Security you can trust
DocSignerHub is built with security as a first principle — not an afterthought. Every document, every signature, every byte of data is protected.
How we protect your documents
Encryption in Transit & at Rest
All data is transmitted over TLS 1.3. Documents and sensitive data are encrypted at rest using AES-256. No unencrypted data ever leaves our infrastructure.
HMAC Document Integrity
Every signed document is protected with HMAC-SHA256 fingerprinting. Any post-signing tampering is instantly detected and flagged in the audit trail.
eIDAS Compliance
All electronic signatures meet EU eIDAS Advanced Electronic Signature (AdES) standards. Signatures are legally binding across EU member states and beyond.
Immutable Audit Trail
Every action — document view, signing attempt, rejection, completion — is timestamped and immutably logged. Full chain-of-custody for every envelope.
Signer Identity Verification
Signers are authenticated via email-based unique tokens. IP address, user agent, and timestamp are recorded with every signing event.
Infrastructure Security
API servers are isolated behind network security groups. API keys are hashed before storage. CORS and CSRF protections are enforced on all endpoints.
Rate Limiting & Abuse Prevention
All API endpoints are rate-limited per merchant key. Suspicious patterns trigger automatic alerts and temporary key suspension.
Webhook Security
Webhooks are delivered with HMAC-SHA256 signatures. Verify every payload using your webhook secret to ensure authenticity.
Compliance status
Responsible Disclosure
We take all security reports seriously. If you discover a vulnerability in DocSignerHub, please report it responsibly. We commit to acknowledging reports within 24 hours and resolving critical issues within 72 hours.
Report a vulnerability