Security Practices

How We Protect Your Data

A deep dive into the security measures, architecture, and practices that keep your documents safe.

Defense in Depth

Isolated VPC, DDoS protection, auto-scaling.

Input validation, CSRF protection, CSP headers.

AES-256 encryption, key rotation, secure deletion.

RBAC, MFA, least-privilege principle.

Documents are encrypted before leaving your browser. Not even SignQuick can read your files.

With E2EE enabled, we have zero access to your document content or signatures.

Regular third-party penetration tests identify and fix vulnerabilities before they can be exploited.

Documented incident response plan with 15-minute SLA for critical security events.

Every action is logged with timestamps, IP addresses, and user agents for complete traceability.

Protect your account with TOTP-based two-factor authentication.

Found a security vulnerability? We appreciate responsible disclosure. Report it to our security team and we'll respond within 24 hours.

Learn more about our certifications and compliance in our Trust Center.