Security Features


The transparency into the ongoing status of our systems is one of our chief mantras as a company. You can always see our current availability on our status site.  

All customer files have a hot backup in a different AWS region and all of our source code and server configurations are stored in source control, allowing easy replication to new regions. 


We’re proud to be a SkyHigh CloudTrust provider with the highest rating of “Enterprise-Ready”, given only to those cloud services that fully satisfy the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection. We're also HIPAA compliant.

Court Admissible
Audit Trails

The non-editable audit trail ensures that every action on your documents is thoroughly tracked and time-stamped, to provide defensible proof of access, review, and signature. These records include a hash of the PDF document which we can compare to the hash of a questionable PDF document to determine whether or not it has been modified or tampered with. Learn more about our audit trails


All documents are stored behind a firewall and authenticated against the sender’s session every time a request for that document is made. All communications use SSL (Secure Sockets Layer) encryption and all data is stored in a SOC 1 Type II, SOC 2 Type I, and ISO 27001 certified data center. Your documents are stored and encrypted at rest using AES 256-bit encryption. Learn more about encryption

Want a human touch to your security questions?

Get in touch with one of our security experts.

contact us

It’s extremely important that we verify a user is who they say they are before being allowed to either issue a document for signature or execute a signature.


It’s imperative that you can control who can do what within the system. Different roles carry different access rights, both in the HelloSign API and in the end user product. Learn more about role-based security permissions.

Application Security

HelloSign has a formal application security program in place with all code being scanned for security vulnerabilities using an industry-leading static code analysis tool. 

To further enhance application security, HelloSign runs a bug bounty program and engages an independent third party to conduct penetration tests on its production environment.


HelloSign uses Amazon Web Services (AWS) as its Infrastructure as a Service (IaaS) provider with Amazon data centers hosting our data within the U.S. We utilize AWS features like Virtual Private Cloud (VPC), Security Groups, disk level encryption, etc., to ensure the confidentiality of our customer data in the cloud.


Some of the ways we protect your data:

Data Deletion/Destruction
At the request of a customer, HelloSign will expunge all data for a customer who wants it stored only in their own storage system of choice or who leaves the HelloSign service.

Payment Info
We process all payments through payment provider Stripe and do NOT store customer credit card information on its servers.

security monitoring

HelloSign uses a cloud native security platform to monitor the security of its production environment. HelloSign actively monitors for suspicious user activity, and tracks access to key secret and configuration files.

Security embedded in our culture

Every employee at HelloSign, from office operations to our CEO, is dedicated to security and protecting our customer data in all that we do.

Internal Policies and Procedures

Our policies ensure we comply with needed standards and regulations, and also mean we have business continuity and customer notification plans that satisfy the most rigorous of requirements. See a full list of procedures we can share under NDA during an evaluation.

Dedicated & Experienced Security Team

HelloSign has a formal information security program in place under the Head of Security  that leads an Information Security & Risk Management Committee. They meet periodically to review security-related initiatives at the product, the infrastructure, and the company level.

Physical  Security

HelloSign is hosted in a state-of-the-art SOC 1 Type II, SOC 2 Type I, and ISO 27001 certified  facility. Physical access is strictly controlled by professional security staff utilizing video surveillance, state-of-the-art intrusion detection systems, and other electronic means. Authorized staff must pass 2-Factor authentication no fewer than 3 times to access data center floors.

Personnel Security

All HelloSign employees undergo comprehensive background checks, sign and follow a code of conduct, undergo annual information security awareness training, as well as an acceptable use policy. Continuous information security awareness is maintained via monthly information security newsletters and security relevant notifications.

important resources

Security White Paper

Share HelloSign’s security policies and procedures with your team and others with the help of this informational piece.