Black Friday Deal - Save 50% on all the plans.
Black Friday Deal - 50% Off

Data Security

BoldSign is hosted on the Google Cloud Platform and Microsoft Azure servers in the US East data center. We use double encryption mechanism to protect your data. The data in a storage is encrypted twice-once at the service level and once at the infrastructure level with the AES 256 standard. This provides the highest level of assurance that your data is safe and secure.

Physical and environmental Security

We do not have any in-house data centers and rely on Microsoft Azure and Google Cloud Platform to manage the physical and environmental security of our servers.
For more details, please refer to the Microsoft and Google data center security policies linked below,

Software Security

Our application runs on the latest stable version of the Microsoft .NET. We reduce the attack surface by isolating our processes with containerized Microservice architecture.
Our application is also automated with a real static analyzer tool and that does extensive computation and ensures the security of our source code.
All our developers are trained to pay specific attention towards security. Our automated and manual code review processes constantly look for any code that could potentially violate security policies.

Payment Security

We process all payments using Stripe, which has been certified as a PCI Level 1 Service Provider. BoldSign does not have access to customers’ credit card data at all.

For more details, please review Security at Stripe | Stripe Documentation.

Third party due diligence

In addition to our regular security reviews, we partner with trusted third-party security companies to perform code reviews and various tests across our product ecosystem.

Attack prevention and mitigation

We process all payments using Stripe, which has been certified as a PCI Level 1 Service Provider. BoldSign does not have access to customers’ credit card data at all.

Penetration testing

BoldSign undergoes regular penetration testing done by our in-house security experts and development team to ensure the highest levels of data security.

Monitoring and alerting

Our application and the underlying infrastructure components are actively monitored 24/7. Our engineers are immediately notified in case of an outage. You can view to our historical product reliability details from the status page.

Legality and Compliance

BoldSign’s eSignatures are legally compliant with U.S. (ESIGN) and international (eIDAS) eSignature laws. We have also ensured compliance with GDPR.

Backups

Our primary database uses a multi-node fault tolerant cluster approach. The database is backed up every hour for the last 30 days. Other databases use a Point in time restore (PITR) backup for anytime in the last 30 days.

Data Availability

Our distributed architecture enables us to continuously maintain the availability of our application, providing 99.9% durability over a year and enabling users to access their data at any time.

Key Application Security Features

Audit logs

Every document is accompanied by an audit log. All actions performed in the document will be logged with the user details along with IP address, and timestamp.

Role-based access control

BoldSign allows you to assign granular access to entities with roles and custom permissions

Single Sign-On (SSO)

Authenticate with and access BoldSign services through an identity provider of your choice using single sign-on.

Data encryption

Authenticate with and access BoldSign services through an identity provider of your choice using single sign-on.

Tamper proofing

The final signed document and audit trail digitally signed with our AATL certificate, to ensure that any further tampering can be easily detected.

Long-Term Validation of Signatures

LTV (Long Term Validation) provides information about the state of the Certificate at the time of signing.
This verification certificate stays in the file itself so that it can still be verified as valid later, even if it has expired, been revoked, or the issuing authority is no longer in operation.
Long-Term validation of signatures is important to ensure compliance with standards like PAdES (PDF Advanced Electronic Signatures).