CORNERSTONES OF HELLOSIGN SECURITY
The transparency into the ongoing status of our systems is one of our chief mantras as a company. You can always see our current availability on our status site.
All customer files have a hot backup in a different AWS region and all of our source code and server configurations are stored in source control, allowing easy replication to new regions.
We’re proud to be a SkyHigh CloudTrust provider with the highest rating of “Enterprise-Ready”, given only to those cloud services that fully satisfy the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection. We're also HIPAA compliant.
The non-editable audit trail ensures that every action on your documents is thoroughly tracked and time-stamped, to provide defensible proof of access, review, and signature. These records include a hash of the PDF document which we can compare to the hash of a questionable PDF document to determine whether or not it has been modified or tampered with. Learn more about our audit trails
All documents are stored behind a firewall and authenticated against the sender’s session every time a request for that document is made. All communications use SSL (Secure Sockets Layer) encryption and all data is stored in a SOC 1 Type II, SOC 2 Type I, and ISO 27001 certified data center. Your documents are stored and encrypted at rest using AES 256-bit encryption. Learn more about encryption
Want a human touch to your security questions?
Get in touch with one of our security experts.
PILLARS OF THE HELLOSIGN SECURITY PLATFORM
It’s extremely important that we verify a user is who they say they are before being allowed to either issue a document for signature or execute a signature.
It’s imperative that you can control who can do what within the system. Different roles carry different access rights, both in the HelloSign API and in the end user product. Learn more about role-based security permissions.
HelloSign has a formal application security program in place with all code being scanned for security vulnerabilities using an industry-leading static code analysis tool.
To further enhance application security, HelloSign runs a bug bounty program and engages an independent third party to conduct penetration tests on its production environment.
HelloSign uses Amazon Web Services (AWS) as its Infrastructure as a Service (IaaS) provider with Amazon data centers hosting our data within the U.S. We utilize AWS features like Virtual Private Cloud (VPC), Security Groups, disk level encryption, etc., to ensure the confidentiality of our customer data in the cloud.
Some of the ways we protect your data:
At the request of a customer, HelloSign will expunge all data for a customer who wants it stored only in their own storage system of choice or who leaves the HelloSign service.
We process all payments through payment provider Stripe and do NOT store customer credit card information on its servers.
HelloSign uses a cloud native security platform to monitor the security of its production environment. HelloSign actively monitors for suspicious user activity, and tracks access to key secret and configuration files.