At SignMail, we understand that security and compliance are paramount for our clients. That's why we've built our platform with robust security measures and comply with industry standards to ensure your data remains confidential, integral, and available.

Our Commitment to Security

Our security framework is designed to protect your data at every layer of the SignMail experience.

Infrastructure Security:

• AWS EC2: Our services are hosted on Amazon Web Services (AWS) EC2 instances, which offer a secure and durable technology platform. AWS follows an end-to-end approach to secure and harden our infrastructure, including physical, operational, and software measures.

Application Security:

• Secure Coding Practices:Our developers adhere to secure coding guidelines, which include regular code reviews and security audits to ensure that our applications meet the highest security standards.
• Regular Updates:We routinely patch and update all servers and software to protect against known vulnerabilities.
• Data Encryption:Data at rest and in transit is encrypted using strong cryptographic protocols such as TLS.
• Cross-Site Scripting (XSS) Protection:Our React frontend is designed to automatically mitigate XSS attacks by escaping strings rendered within the user interface.

Network Security:

• Firewalls:We utilize firewalls to control network traffic to and from our services within AWS.
• Cloudflare DNS:We use Cloudflare's DNS services, which provide additional security layers such as DDoS attack mitigation, security against DNS attacks, and traffic filtering.

Product Security:

• User Authentication: SignMail uses strong user authentication measures. We support OAuth for Google Workspace and Microsoft 365 integrations, ensuring that your credentials are not compromised.
• API Security: Our ExpressJS-based API has robust authentication and authorization controls, ensuring that only authorized services and users can access your data.
• Data Privacy: We follow a strict privacy policy, and our product is designed to protect your personal information and usage data.

Payment Processing Security

Third-Party Payment Processor:

For added security and compliance, SignMail has partnered with Stripe, a leading payment processing service, for handling all payment transactions. By using Stripe as our payment processor, we ensure that your payment information is processed securely and in accordance with the highest industry standards.

Stripe's Security Measures:

• PCI DSS Compliance: Stripe is certified to PCI Service Provider Level 1, the most stringent level of certification available in the payments industry.
• Data Encryption: Stripe uses best-in-class security tools and practices to maintain a high level of security. All transactions are encrypted using HTTPS with Transport Layer Security (TLS).
• Secure Data Handling: Stripe maintains strict administrative, technical, and physical procedures to protect user's information.

No Storage of Payment Information:

It's important to note that SignMail does not directly store, process, or view any cardholder data. Our systems are designed to prevent unauthorized access to or disclosure of your payment card details. When you make a payment through SignMail, your payment information is directly transmitted to Stripe without passing through our servers.

We trust Stripe to provide the security and compliance needed to ensure the safeguarding of your payment information. Should you have any questions about the security of your payment data, please refer to Stripe's security policy or contact us for more information.

Compliance with Standards

We regularly review and update our security practices to ensure compliance with industry standards and regulations.

Data Protection and Privacy:

• GDPR Compliance: Provided we’re based in Wyoming, United States of America, our services are not necessarily 100% GDPR compliant but we have taken sufficient measures to make our website and software compliant with GDPR data protection and privacy laws, ensuring that we handle your data responsibly.

Regular Security Assessments:

• Third-Party Audits: We engage with third-party security experts to conduct regular audits and penetration tests on our SignMail solution.

Incident Response:

• Rapid Response: In the event of a security breach, our incident response team is prepared to respond promptly to mitigate and resolve any issues.