Skip to content
ZiaSignZiaSign
ZiaSign
  • How it works
  • Free PDF Tools
  • Documentation
  • Pricing

  • Company

    • About
    • Blog
    • Investors
    • Security

    Compare

    • vs DocuSign
    • vs Adobe Sign
    • vs PandaDoc
    • vs iLovePDF
    • vs Smallpdf
    • vs PDF24
    • vs Sejda
    Investor connectLatest blog
  • Free PDF ToolsFree
  • Browse use casesNew
  • How-to guides100+
  • How it works
  • Pricing
  • Documentation

Theme

Light mode

Sign Now
Sign Now
  1. Home
  2. Documentation
  3. Getting Started
  4. Security & Compliance
Getting Started

Security & Compliance

How ZiaSign protects your data: encryption, compliance certifications, infrastructure security, and privacy practices.

Last updated April 10, 2026
Quickstart GuideAccount & Organization SettingsDocument TemplatesSecurity & ComplianceHelp & Support
Sending Documents for SignatureThe Signing ExperienceAudit Trail & Legal ValidityBulk SendPDF ToolsDocument Editor & StudioDocument LibraryAnalytics & Reports
API AuthenticationDocuments APIWebhooksSandbox & TestingEmbedded SigningIntegrations
AI Contract AnalysisAI Smart Workflows
Plans & PricingBilling & InvoicesReferral Program
Mobile App Guide
Changelog & Release Notes

Encryption

In Transit

All data is encrypted in transit using TLS 1.3 with modern cipher suites. We enforce HSTS and certificate pinning.

At Rest

Documents and user data are encrypted at rest using AES-256 encryption. Encryption keys are managed through Azure Key Vault with automatic rotation.

Document-Level Encryption

Each document has its own encryption key, derived from a master key. Even if one key were compromised, it could not decrypt other documents.

Infrastructure Security

ZiaSign is hosted on Microsoft Azure with enterprise-grade security:

  • Network isolation — Services run in private virtual networks
  • DDoS protection — Azure DDoS Protection Standard
  • WAF — Web Application Firewall for API and web traffic
  • Monitoring — 24/7 security monitoring with automated threat detection
  • Backups — Geo-redundant backups with point-in-time recovery

Compliance

StandardStatus
SOC 2 Type II✅ Certified
GDPR✅ Compliant
CCPA✅ Compliant
HIPAA✅ Available on Enterprise plans (BAA provided)
eIDAS✅ Compliant for Advanced Electronic Signatures
ISO 27001🔄 In progress

Access Control

  • Role-based access control (RBAC) for team members
  • SSO/SAML integration for Enterprise accounts (Okta, Azure AD, OneLogin)
  • Multi-factor authentication (MFA) available for all accounts
  • Session management — configurable session timeouts and concurrent session limits

Data Privacy

  • Your documents are never used to train AI models
  • Document content is only accessed for features you explicitly use (e.g., AI analysis)
  • Full data export available via Settings → Data → Export
  • Right to deletion — request complete data deletion via Settings or by contacting support
  • Data Processing Agreement (DPA) available on request for Business and Enterprise plans

Penetration Testing

ZiaSign undergoes annual penetration testing by independent security firms. Enterprise customers can request a summary of findings.

Reporting Vulnerabilities

If you discover a security vulnerability, please report it responsibly:

  • Email: security@ziasign.com
  • We acknowledge reports within 24 hours
  • We aim to resolve critical vulnerabilities within 48 hours
  • We do not pursue legal action against responsible disclosures

Frequently asked questions

Is ZiaSign SOC 2 compliant?

Yes. ZiaSign has completed SOC 2 Type II certification, audited by an independent third party. Contact sales for a copy of the report.

Where is my data stored?

By default, data is stored in Azure data centers in the United States. Enterprise customers can choose EU, Asia-Pacific, or other regional data centers.

Is ZiaSign GDPR compliant?

Yes. ZiaSign is fully GDPR compliant. We act as a data processor for your documents and provide a Data Processing Agreement (DPA) on request.

Related documentation

Audit Trail & Legal Validity

Every document includes a comprehensive audit trail that provides legal evidence of the signing process.

Account & Organization Settings

Manage your account, workspace, team members, sharing policies, and notification preferences.

API Authentication

Authenticate your API requests using API keys with HMAC-SHA256 request signing for maximum security.

Previous

Document Templates

Next

Help & Support

On this page

EncryptionIn TransitAt RestDocument-Level EncryptionInfrastructure SecurityComplianceAccess ControlData PrivacyPenetration TestingReporting Vulnerabilities

Product

  • How it works
  • Pricing
  • About
  • Blog
  • Security

Documentation

  • All Docs
  • Quickstart
  • API Authentication
  • Webhooks
  • Templates
  • Integrations

Free PDF Tools

  • All Tools
  • How-To Guides
  • Use-Case Guides
  • Organize PDFs
  • Convert PDFs
  • Edit PDFs
  • Security
  • Optimize
  • AI Tools

Compare

  • vs DocuSign
  • vs Adobe Sign
  • vs PandaDoc
  • vs iLovePDF
  • vs Smallpdf
  • vs PDF24
  • vs Sejda

Company

  • FAQs
  • Investors
  • Privacy Policy
  • Terms of Services
ZiaSignZiaSign
ZiaSign

AI-native e-signature and document workflows for modern teams.

© 2026 ZiaSign. All rights reserved.