Security & Compliance

Bank-Grade Security. Every Document.

SignFlow Now is built on the same security foundations used by global financial institutions. Your documents and client data are protected at every layer.

Technical Security

Protected at Every Layer

AES-256 Encryption at Rest

Every document, signature, and piece of personal data is encrypted with AES-256-GCM at rest. Keys are rotated quarterly and stored in HSMs.

TLS 1.3 in Transit

All data in transit is protected by TLS 1.3. We enforce HSTS and have an A+ rating on SSL Labs.

SHA-256 Document Hashing

Every document is hashed with SHA-256 at signing. Any post-signature modification is instantly detectable.

Full Audit Trail

Every action — view, sign, decline, forward — is logged with IP, device, timestamp and geolocation. Tamper-evident and court-admissible.

PKI Digital Certificates

Signatures include X.509 digital certificates issued per signing session. Each certificate uniquely binds the signatory to the document.

UK Data Residency

All data is stored on AWS servers in eu-west-2 (London) by default. GDPR-compliant with full data processing agreements.

Audit Trail

Certificate of Completion

Every completed document generates a Certificate of Completion — a cryptographically sealed record of the entire signing process. Admissible as evidence in UK courts and equivalent jurisdictions worldwide.

Certificate of Completion
  • Document name and unique ID
  • SHA-256 hash of the signed document
  • Signatory name, email and IP address
  • Timestamp of each signature event (UTC)
  • Geolocation data (country/city)
  • Device and browser information
  • Authentication method used
  • Full chronological event log

Regulatory Compliance

Legally Binding in 5 Markets

SignFlow Now e-signatures are legally binding under the electronic signature legislation of every jurisdiction we operate in.

United Kingdom

  • UK Electronic Communications Act 2000
  • Retained eIDAS Regulation
  • UK GDPR / Data Protection Act 2018
  • ICO Registered

United States

  • ESIGN Act (2000)
  • UETA (Uniform Electronic Transactions Act)
  • SOC 2 Type II (in progress)

Canada

  • PIPEDA
  • CASL compliant
  • Provincial electronic signature legislation

Australia

  • Electronic Transactions Act 1999
  • Privacy Act 1988 (APPs)
  • AML/CTF Act compliance

European Union

  • eIDAS Regulation 910/2014
  • GDPR (Article 28 DPA)
  • Advanced Electronic Signature ready

Responsible Disclosure

Found a security vulnerability? We appreciate responsible disclosure. Please report security issues to security@signflownow.com — we respond within 24 hours and run a bug bounty programme.