SignNow is Secure and Compliant with International eSigning Laws

Compliant with:

ESIGNLogo HIPAAicon UETALogo

We comply with global esignature laws, and adhere to the highest industry standards for security at every level of the SignNow experience. You can share, manage and access your documents with confidence.


sherifficon

Security

Encryption: all data is encrypted in transit using 256-bit encryption, the strongest readily available encryption, with 2048-bit SSL keys
Firewalls: all systems are protected by firewalls, which block all traffic except that which is necessary for site operations
Audits: all infrastructure and procedures are subject to regular (every 6mos or better) security audits by an outside independent auditor
Code review: all code is subject to a code review process, with a strong focus on security
Permission management: all permissions and operations are managed under the principle of least privilege


Backups

Scheduled: all data, software and configurations are backed up regularly, on-site and off-site
Access control: a minimal set of core operations staff has access to backups

cabineticon

vaulticon

Data Retention

Longevity: all documents, signatures and related records are retained for a minimum of 5 years by default
Flexible: custom retention policies are available; please inquire if you have business or compliance needs for specific retention policies


Audit Trail

Comprehensive: all activity is logged by IP, user, and timestamp; details are stored for a minimum of 5 years
Structured: details are clearly linked to users and documents, to facilitate retrieval

worldicon

devicesicon

Policies and Procedures

Access: only employees with direct production operations responsibilities have access to production infrastructure
Monitoring: all employee access is logged, and logs are aggregated, monitored, and retained for a minimum of 90 days, using an off-site log aggregation service
Separation of duties: infrastructure staff have no access to customer service interfaces, and customer service staff have no access to infrastructure
Consequences: any unauthorized access to customer data will result in immediate employee termination


Key Customers

Groupama, QLogic, Pepsi, GE, Allstate, State Farm, and more…
Additional technology, business and financial services company reference customers are available upon request