Zsign

How we protect your documents

Security is not an add-on. Here is how ZSign keeps your data safe.

Encryption

  • All data in transit is encrypted with 256-bit SSL (TLS 1.2+).
  • All data at rest is encrypted with AES-256 via Supabase (hosted on AWS).
  • API keys are hashed with SHA-256 before storage. The plaintext key is shown exactly once at creation and never stored.

Legal compliance

  • ZSign signatures comply with the US ESIGN Act and UETA, which give electronic signatures the same legal standing as handwritten ones.
  • Every signature includes a full audit trail that can be exported as a PDF certificate for legal evidence.

Audit trail

  • Every signature records the signer’s IP address, timestamp, user agent, and signing method (draw, type, or upload).
  • A SHA-256 hash of the document content is computed at send time and stored alongside the document, so any tampering after signing is detectable.
  • All security-relevant actions (document sent, signed, viewed, voided) are logged in an immutable audit trail.

Data hosting

  • ZSign’s database runs on Supabase, which is hosted on AWS infrastructure.
  • File storage uses Cloudflare R2 (S3-compatible), with data encrypted at rest.
  • All infrastructure is served over HTTPS with HSTS enabled (Strict-Transport-Security).

Questions about security?

We are happy to answer any questions about how we handle your data.

security@zsign.com