1. Electronic-Signature Legal Compliance

Road-map: Integration of certificate-based, Advanced/Qualified signatures (e.g. BankID, QTSP digital certificates) is in active development. Until it launches, please treat Signomate signatures as Simple / Basic for legal classification purposes.

2. Data Protection & Privacy

• GDPR & UK-GDPR: Data minimisation, purpose limitation and robust Data Processing Agreements (DPAs) with sub-processors.
• CCPA/CPRA & other US state laws: Dedicated processes for consumer access/deletion requests.
• Encryption everywhere: TLS 1.3 in transit; AES-256 at rest; customer files stored in logically isolated buckets.
• Data locality options: Choose EU-only, UK-only or North-American hosting to address residency obligations.

See our Privacy Policy for full details.

3. Secure Infrastructure

• Cloud hardened: Hosted on DigitalOcean infrastructure — workloads run in ISO/IEC 27001:2013-audited, SOC 2 Type II-certified data centers with automated backups and optional cross-region failover.
• Zero-trust network: Services mutually authenticate and use short-lived tokens; no open lateral movement paths.
• 24/7 monitoring: Real-time threat detection, automated patch management and quarterly external penetration tests.

4. Your Responsibilities

Signomate supplies the compliant toolbox; you remain the data controller and document owner. Please ensure that:

1. Document suitability: E-sign only documents that are legally permitted to be signed electronically in your jurisdiction.
2. User access governance: Review signer and admin permissions regularly; revoke unused accounts.
3. Retention rules: Store executed documents for the statutory period required in your industry/region.
4. Internal policies: Align Signomate usage with your own information-security and privacy policies.

For more detailed information, please refer to our Privacy Policy, Terms of Service, and Cookie Policy.

5. Questions?

Our Compliance team is happy to help. Reach us at support@signomate.com.