Last updated: January 1, 2025
At SignaTrust, security and compliance are foundational to everything we do. We maintain rigorous security practices and adhere to industry-leading compliance standards to protect your documents and data.
SignaTrust has implemented SOC 2 Type II controls demonstrating our commitment to security, availability, processing integrity, confidentiality, and privacy. Type II audit is in progress.
We are implementing GDPR data protection practices. Full compliance features including data export and deletion requests are on our roadmap.
Our electronic signatures comply with the U.S. Electronic Signatures in Global and National Commerce Act (ESIGN).
We adhere to the Uniform Electronic Transactions Act (UETA), which has been adopted in 49 U.S. states.
All data is encrypted using TLS 1.3 in transit and AES-256 at rest.
Document hashes are anchored to the Solana blockchain, providing tamper-proof verification.
Hosted on AWS with multi-region redundancy and automatic failover.
Comprehensive audit trails for all document actions and user activities.
Role-based access controls with secure authentication mechanisms.
IdP-attested identity via SAML 2.0 — verified against Microsoft Entra ID. Just-in-time user provisioning, IdP group-to-role mapping, and per-sign-in audit entries (SSO_LOGIN action) preserve a forensic record of every authenticated session. Available on the Business plan.
By default, data is stored in AWS data centers in the United States. Enterprise customers can request specific data residency requirements for compliance with local regulations.
We conduct regular security assessments including:
For security inquiries, compliance documentation requests, or to report a security vulnerability: