Security

Trust is engineered into every layer.

From identity verification to blockchain-anchored proof, SignBuddy is built so that every signature is secure, every document is tamper-evident, and every action is accountable.

Security by design

Six pillars that protect your agreements end to end.

Encryption everywhere

TLS in transit and encryption at rest protect your documents and data at all times.

Verified identity

Standard, email OTP, and Swedish BankID verification confirm who is really signing.

Tamper-evident proof

Every signed file is fingerprinted and anchored so any change is immediately detectable.

Hardened infrastructure

EU-based hosting with backups, monitoring, and isolation keeps the service resilient.

Compliance built in

GDPR data rights and eIDAS-aligned electronic signatures are part of the platform.

Full accountability

An immutable audit trail records who did what, when, and from where on every contract.

Data protection & encryption

Your documents and personal data are encrypted in transit using TLS and encrypted at rest in our storage layer. Access to data is tightly controlled and logged.

  • TLS encryption for all traffic between you, signers, and our servers.
  • Encryption at rest for stored documents and database records.
  • Strict, audited access controls on production systems.

Identity & authentication

We make it hard for the wrong person to sign or access an account, with layered verification and account protection.

  • Three signer verification levels: standard, email OTP, and Swedish BankID.
  • Two-factor authentication (TOTP) with backup codes for accounts.
  • Breached-password screening blocks known-compromised passwords.
  • Sessions are invalidated automatically when a password or 2FA setting changes.
  • Rate limiting and lockouts defend against brute-force and abuse.

Document integrity & cryptographic proof

Once signed, a document carries its own evidence. Any later modification breaks the proof, making tampering obvious.

  • SHA-256 fingerprint generated for every finalized document.
  • PAdES digital signatures embedded directly in the PDF.
  • Proof anchored to Sigstore Rekor (transparency log) and OpenTimestamps (Bitcoin).
  • Immutable audit trail capturing identity, IP, device, timestamps, and optional GPS.

Infrastructure & reliability

The platform runs on resilient, EU-based infrastructure designed for availability and recoverability.

  • EU data hosting with regular automated backups.
  • Continuous monitoring and logging of system health and security events.
  • Environment isolation between production and other workloads.

Privacy & compliance

Data protection is a first-class feature. For organizations with strict sovereignty needs, the entire platform can run inside your own environment.

  • GDPR data export and right-to-erasure built into accounts. See our GDPR page.
  • eIDAS-aligned electronic signatures.
  • Full data residency available via on-premise deployment.

API & integration security

Automate signing safely. Programmatic access is authenticated and webhook deliveries are verifiable.

  • Scoped API keys you can issue and revoke at any time.
  • Signed webhooks with replay protection so you can trust every event.

Responsible disclosure

Found a vulnerability? We appreciate responsible reports. Email our security team and we'll respond promptly.

security@signbuddy.eu

Security you can hand to your auditors.

Start free, or talk to us about enterprise and on-premise requirements.

Start Free Talk to Sales