SignWell
Industries
Finance and Banking Real Estate Legal Manufacturing and Supply Chain Healthcare Tech and Saas Insurance Education Human Resources Nonprofits Accounting
API Security
Pricing
SignWell Pricing API Pricing
About Log In

Secure and Compliant Electronic Signatures With SignWell

Documents signed with SignWell are secure and compliant with US and international laws, so you can rest easy.

Trusted by more than 65,000 businesses

eSignature Compliance

SignWell is compliant with the strictest electronic signature laws:

a) EU Electronic Identification and Authentication Services Regulation (910/2014/EC), commonly referred to as eIDAS, which took effect on July 1, 2016, and replaced both the EU Directive on Electronic Signatures 1999/93/EC and other EU member state laws that were inconsistent with eIDAS;

(b) Electronic signatures in the Global and National Commerce Act, which is commonly known as the ESIGN Act of 2000 (US law); and

(c) The Uniform Electronic Transactions Act, also known as the UETA of 1999 (US law).

SOC 2 Type II Compliance

SignWell is SOC 2, Type II (Security, Availability, and Confidentiality) compliant.

What is SOC 2, and why is it important?

Systems and Organizations Controls (SOC) is an audit methodology and reporting framework developed by the American Institute of Certified Public Accountants (AICPA). The requirements for security, availability, and confidentiality are detailed in the Trusted Services Criteria document by AICPA.

To become compliant and achieve certification by an independent, third-party security-specialized CPA company, SignWell’s technical solutions, safeguards, and procedures have been audited.

While security and protecting our customers’ data are always our focus, during the rigorous audit, SignWell has provided evidence of its implemented security solutions and data protection methodology, demonstrating our commitment to providing a reliable and secure electronic signature platform.

Please contact [email protected] to request SignWell's most recent SOC 2 report.

HIPAA Compliance

SignWell is HIPAA compliant.

What is HIPAA, and why is it important?

The Health Insurance Portability and Accountability Act is a US law that sets rules and requirements for the management and protection of health-related personal information, often called personal health information (PHI) or electronic personal health information (ePHI).

SignWell has implemented the safeguards required by the law and has been audited by a third-party, checking our compliance with the requirements, and the effectiveness of the implemented controls and procedures. SignWell has met or exceeded requirements related to HIPAA compliance.

GDPR

SignWell is GDPR compliant.

The General Data Protection Regulation is an EU law that is relevant to everyone living in the EU or managing the data of persons from the EU. The law sets out the principles for companies such as SignWell on how to handle the personal data of users, and it requires the protection of personal data.

SignWell has implemented these requirements and is compliant with all the principles of the GDPR. To learn how we use your data to provide services for you and your rights as an EU user regarding your personal data, please review the details on our privacy page: https://www.SignWell.com/privacy/

NOM-151 Compliance

For businesses operating in Mexico, SignWell supports NOM-151 compliance through our partnership with SeguriData, an accredited Prestador de Servicios de Certificación (PSC).

Every completed document can include a NOM-151 preservation certificate, providing verifiable proof that the file has not been altered after signing. This ensures your agreements are legally admissible under Mexican law.

Network and System Security

The SignWell system is well protected, with best-practice security measures in place. When you are using our services—for example, logging in to the website and accessing documents—the connection between your computer and SignWell servers is encrypted using Transport Layer Security (TLS) Version 1.2.

Your data is also encrypted at rest using the AES-256 encryption standard, which the US government uses to protect confidential information.

We continuously update our servers and systems with the latest security fixes, and their effectiveness is regularly validated. The SignWell network environment is monitored, and each network connection is checked for malicious activities (an intrusion detection system).

Our systems and services are placed in AWS data centers using AWS services. AWS data centers provide high-level security, including remote locations, guards protecting the area and buildings, redundant power supply lines, redundant internet connections, and automated fire suppression systems.

Both AWS data centers and services are certified by independent auditors according to ISO 27001 (information security management system), ISO 27017 (information security management systems in the cloud), ISO 27018 (information privacy in the cloud), SOC 2, and HIPAA requirements, meaning that systems operate on certified secure services.

System Reliability

SignWell runs on AWS services using high-availability and fault-resistant solutions. Our systems run across multiple physical locations (so-called availability zones) simultaneously, ensuring that if one zone's services are interrupted (a highly unlikely event), the other zone continues to operate and provide services.

SignWell has created a disaster recovery plan and a business continuity plan that describe, step by step, how to ensure continuous operation. We regularly test scenarios and continually enhance our methodologies to ensure our services remain available to you. Our operations team regularly monitors services and operational KPIs to ensure the highest possible availability.

Data Protection

SignWell is committed to protecting your data and providing a secure service. Additionally, using high-availability servers and encryption at transit and rest, we restrict the who, how, and when of access to production environments.

Employee background checks are conducted in accordance with local laws. We train all employees on security and privacy principles and how to implement them in our environments.

Access to customer data is limited to employees who need it and only when they need it (for example, for troubleshooting). All access and activity is logged and monitored. User accounts and access levels are reviewed regularly.

All systems in the production environment are configured to provide the highest level of security. To ensure this, we use security checks and automated update tools.

Need help setting up? We’re here to help
We’re available by email, phone, or over a Zoom call to support you whenever you need it.
Reach out to us!