Learn how we keep your documents safe with modern, state-of-the-art security implementations.
Only correctly verified accounts can create and sign contracts. The verification process consists of two factors: Verification of the email address through unique links issued by email. And verification of phone through secure one-time passwords sent by text message.
We offer an advanced two-factor signature that applies a unique token issued in an email and a secure one-time password sent via SMS. Advanced electronic signatures like ours are uniquely linked to, and capable of, identifying the signatory. They are also linked to documents in a way that any subsequent change of the data is detectable. We also offer official national signatures for some countries.
Read more about digital signatureWe use bank-like SSL encryption for our SSL connection - SHA-256 with RSA Encryption. It helps to prevent from stealing a user's credentials and supports man-in-the-middle attacks where an attacker can sniff all the data that is being sent.
We are compliant with the SOC2 auditing procedure that ensures that we manage data and networks securely and in the interest of our users. This technical audit provides valuable insights into our organization’s risks and security posture, vendor management, internal controls governance, regulatory oversight, and more.
Passwords and verification tokens are stored encrypted, using modern and state-of-the-art solutions, including the BCrypt key derivation function. We do not store plain data, but use cryptographic one-way hash functions.
We are undergoing blackbox penetration tests regularly to assess risk posture and to identify security issues. It covers the security of the platform, the functionality of our application and the vulnerability of its business logic.