Security

Learn how we keep your documents safe with modern, state-of-the-art security implementations.

Profile verification

Only correctly verified accounts can create and sign contracts. The verification process consists of two factors: Verification of the email address through unique links issued by email. And verification of phone through secure one-time passwords sent by text message.

Secure digital signature

We offer an advanced two-factor signature that applies a unique token issued in an email and a secure one-time password sent via SMS. Advanced electronic signatures like ours are uniquely linked to and capable of identifying the signatory. They are also linked to documents in a way that any subsequent change of the data is detectable. We also offer official national signatures for some countries.

Read more about digital signature

Technical measures

Secure SSL connection

We use bank-like SSL encryption for our SSL connection - SHA-256 with RSA Encryptio. It helps to prevent from stealing a user's credentials and supports man-in-the-middle attacks where an attacker can sniff all the data that is being sent.

Tested and certified

We are compliant with the SOC2 auditing procedure that ensures that we manage data and networks securely and in the interest of our users. This technical audit provides valuable insights into our organization’s risks and security posture, vendor management, internal controls governance, regulatory oversight, and more.

Encrypted storage

Passwords and verification tokens are stored encrypted, using modern and state-of-the-art solutions, including the bcrypt key derivation function. We do not store plain data but use cryptographic one-way hash functions.

Penetration testing

We are undergoing blackbox penetration tests regularly to asses risk posture and identify security issues. It covers the security of the platform, the functionality of our application and the vulnerability of its business logic.

We have undergone all necessary Security Assessment procedures to be classified as part of the Google Partner Security Program.