SignaTrust is built on transparency. Every security claim is backed by independent audits, certifications, and blockchain- verifiable proof.
Retention in one sentence: SignaTrust holds the signed document for up to 7 days (or zero days with BYOS), then deletes its copy — the blockchain anchor and your storage provider keep the only persistent records.
Our security posture is validated by independent auditors and regulatory frameworks.
Security controls implemented for data protection, availability, and confidentiality. Type II audit in progress with Thoropass; Type I report expected Q3 2026.
International standard for information security management systems.
Implementing GDPR data protection practices. Full compliance features including data export and deletion requests are on our roadmap.
California Consumer Privacy Act compliance for US customer data rights.
Legal compliance with US electronic signature laws for binding agreements.
Simple Electronic Signatures (SES) tier under EU Regulation 910/2014, paired with RFC 3161 trusted timestamping. Advanced (AES) and Qualified (QES) tiers are on our roadmap; we do not claim them today.
Business Associate Agreement (BAA) signed via SignaTrust's own envelope flow on the Business plan. Implements §164.312 technical safeguards (access control, audit controls, integrity, transmission security). PHI is never written to our blockchain anchor — only document hashes.
Every signed document is anchored to Solana blockchain for immutable proof.
Unlike traditional e-signature platforms, SignaTrust anchors document hashes to the Solana blockchain. Anyone can verify document integrity without trusting us - the proof exists on a public, decentralized ledger.
Defense-in-depth approach with multiple layers of protection.
All data encrypted with AES-256 at rest and TLS 1.3 in transit.
Document hashes anchored to Solana blockchain for tamper-proof verification.
Every action logged with timestamp, IP address, and user context.
Granular permissions ensure users only access what they need.
Download our guides to understand how SignaTrust's zero-custody architecture addresses your regulatory requirements.
Enterprise whitepaper covering HIPAA, GDPR, SOC 2, ESIGN, CCPA, FINRA, and SEC compliance.
EnterpriseWhy zero-custody architecture matters more than a BAA for protecting PHI.
HealthcareRecord ownership, retention, and blockchain verification for financial services.
Financial ServicesTransparency about where your data lives and who processes it.
When customers bring their own storage (BYOS), the SignaTrust buffer holds the signed document only until all parties confirm receipt — typically minutes to hours, never days. Your storage provider is the only persistent copy. How buffer purge works.
Amazon Web Services (AWS)
Infrastructure, document storage, database hosting
Vercel
Application hosting and edge network
Stripe
Payment processing
Twilio
SMS notifications for signers
Solana Network
Blockchain anchoring for document verification
Sentry
Error monitoring and performance tracking
Access our security documentation for your vendor assessment.
Full audit report (NDA required)
Latest security assessment results
Pre-filled SIG/CAIQ responses
Real-time availability and incident history