Security at BizSign

Security you can prove, not just claim

From encryption to a cryptographically chained audit trail, every layer of BizSign is designed so the integrity of your agreements stands up to scrutiny.

Encryption everywhere

All traffic is protected with TLS 1.2+ in transit. Documents and audit data are encrypted with AES-256 at rest. Keys are managed by our infrastructure providers and rotated regularly.

Tamper-evident audit trail

Every signing event is sealed into an HMAC-SHA-256 chained ledger. Each entry is cryptographically linked to the one before it, so any modification, insertion, or deletion is immediately detectable.

Cryptographic PDF signing

Completed documents are sealed with PKCS#7 / PAdES digital signatures and a certificate of completion, so authenticity and integrity can be verified by any standards-compliant PDF reader.

Access controls

Scoped API keys, per-recipient single-use access tokens, and role-based access control (owner, admin, member) ensure that only the right people and systems can act on a document.

Data residency

Documents are stored in dedicated, access-controlled cloud storage. Enterprise customers can discuss regional data residency and isolation requirements as part of a custom agreement.

Reliability

Built on resilient, horizontally-scaled infrastructure with managed backups and monitoring, targeting high availability for document delivery and signing.

Verify it yourself

Don't take our word for it. Anyone can independently confirm a signed document's integrity and audit trail — no account required.