agreement here.

Physical security with Amazon

SignRequest is hosted on the European data center of Amazon Web Services (AWS) in Dublin with a back-up in Frankfurt. Our databases are managed with Amazon Relational Database Service (RDS). We also offer the possibility of on-premise hosting. Find more information about SignRequest On-premise here.

Third party due diligence

SignRequest has a responsible disclosure program through HackerOne, find out more about HackerOne on their website.

Digital signature security measures

Secure Socket layer

All communications with SignRequest use Secure Sockets Layer (SSL) 256 bit encrypted endpoints to ensure the security of your electronic signatures and e-signed documents.

Servers and networking

SignRequest is hosted on Amazon Web Services (AWS) in Dublin. Just like SignRequest, AWS is ISO 27001 certified to ensure your data security from beginning to end.

Storage

SignRequest does not use in-house servers but instead, stores everything on the Amazon Web Services in Dublin with a back-up in Frankfurt. The servers are both GDPR compliant and ISO 27001 certified.

SignRequest’s digital certificate

All SignRequests are sealed with our digital certificate. The seal shows as a green checkmark when the completed document is opened in Adobe Acrobat. If the document is changed after signing, that seal is broken and it will show that the signature is invalid. Read more

Signing log

Every completed SignRequest is accompanied by a signing log. The signing log is uniquely linked to the signatory and the document with a hash code. Optionally, we can activate the use of signature stamps. These make it easier to link the signed document to the signing log thanks to a clearly visible document ID in the signed document. Read more

Hash codes

SignRequest creates hash codes of the signed document and the signing log. Hash codes are unique for each document. With the hash codes, the integrity of the e-signed document is ensured, because it is impossible to change the document without changing the hash code.Read more.

Monitoring and alerting

Our application and underlying infrastructure components are monitored 24/7. Critical bugs are sent to our development team immediately, who are informed and available 24 hours a day, 7 days a week and 365 days a year. Monitor status

Try for free

FAQ

Is SignRequest HIPAA certified?
We are currently in the process of obtaining our HIPAA certification. We are, however, fully GDPR compliant. We provide the same regulation service to our customers outside the EU as we do to our EU users.
How long does SignRequest store my data?
When a document gets deleted by a user it will also be deleted from our servers. Signers without a SignRequest account will be able to download their document for 6 months after signing, after which the document will be deleted. All documents linked to a deleted account, will also be permanently deleted upon deletion.
What happens to inactive accounts?
We automatically delete users with a registered account after 365 days of inactivity, per GDPR regulation. We send our several notices about the upcoming removal of the account and all connected data beforehand.
Does SignRequest offer two factor authentication?
Yes, we do. You can enable two factor authentication in your account. Read more
Can I review SignRequest’s data processing agreement?
Yes, you can download our data protection agreement here.
Can I find the status of the different SignRequest products?
Yes, you can keep track of the operationality of all our systems here.
Can I turn off the ‘Document Signed’ emails?
In our web application we do not offer the possibility to turn off these emails. In case you do want to have more control over which emails do and do not get sent, then our Rest API might be the right solution for you.