Skip to content

Product

Products
Features

Solutions

Use cases
By user type
By industry

Resources

Log in Sign up

Security & compliance

Every signature comes with a timestamped proof certificate. Your documents stay yours, hosted exclusively within the European Union.

Encryption & data protection

  • Encryption in transit

    all traffic over HTTPS/TLS, with HTTPS permanently enforced (HSTS).

  • Access links encrypted at rest

    signing and tracking links are stored in encrypted form (AES-256-GCM). Even with access to the database alone, no usable link can be read.

  • Unique, unguessable links

    each link relies on 192 bits of entropy (impossible to guess) and becomes unusable once the signature is completed.

  • Isolated encryption key

    never stored alongside the data.

Authentication & access

  • Email-link sign-in

    no password to remember in order to sign; no SMS.

  • Mandatory email verification

    required before any access to an account.

  • Email confirmation before deleting an account

    protection against unintended actions.

  • Secure sessions

    httpOnly / secure cookies, inaccessible to third-party JavaScript.

Hosting & sovereignty (GDPR)

  • 100% of data hosted within the European Union

    documents, database, emails.

  • Data minimisation

    email-link authentication, with no collection of superfluous data (no SMS, no advertising third parties).

Evidentiary value & eIDAS compliance

  • Timestamped proof certificate

    attached to every finalised document and sent to all parties.

  • Reliable traceability

    IP address and timestamp recorded in a way the client cannot tamper with.

  • Audit trail for every step

    upload, sending, viewing, signing.

Application protection

  • Anti-bot on public entry points

    Cloudflare Turnstile, designed to deny access when unavailable rather than fail open.

  • Anti-abuse / anti-brute-force protection

    through rate limiting.

  • Strict validation of uploaded files

    real type verified, encrypted or booby-trapped files rejected.

  • Protection against SQL injection and XSS attacks

    parameterised queries on the database, server-side content sanitisation.

  • Security headers

    anti-clickjacking, anti-MIME-sniffing, content security policy (CSP), no link leakage via the Referer.

eIDAS is the European regulation that governs electronic signatures and gives them legal value. Combined with GDPR and EU hosting, it guarantees your signatures are enforceable and your data is protected.

Sign a document