Is Signaturely secure?
Your information, documents, and data are safe and secure behind our robust firewalls. Signaturely has strong security systems in place for your protection.
Signaturely utilizes ISO 27001 and FISMA certified data centers managed by Amazon. Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors.
All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.
Amazon only provides data center access and information to employees who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services. All physical and electronic access to data centers by Amazon employees is logged and audited routinely.
Data Security & Encryption
Stored data is encrypted by Signaturely in order to meet data security requirements. All data sent to or from Signaturely is encrypted in transit using 256-bit encryption.
Encrypted Data in Transit
Signaturely requires browser connections over HTTPS and SSL database connections to protect sensitive data transmitted to and from applications.
Encrypted Data at Rest
All sensitive data is encrypted and stored within databases to meet security requirements. Data encryption is deployed using industry-standard encryption and the best practices for our technology stack.
Penetration Tests and Vulnerability Scanning
Signaturely’s web application security is evaluated by the development team in sync with the application release cycle. Vulnerability testing includes the use of commonly known web application security toolkits and scanners. We ensure we identify application vulnerabilities before they are released into production. We also conduct regular penetration tests of our systems using third party cybersecurity companies to ensure adherence to the highest safety standards.
PCI Obligation & Payments
All payments made to Signaturely go through our partner, Stripe. Signaturely does not store cardholder data on our servers. Stripe is Level 1 PCI compliant (the highest level). Details about their security setup and PCI compliance can be found here.
Prohibited Data Storage
We never store raw magnetic stripe, card validation code (CAV2, CID, CVC2, CVV2), or PIN block data.
AATL & Anti-Tampering
Signaturely has anti-tampering controls in place to protect document integrity. All documents signed with Signaturely are AATL Compliant.
2-Factor Authentication (2FA)
Signaturely offers an extra layer of protection for user accounts using 2-Factor Authentication (2FA) which significantly decreases the risk of unauthorized access and system breaches.
Authentication and Session Management
All users have to authenticate each time they use Signaturely and inactive sessions time out after 1 hour. Passwords are never stored directly in the database.
Service Level & Backups
Signaturely infrastructure utilizes many-layered techniques for increasingly reliable uptime, including the use of auto-scaling, load balancing, task queues, and rolling deployments. We also do full daily automated backups of our databases. All backups are encrypted.
Upon your request, Signaturely will work to erase and remove completely all customer data and documents from our system. Documents that are under legal hold or owned by multiple parties will be deleted upon completion of the legal hold process or upon deletion by the other parties. To begin a data deletion event please contact [email protected].